alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge branch 'systemd-update'

Browse source
This commit is contained in:
Eelco Dolstra 2014-04-20 19:31:01 +02:00
parent cb83796abb a0c0dfb647
commit 4e8c2f0ff9
78 changed files with 947 additions and 1242 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/configuration.xml
View file

@ -935,7 +935,7 @@ environment.systemPackages = [ (import ./my-hello.nix) ];
</programlisting>
where <filename>my-hello.nix</filename> contains:
<programlisting>
with &lt;nixpkgs> {}; # bring all of Nixpkgs into scope
with import &lt;nixpkgs> {}; # bring all of Nixpkgs into scope
stdenv.mkDerivation rec {
name = "hello-2.8";

2
nixos/lib/eval-config.nix
View file

@ -58,7 +58,7 @@ rec {
inherit system extraArgs modules prefix;
# For efficiency, leave out most NixOS modules; they don't
# define nixpkgs.config, so it's pointless to evaluate them.
baseModules = [ ../modules/misc/nixpkgs.nix ];
baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ];
pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
check = false;
}).config.nixpkgs;

2
nixos/lib/test-driver/Machine.pm
View file

@ -495,7 +495,7 @@ sub waitForX {
my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub {
retry sub {
my ($status, $out) = $self->execute("journalctl -bu systemd-logind | grep Linked");
my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
return 0 if $status != 0;
($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
return 1 if $status == 0;

2
nixos/modules/config/gnu.nix
View file

@ -36,7 +36,7 @@ with lib;
# GNU lsh.
services.openssh.enable = false;
services.lshd.enable = true;
services.xserver.startOpenSSHAgent = false;
programs.ssh.startAgent = false;
services.xserver.startGnuPGAgent = true;
# TODO: GNU dico.

7
nixos/modules/config/i18n.nix
View file

@ -76,7 +76,12 @@ in
environment.systemPackages = [ glibcLocales ];
environment.variables.LANG = config.i18n.defaultLocale;
environment.variables =
{ LANG = config.i18n.defaultLocale;
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
# /etc/locale.conf is used by systemd.
environment.etc = singleton

21
nixos/modules/config/no-x-libs.nix
View file

@ -1,3 +1,6 @@
# This module gets rid of all dependencies on X11 client libraries
# (including fontconfig).
{ config, lib, pkgs, ... }:
with lib;
@ -8,18 +11,22 @@ with lib;
type = types.bool;
default = false;
description = ''
Switch off the options in the default configuration that require X libraries.
Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts,
fonts.enableFontConfig
Switch off the options in the default configuration that
require X11 libraries. This includes client-side font
configuration and SSH forwarding of X11 authentication
in. Thus, you probably do not want to enable this option if
you want to run X11 programs on this machine via SSH.
'';
};
};
config = mkIf config.environment.noXlibs {
programs.ssh.setXAuthLocation = false;
fonts = {
enableCoreFonts = false;
enableFontConfig = false;
};
security.pam.services.su.forwardXAuth = lib.mkForce false;
fonts.enableFontConfig = false;
nixpkgs.config.packageOverrides = pkgs:
{ dbus = pkgs.dbus.override { useX11 = false; }; };
};
}

6
nixos/modules/config/power-management.nix
View file

@ -65,11 +65,7 @@ in
config = mkIf cfg.enable {
boot.kernelModules =
[ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand"
"cpufreq_conservative"
];
# FIXME: Implement powersave governor for sandy bridge or later Intel CPUs
powerManagement.cpuFreqGovernor = mkDefault "ondemand";
powerManagement.scsiLinkPolicy = mkDefault "min_power";

13
nixos/modules/config/sysctl.nix
View file

@ -45,19 +45,8 @@ in
) config.boot.kernel.sysctl);
systemd.services.systemd-sysctl =
{ description = "Apply Kernel Variables";
before = [ "sysinit.target" "shutdown.target" ];
wantedBy = [ "sysinit.target" "multi-user.target" ];
{ wantedBy = [ "multi-user.target" ];
restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
unitConfig = {
DefaultDependencies = false; # needed to prevent a cycle
ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
};
};
# Enable hardlink and symlink restrictions. See

2
nixos/modules/installer/tools/nixos-rebuild.sh
View file

@ -1,5 +1,7 @@
#! @shell@
if [ -x "@shell@" ]; then export SHELL="@shell@"; fi;
set -e
showSyntax() {

7
nixos/modules/profiles/minimal.nix
View file

@ -1,11 +1,8 @@
# This module defines a small NixOS configuration. It does not
# contain any graphical stuff.
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
# Don't include X libraries.
programs.ssh.setXAuthLocation = false;
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
environment.noXlibs = true;
}

3
nixos/modules/programs/environment.nix
View file

@ -17,8 +17,7 @@ in
config = {
environment.variables =
{ LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
LOCATE_PATH = "/var/cache/locatedb";
{ LOCATE_PATH = "/var/cache/locatedb";
NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
NIX_PATH =
[ "/nix/var/nix/profiles/per-user/root/channels/nixos"

36
nixos/modules/programs/ssh.nix
View file

@ -47,7 +47,20 @@ in
for help.
'';
};
startAgent = mkOption {
type = types.bool;
default = true;
description = ''
Whether to start the OpenSSH agent when you log in. The OpenSSH agent
remembers private keys for you so that you don't have to type in
passphrases every time you make an SSH connection. Use
<command>ssh-add</command> to add a key to the agent.
'';
};
};
};
config = {
@ -71,5 +84,28 @@ in
target = "ssh/ssh_config";
}
];
# FIXME: this should really be socket-activated for über-awesomeness.
systemd.user.services.ssh-agent =
{ enable = cfg.startAgent;
description = "SSH Agent";
wantedBy = [ "default.target" ];
serviceConfig =
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent";
StandardOutput = "null";
Type = "forking";
Restart = "on-failure";
SuccessExitStatus = "0 2";
};
};
environment.extraInit = optionalString cfg.startAgent
''
if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent"
fi
'';
};
}

5
nixos/modules/rename.nix
View file

@ -17,7 +17,7 @@ let
inherit from to;
name = "Obsolete name";
use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
};
# abort if deprecated option is used
@ -25,7 +25,7 @@ let
inherit from to;
name = "Deprecated name";
use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
};
showOption = concatStringsSep ".";
@ -103,6 +103,7 @@ in zipModules ([]
++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]
++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ]
# KDE

4
nixos/modules/security/pam.nix
View file

@ -187,6 +187,8 @@ let
# Session management.
session required pam_unix.so
${optionalString cfg.setLoginUid
"session required pam_loginuid.so"}
${optionalString cfg.updateWtmp
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
${optionalString config.users.ldap.enable
@ -197,8 +199,6 @@ let
"session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.startSession
"session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
${optionalString cfg.setLoginUid
"session required pam_loginuid.so"}
${optionalString cfg.forwardXAuth
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
${optionalString (cfg.limits != [])

3
nixos/modules/security/polkit.nix
View file

@ -63,6 +63,9 @@ in
systemd.packages = [ pkgs.polkit ];
systemd.services.polkit.restartTriggers = [ config.system.path ];
systemd.services.polkit.unitConfig.X-StopIfChanged = false;
# The polkit daemon reads action/rule files
environment.pathsToLink = [ "/share/polkit-1" ];

14
nixos/modules/security/setuid-wrapper.c
View file

@ -30,8 +30,8 @@ int main(int argc, char * * argv)
creating hard link `X' from some other location, along with a
false `X.real' file, to allow arbitrary programs from being
executed setuid. */
assert ((strncmp(self, wrapperDir, sizeof(wrapperDir)) == 0) &&
(self[strlen(wrapperDir)] == '/'));
assert ((strncmp(self, wrapperDir, strlen(wrapperDir)) == 0) &&
(self[strlen(wrapperDir)] == '/'));
/* Make *really* *really* sure that we were executed as `self',
and not, say, as some other setuid program. That is, our
@ -42,12 +42,12 @@ int main(int argc, char * * argv)
assert (lstat(self, &st) != -1);
//printf("%d %d\n", st.st_uid, st.st_gid);
assert ((st.st_mode & S_ISUID) == 0 ||
(st.st_uid == geteuid()));
(st.st_uid == geteuid()));
assert ((st.st_mode & S_ISGID) == 0 ||
st.st_gid == getegid());
st.st_gid == getegid());
/* And, of course, we shouldn't be writable. */
assert (!(st.st_mode & (S_IWGRP | S_IWOTH)));
@ -69,13 +69,13 @@ int main(int argc, char * * argv)
real[len] = 0;
close(fdSelf);
//printf("real = %s, len = %d\n", real, len);
execve(real, argv, environ);
fprintf(stderr, "%s: cannot run `%s': %s\n",
argv[0], real, strerror(errno));
exit(1);
}

10
nixos/modules/security/setuid-wrappers.nix
View file

@ -9,10 +9,11 @@ let
setuidWrapper = pkgs.stdenv.mkDerivation {
name = "setuid-wrapper";
buildCommand = ''
ensureDir $out/bin
mkdir -p $out/bin
cp ${./setuid-wrapper.c} setuid-wrapper.c
gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
strip -s $out/bin/setuid-wrapper
setuid-wrapper.c -o $out/bin/setuid-wrapper
strip -S $out/bin/setuid-wrapper
'';
};
@ -116,8 +117,7 @@ in
# programs to be wrapped.
SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin
if test -d ${wrapperDir}; then rm -f ${wrapperDir}/*; fi # */
mkdir -p ${wrapperDir}
rm -f ${wrapperDir}/* # */
${concatMapStrings makeSetuidWrapper setuidPrograms}
'';

2
nixos/modules/services/databases/postgresql.nix
View file

@ -215,7 +215,7 @@ in
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html
KillSignal = "SIGINT";
KillMode = "process"; # FIXME: this may cause processes to be left behind in the cgroup even after the final SIGKILL
KillMode = "mixed";
# Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT.

13
nixos/modules/services/hardware/80-net-name-slot.rules Normal file
View file

@ -0,0 +1,13 @@
# Copied from systemd 203.
ACTION=="remove", GOTO="net_name_slot_end"
SUBSYSTEM!="net", GOTO="net_name_slot_end"
NAME!="", GOTO="net_name_slot_end"
IMPORT{cmdline}="net.ifnames"
ENV{net.ifnames}=="0", GOTO="net_name_slot_end"
NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
LABEL="net_name_slot_end"

8
nixos/modules/services/hardware/udev.nix
View file

@ -83,8 +83,8 @@ let
grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true
done
${optionalString (!config.networking.usePredictableInterfaceNames) ''
ln -s /dev/null $out/80-net-name-slot.rules
${optionalString config.networking.usePredictableInterfaceNames ''
cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules
''}
# If auto-configuration is disabled, then remove
@ -243,5 +243,9 @@ in
fi
'';
systemd.services.systemd-udevd =
{ environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
};
};
}

2
nixos/modules/services/hardware/udisks2.nix
View file

@ -14,7 +14,7 @@ with lib;
enable = mkOption {
type = types.bool;
default = false;
default = true;
description = ''
Whether to enable Udisks, a DBus service that allows
applications to query and manipulate storage devices.

23
nixos/modules/services/misc/nix-daemon.nix
View file

@ -275,28 +275,18 @@ in
) cfg.buildMachines;
};
systemd.sockets."nix-daemon" =
{ description = "Nix Daemon Socket";
wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ];
unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
};
systemd.packages = [ nix ];
systemd.services."nix-daemon" =
{ description = "Nix Daemon";
systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ]
systemd.services.nix-daemon =
{ path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
serviceConfig =
{ ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon";
KillMode = "process";
Nice = cfg.daemonNiceLevel;
{ Nice = cfg.daemonNiceLevel;
IOSchedulingPriority = cfg.daemonIONiceLevel;
LimitNOFILE = 4096;
};
@ -352,8 +342,7 @@ in
/nix/var/nix/profiles \
/nix/var/nix/db \
/nix/var/log/nix/drvs \
/nix/var/nix/channel-cache \
/nix/var/nix/chroots
/nix/var/nix/channel-cache
mkdir -m 1777 -p \
/nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \

5
nixos/modules/services/networking/dhcpcd.nix
View file

@ -4,7 +4,7 @@ with lib;
let
dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd_without_udev;
dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; };
# Don't start dhcpcd on explicitly configured interfaces or on
# interfaces that are part of a bridge.
@ -80,6 +80,7 @@ in
options = {
networking.dhcpcd.denyInterfaces = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Disable the DHCP client for any interface whose name matches
@ -90,6 +91,7 @@ in
};
networking.dhcpcd.extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Literal string to append to the config file generated for dhcpcd.
@ -107,6 +109,7 @@ in
{ description = "DHCP Client";
wantedBy = [ "network.target" ];
after = [ "systemd-udev-settle.service" ]; # FIXME
# Stopping dhcpcd during a reconfiguration is undesirable
# because it brings down the network interfaces configured by

17
nixos/modules/services/networking/firewall.nix
View file

@ -18,8 +18,6 @@
*/
{ config, lib, pkgs, ... }:
with lib;
@ -266,14 +264,23 @@ in
message = "This kernel does not support disabling conntrack helpers"; }
];
jobs.firewall =
systemd.services.firewall =
{ description = "Firewall";
startOn = "started network-interfaces";
wantedBy = [ "network.target" ];
after = [ "network-interfaces.target" "systemd-modules-load.service" ];
path = [ pkgs.iptables ];
preStart =
# FIXME: this module may also try to load kernel modules, but
# containers don't have CAP_SYS_MODULE. So the host system had
# better have all necessary modules already loaded.
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script =
''
${helpers}

1
nixos/modules/services/networking/ssh/sshd.nix
View file

@ -258,7 +258,6 @@ in
path = [ pkgs.openssh pkgs.gawk ];
environment.LD_LIBRARY_PATH = nssModulesPath;
environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
preStart =
''

20
nixos/modules/services/ttys/agetty.nix
View file

@ -49,22 +49,20 @@ with lib;
config = {
systemd.services."getty@" =
{ baseUnit = pkgs.runCommand "getty.service" {}
''
sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/getty@.service > $out
'';
serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400";
{ serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM";
restartIfChanged = false;
};
systemd.services."serial-getty@" =
{ baseUnit = pkgs.runCommand "serial-getty.service" {}
''
sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/serial-getty@.service > $out
'';
serviceConfig.ExecStart =
{ serviceConfig.ExecStart =
let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed);
in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds}";
in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM";
restartIfChanged = false;
};
systemd.services."container-getty@" =
{ unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits.
serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM";
restartIfChanged = false;
};

11
nixos/modules/services/ttys/gpm.nix
View file

@ -40,12 +40,15 @@ in
config = mkIf cfg.enable {
jobs.gpm =
{ description = "General purpose mouse";
systemd.services.gpm =
{ description = "Console Mouse Daemon";
startOn = "started udev";
wantedBy = [ "multi-user.target" ];
requires = [ "getty.target" ];
exec = "${pkgs.gpm}/sbin/gpm -m /dev/input/mice -t ${cfg.protocol} -D &>/dev/null";
serviceConfig.ExecStart = "@${pkgs.gpm}/sbin/gpm gpm -m /dev/input/mice -t ${cfg.protocol}";
serviceConfig.Type = "forking";
serviceConfig.PIDFile = "/run/gpm.pid";
};
};

2
nixos/modules/services/web-servers/apache-httpd/default.nix
View file

@ -450,7 +450,7 @@ in
extraModules = mkOption {
type = types.listOf types.unspecified;
default = [];
example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${php}/modules/libphp5.so"; } ]'';
example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${pkgs.php}/modules/libphp5.so"; } ]'';
description = ''
Additional Apache modules to be used. These can be
specified as a string in the case of modules distributed

2
nixos/modules/services/x11/desktop-managers/kde4.nix
View file

@ -159,7 +159,7 @@ in
# Enable helpful DBus services.
services.udisks.enable = ! wantsUdisks2;
services.udisks2.enable = wantsUdisks2;
services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable;
security.pam.services.kde = { allowNullPassword = true; };

11
nixos/modules/services/x11/display-managers/default.nix
View file

@ -51,17 +51,6 @@ let
''}
${optionalString cfg.startOpenSSHAgent ''
if test -z "$SSH_AUTH_SOCK"; then
# Restart this script as a child of the SSH agent. (It is
# also possible to start the agent as a child that prints
# the required environment variabled on stdout, but in
# that mode ssh-agent is not terminated when we log out.)
export SSH_ASKPASS=${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass
exec ${pkgs.openssh}/bin/ssh-agent "$0" "$sessionType"
fi
''}
${optionalString cfg.startGnuPGAgent ''
if test -z "$SSH_AUTH_SOCK"; then
# Restart this script as a child of the GnuPG agent.

17
nixos/modules/services/x11/xserver.nix
View file

@ -201,17 +201,6 @@ in
'';
};
startOpenSSHAgent = mkOption {
type = types.bool;
default = true;
description = ''
Whether to start the OpenSSH agent when you log in. The OpenSSH agent
remembers private keys for you so that you don't have to type in
passphrases every time you make an SSH connection. Use
<command>ssh-add</command> to add a key to the agent.
'';
};
startGnuPGAgent = mkOption {
type = types.bool;
default = false;
@ -400,11 +389,11 @@ in
hardware.opengl.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ];
assertions =
[ { assertion = !(cfg.startOpenSSHAgent && cfg.startGnuPGAgent);
[ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
message =
''
The OpenSSH agent and GnuPG agent cannot be started both.
Choose between `startOpenSSHAgent' and `startGnuPGAgent'.
The OpenSSH agent and GnuPG agent cannot be started both. Please
choose between programs.ssh.startAgent and services.xserver.startGnuPGAgent.
'';
}
{ assertion = config.security.polkit.enable;

26
nixos/modules/system/activation/switch-to-configuration.pl
View file

@ -65,12 +65,12 @@ $SIG{PIPE} = "IGNORE";
sub getActiveUnits {
# FIXME: use D-Bus or whatever to query this, since parsing the
# output of list-units is likely to break.
my $lines = `@systemd@/bin/systemctl list-units --full`;
my $lines = `LANG= @systemd@/bin/systemctl list-units --full`;
my $res = {};
foreach my $line (split '\n', $lines) {
chomp $line;
last if $line eq "";
$line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
$line =~ /^\*?\s*(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
next if $1 eq "UNIT";
$res->{$1} = { load => $2, state => $3, substate => $4 };
}
@ -96,18 +96,19 @@ sub parseFstab {
sub parseUnit {
my ($filename) = @_;
parseKeyValues(read_file($filename));
my $info = {};
parseKeyValues($info, read_file($filename));
parseKeyValues($info, read_file("${filename}.d/overrides.conf")) if -f "${filename}.d/overrides.conf";
return $info;
}
sub parseKeyValues {
my @lines = @_;
my $info = {};
my $info = shift;
foreach my $line (@_) {
# FIXME: not quite correct.
$line =~ /^([^=]+)=(.*)$/ or next;
$info->{$1} = $2;
}
return $info;
}
sub boolIsTrue {
@ -115,6 +116,14 @@ sub boolIsTrue {
return $s eq "yes" || $s eq "true";
}
# As a fingerprint for determining whether a unit has changed, we use
# its absolute path. If it has an override file, we append *its*
# absolute path as well.
sub fingerprintUnit {
my ($s) = @_;
return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : "");
}
# Stop all services that no longer exist or have changed in the new
# configuration.
my (@unitsToStop, @unitsToSkip);
@ -166,7 +175,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
}
}
elsif (abs_path($prevUnitFile) ne abs_path($newUnitFile)) {
elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) {
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") {
# Do nothing. These cannot be restarted directly.
} elsif ($unit =~ /\.mount$/) {
@ -354,7 +363,8 @@ while (my ($unit, $state) = each %{$activeNew}) {
elsif ($state->{state} eq "auto-restart") {
# A unit in auto-restart state is a failure *if* it previously failed to start
my $lines = `@systemd@/bin/systemctl show '$unit'`;
my $info = parseKeyValues(split "\n", $lines);
my $info = {};
parseKeyValues($info, split("\n", $lines));
if ($info->{ExecMainStatus} ne '0') {
push @failed, $unit;

1
nixos/modules/system/activation/top-level.nix
View file

@ -68,6 +68,7 @@ let
echo -n "$configurationName" > $out/configuration-name
echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
echo -n "$nixosVersion" > $out/nixos-version
echo -n "$system" > $out/system
mkdir $out/fine-tune
childCount=0

27
nixos/modules/system/boot/kernel.nix
View file

@ -218,37 +218,26 @@ in
# Create /etc/modules-load.d/nixos.conf, which is read by
# systemd-modules-load.service to load required kernel modules.
# FIXME: ensure that systemd-modules-load.service is restarted if
# this file changes.
environment.etc = singleton
{ target = "modules-load.d/nixos.conf";
source = kernelModulesConf;
};
# Sigh. This overrides systemd's systemd-modules-load.service
# just so we can set a restart trigger. Also make
# multi-user.target pull it in so that it gets started if it
# failed earlier.
systemd.services."systemd-modules-load" =
{ description = "Load Kernel Modules";
wantedBy = [ "sysinit.target" "multi-user.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig =
{ DefaultDependencies = false;
ConditionCapability = "CAP_SYS_MODULE";
};
{ wantedBy = [ "multi-user.target" ];
restartTriggers = [ kernelModulesConf ];
environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
serviceConfig =
{ Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-modules-load";
# Ignore failed module loads. Typically some of the
{ # Ignore failed module loads. Typically some of the
# modules in boot.kernelModules are "nice to have but
# not required" (e.g. acpi-cpufreq), so we don't want to
# barf on those.
SuccessExitStatus = "0 1";
};
restartTriggers = [ kernelModulesConf ];
};
systemd.services.kmod-static-nodes =
{ environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
};
lib.kernelConfig = {

2
nixos/modules/system/boot/stage-1-init.sh
View file

@ -139,8 +139,6 @@ mkdir -p /dev/.mdadm
systemd-udevd --daemon
udevadm trigger --action=add
udevadm settle || true
modprobe scsi_wait_scan || true
udevadm settle || true
# Load boot-time keymap before any LVM/LUKS initialization

2
nixos/modules/system/boot/stage-1.nix
View file

@ -74,7 +74,7 @@ let
cp -v ${pkgs.lvm2}/sbin/dmsetup $out/bin/dmsetup
cp -v ${pkgs.lvm2}/sbin/lvm $out/bin/lvm
cp -v ${pkgs.lvm2}/lib/libdevmapper.so.*.* $out/lib
cp -v ${pkgs.systemd}/lib/libsystemd-daemon.so.* $out/lib
cp -v ${pkgs.systemd}/lib/libsystemd.so.* $out/lib
# Add RAID mdadm tool.
cp -v ${pkgs.mdadm}/sbin/mdadm $out/bin/mdadm

30
nixos/modules/system/boot/stage-2-init.sh
View file

@ -82,7 +82,7 @@ done
# More special file systems, initialise required directories.
mkdir -m 0755 /dev/shm
mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" tmpfs /dev/shm
mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" none /dev/shm
mkdir -m 0755 -p /dev/pts
[ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default
mkdir -m 01777 -p /tmp
@ -96,28 +96,14 @@ mkdir -m 0755 -p /etc/nixos
# Miscellaneous boot time cleanup.
rm -rf /var/run /var/lock
rm -f /etc/resolv.conf
touch /etc/resolv.conf
rm -f /etc/{group,passwd,shadow}.lock
if test -n "@cleanTmpDir@"; then
echo -n "cleaning \`/tmp'..."
find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done"
else
# Get rid of ICE locks...
rm -rf /tmp/.ICE-unix
fi
# ... and ensure that it's owned by root.
mkdir -m 1777 /tmp/.ICE-unix
# This is a good time to clean up /nix/var/nix/chroots. Doing an `rm
# -rf' on it isn't safe in general because it can contain bind mounts
# to /nix/store and other places. But after rebooting these are all
# gone, of course.
rm -rf /nix/var/nix/chroots # recreated in activate-configuration.sh
# Also get rid of temporary GC roots.
rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
@ -155,6 +141,20 @@ if test -n "$resumeDevice"; then
fi
# Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.
if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then
cat /etc/resolv.conf | resolvconf -m 1000 -a host
else
touch /etc/resolv.conf
fi
# Create /var/setuid-wrappers as a tmpfs.
rm -rf /var/setuid-wrappers
mkdir -m 0755 -p /var/setuid-wrappers
mount -t tmpfs -o "mode=0755" none /var/setuid-wrappers
# Run the script that performs all configuration activation that does
# not have to be done at boot time.
echo "running activation script..."

3
nixos/modules/system/boot/stage-2.nix
View file

@ -19,11 +19,13 @@ let
isExecutable = true;
inherit (config.boot) devShmSize runSize cleanTmpDir;
inherit (config.nix) readOnlyStore;
inherit (config.networking) useHostResolvConf;
ttyGid = config.ids.gids.tty;
path =
[ pkgs.coreutils
pkgs.utillinux
pkgs.sysvtools
pkgs.openresolv
] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds"
@ -79,6 +81,7 @@ in
'';
};
# FIXME: should replace this with something that uses systemd-tmpfiles.
cleanTmpDir = mkOption {
type = types.bool;
default = false;

61
nixos/modules/system/boot/systemd-unit-options.nix
View file

@ -28,7 +28,7 @@ let
in rec {
unitOptions = {
sharedOptions = {
enable = mkOption {
default = true;
@ -41,12 +41,37 @@ in rec {
'';
};
baseUnit = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to an upstream unit file on which the NixOS unit configuration will be based.";
requiredBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that require (i.e. depend on and need to go down with) this unit.";
};
wantedBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that want (i.e. depend on) this unit.";
};
};
concreteUnitOptions = sharedOptions // {
text = mkOption {
type = types.nullOr types.str;
default = null;
description = "Text of this systemd unit.";
};
unit = mkOption {
internal = true;
description = "The generated unit.";
};
};
commonUnitOptions = sharedOptions // {
description = mkOption {
default = "";
type = types.str;
@ -115,18 +140,6 @@ in rec {
'';
};
requiredBy = mkOption {
default = [];
type = types.listOf types.str;
description = "Units that require (i.e. depend on and need to go down with) this unit.";
};
wantedBy = mkOption {
default = [];
type = types.listOf types.str;
description = "Units that want (i.e. depend on) this unit.";
};
unitConfig = mkOption {
default = {};
example = { RequiresMountsFor = "/data"; };
@ -152,7 +165,7 @@ in rec {
};
serviceOptions = unitOptions // {
serviceOptions = commonUnitOptions // {
environment = mkOption {
default = {};
@ -286,7 +299,7 @@ in rec {
};
socketOptions = unitOptions // {
socketOptions = commonUnitOptions // {
listenStreams = mkOption {
default = [];
@ -313,7 +326,7 @@ in rec {
};
timerOptions = unitOptions // {
timerOptions = commonUnitOptions // {
timerConfig = mkOption {
default = {};
@ -332,7 +345,7 @@ in rec {
};
pathOptions = unitOptions // {
pathOptions = commonUnitOptions // {
pathConfig = mkOption {
default = {};
@ -349,7 +362,7 @@ in rec {
};
mountOptions = unitOptions // {
mountOptions = commonUnitOptions // {
what = mkOption {
example = "/dev/sda1";
@ -393,7 +406,7 @@ in rec {
};
};
automountOptions = unitOptions // {
automountOptions = commonUnitOptions // {
where = mkOption {
example = "/mnt";
@ -417,4 +430,6 @@ in rec {
};
};
targetOptions = commonUnitOptions;
}

280
nixos/modules/system/boot/systemd.nix
View file

@ -24,14 +24,13 @@ let
ln -s /dev/null $out/${name}
'';
upstreamUnits =
upstreamSystemUnits =
[ # Targets.
"basic.target"
"sysinit.target"
"sockets.target"
"graphical.target"
"multi-user.target"
"getty.target"
"network.target"
"network-online.target"
"nss-lookup.target"
@ -41,6 +40,7 @@ let
"sigpwr.target"
"timers.target"
"paths.target"
"rpcbind.target"
# Rescue mode.
"rescue.target"
@ -53,6 +53,13 @@ let
"systemd-udev-settle.service"
"systemd-udev-trigger.service"
# Consoles.
"getty.target"
"getty@.service"
"serial-getty@.service"
"container-getty@.service"
"systemd-vconsole-setup.service"
# Hardware (started by udev when a relevant device is plugged in).
"sound.target"
"bluetooth.target"
@ -65,12 +72,15 @@ let
#"systemd-vconsole-setup.service"
"systemd-user-sessions.service"
"dbus-org.freedesktop.login1.service"
"dbus-org.freedesktop.machine1.service"
"user@.service"
# Journal.
"systemd-journald.socket"
"systemd-journald.service"
"systemd-journal-flush.service"
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
"syslog.socket"
# SysV init compatibility.
@ -78,7 +88,8 @@ let
"systemd-initctl.service"
# Kernel module loading.
#"systemd-modules-load.service"
"systemd-modules-load.service"
"kmod-static-nodes.service"
# Filesystems.
"systemd-fsck@.service"
@ -91,10 +102,16 @@ let
"swap.target"
"dev-hugepages.mount"
"dev-mqueue.mount"
"proc-sys-fs-binfmt_misc.mount"
"sys-fs-fuse-connections.mount"
"sys-kernel-config.mount"
"sys-kernel-debug.mount"
# Maintaining state across reboots.
"systemd-random-seed.service"
"systemd-backlight@.service"
"systemd-rfkill@.service"
# Hibernate / suspend.
"hibernate.target"
"suspend.target"
@ -119,34 +136,57 @@ let
"final.target"
"kexec.target"
"systemd-kexec.service"
"systemd-update-utmp.service"
# Password entry.
"systemd-ask-password-console.path"
"systemd-ask-password-console.service"
"systemd-ask-password-wall.path"
"systemd-ask-password-wall.service"
# Slices / containers.
"slices.target"
"-.slice"
"system.slice"
"user.slice"
"machine.slice"
"systemd-machined.service"
# Temporary file creation / cleanup.
"systemd-tmpfiles-clean.service"
"systemd-tmpfiles-clean.timer"
"systemd-tmpfiles-setup.service"
"systemd-tmpfiles-setup-dev.service"
# Misc.
"systemd-sysctl.service"
]
++ optionals cfg.enableEmergencyMode [
"emergency.target"
"emergency.service"
]
++ optionals config.services.journald.enableHttpGateway [
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
];
upstreamWants =
upstreamSystemWants =
[ #"basic.target.wants"
"sysinit.target.wants"
"sockets.target.wants"
"local-fs.target.wants"
"multi-user.target.wants"
"shutdown.target.wants"
"timers.target.wants"
];
upstreamUserUnits =
[ "basic.target"
"default.target"
"exit.target"
"paths.target"
"shutdown.target"
"sockets.target"
"systemd-exit.service"
"timers.target"
];
makeJobScript = name: text:
let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; };
in "${x}/bin/${name}";
@ -178,7 +218,7 @@ let
serviceConfig = { name, config, ... }: {
config = mkMerge
[ (mkIf (config.baseUnit == null) { # Default path for systemd services. Should be quite minimal.
[ { # Default path for systemd services. Should be quite minimal.
path =
[ pkgs.coreutils
pkgs.findutils
@ -187,7 +227,7 @@ let
systemd
];
environment.PATH = config.path;
})
}
(mkIf (config.preStart != "")
{ serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" ''
#! ${pkgs.stdenv.shell} -e
@ -255,10 +295,7 @@ let
(if isList value then value else [value]))
as));
commonUnitText = def:
optionalString (def.baseUnit != null) ''
.include ${def.baseUnit}
'' + ''
commonUnitText = def: ''
[Unit]
${attrsToSection def.unitConfig}
'';
@ -335,63 +372,91 @@ let
'';
};
units = pkgs.runCommand "units" { preferLocalBuild = true; }
''
generateUnits = type: units: upstreamUnits: upstreamWants:
pkgs.runCommand "${type}-units" { preferLocalBuild = true; } ''
mkdir -p $out
# Copy the upstream systemd units we're interested in.
for i in ${toString upstreamUnits}; do
fn=${systemd}/example/systemd/system/$i
fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
if [ -L $fn ]; then
cp -pd $fn $out/
target="$(readlink "$fn")"
if [ ''${target:0:3} = ../ ]; then
ln -s "$(readlink -f "$fn")" $out/
else
cp -pd $fn $out/
fi
else
ln -s $fn $out/
fi
done
# Copy .wants links, but only those that point to units that
# we're interested in.
for i in ${toString upstreamWants}; do
fn=${systemd}/example/systemd/system/$i
fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi
x=$out/$(basename $fn)
mkdir $x
for i in $fn/*; do
y=$x/$(basename $i)
cp -pd $i $y
if ! [ -e $y ]; then rm -v $y; fi
if ! [ -e $y ]; then rm $y; fi
done
done
for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do
ln -fs $i/* $out/
done
# Symlink all units provided listed in systemd.packages.
for i in ${toString cfg.packages}; do
ln -s $i/etc/systemd/system/* $out/
files=$(echo $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*)
if [ -n "$files" ]; then
ln -s $files $out/
fi
done
# Symlink all units defined by systemd.units. If these are also
# provided by systemd or systemd.packages, then add them as
# <unit-name>.d/overrides.conf, which makes them extend the
# upstream unit.
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
fn=$(basename $i/*)
if [ -e $out/$fn ]; then
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
ln -sfn /dev/null $out/$fn
else
mkdir $out/$fn.d
ln -s $i/$fn $out/$fn.d/overrides.conf
fi
else
ln -fs $i/$fn $out/
fi
done
# Created .wants and .requires symlinks from the wantedBy and
# requiredBy options.
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.wants'
ln -sfn '../${name}' $out/'${name2}.wants'/
'') unit.wantedBy) cfg.units)}
'') unit.wantedBy) units)}
${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: ''
mkdir -p $out/'${name2}.requires'
ln -sfn '../${name}' $out/'${name2}.requires'/
'') unit.requiredBy) cfg.units)}
'') unit.requiredBy) units)}
ln -s ${cfg.defaultUnit} $out/default.target
${optionalString (type == "system") ''
# Stupid misc. symlinks.
ln -s ${cfg.defaultUnit} $out/default.target
ln -s rescue.target $out/kbrequest.target
ln -s rescue.target $out/kbrequest.target
mkdir -p $out/getty.target.wants/
ln -s ../autovt@tty1.service $out/getty.target.wants/
mkdir -p $out/getty.target.wants/
ln -s ../autovt@tty1.service $out/getty.target.wants/
ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \
../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/
${ optionalString config.services.journald.enableHttpGateway ''
ln -s ../systemd-journal-gatewayd.service $out/multi-user-target.wants/
ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \
../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/
''}
''; # */
@ -414,37 +479,7 @@ in
default = {};
type = types.attrsOf types.optionSet;
options = { name, config, ... }:
{ options = {
text = mkOption {
type = types.nullOr types.str;
default = null;
description = "Text of this systemd unit.";
};
enable = mkOption {
default = true;
type = types.bool;
description = ''
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. <literal>serial-getty@ttyS0</literal>)
from being started.
'';
};
requiredBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that require (i.e. depend on and need to go down with) this unit.";
};
wantedBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that want (i.e. depend on) this unit.";
};
unit = mkOption {
internal = true;
description = "The generated unit.";
};
};
{ options = concreteUnitOptions;
config = {
unit = mkDefault (makeUnit name config);
};
@ -460,7 +495,7 @@ in
systemd.targets = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ unitOptions unitConfig ];
options = [ targetOptions unitConfig ];
description = "Definition of systemd target units.";
};
@ -583,7 +618,7 @@ in
default = false;
type = types.bool;
description = ''
Enable journal http gateway
Whether to enable the HTTP gateway to the journal.
'';
};
@ -610,6 +645,41 @@ in
'';
};
systemd.tmpfiles.rules = mkOption {
type = types.listOf types.str;
default = [];
example = [ "d /tmp 1777 root root 10d" ];
description = ''
Rules for creating and cleaning up temporary files
automatically. See
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the exact format. You should not use this option to create
files required by systemd services, since there is no
guarantee that <command>systemd-tmpfiles</command> runs when
the system is reconfigured using
<command>nixos-rebuild</command>.
'';
};
systemd.user.units = mkOption {
description = "Definition of systemd per-user units.";
default = {};
type = types.attrsOf types.optionSet;
options = { name, config, ... }:
{ options = concreteUnitOptions;
config = {
unit = mkDefault (makeUnit name config);
};
};
};
systemd.user.services = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ serviceOptions unitConfig serviceConfig ];
description = "Definition of systemd per-user service units.";
};
};
@ -617,11 +687,20 @@ in
config = {
system.build.units = units;
assertions = mapAttrsToList (name: service: {
assertion = service.serviceConfig.Type or "" == "oneshot" -> service.serviceConfig.Restart or "no" == "no";
message = "${name}: Type=oneshot services must have Restart=no";
}) cfg.services;
system.build.units = cfg.units;
environment.systemPackages = [ systemd ];
environment.etc."systemd/system".source = units;
environment.etc."systemd/system".source =
generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants;
environment.etc."systemd/user".source =
generateUnits "user" cfg.user.units upstreamUserUnits [];
environment.etc."systemd/system.conf".text =
''
@ -685,6 +764,9 @@ in
(v: let n = escapeSystemdPath v.where;
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
systemd.user.units =
mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services;
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [
"CGROUPS" "AUTOFS4_FS" "DEVTMPFS"
];
@ -708,43 +790,25 @@ in
})
(filterAttrs (name: service: service.startAt != "") cfg.services);
# FIXME: These are borrowed from upstream systemd.
systemd.services."systemd-update-utmp" =
{ description = "Update UTMP about System Reboot/Shutdown";
wantedBy = [ "sysinit.target" ];
after = [ "systemd-remount-fs.service" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig = {
DefaultDependencies = false;
RequiresMountsFor = "/var/log";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot";
ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown";
};
restartIfChanged = false;
systemd.sockets.systemd-journal-gatewayd.wantedBy =
optional config.services.journald.enableHttpGateway "sockets.target";
# Provide the systemd-user PAM service, required to run systemd
# user instances.
security.pam.services.systemd-user =
{ # Ensure that pam_systemd gets included. This is special-cased
# in systemd to provide XDG_RUNTIME_DIR.
startSession = true;
};
systemd.services."systemd-random-seed" =
{ description = "Load/Save Random Seed";
wantedBy = [ "sysinit.target" "multi-user.target" ];
after = [ "systemd-remount-fs.service" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig = {
DefaultDependencies = false;
RequiresMountsFor = "/var/lib";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${systemd}/lib/systemd/systemd-random-seed load";
ExecStop = "${systemd}/lib/systemd/systemd-random-seed save";
};
};
environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf";
environment.etc."tmpfiles.d/nixos.conf".text =
''
# This file is created automatically and should not be modified.
# Please change the option systemd.tmpfiles.rules instead.
${concatStringsSep "\n" cfg.tmpfiles.rules}
'';
};
}

2
nixos/modules/system/upstart/upstart.nix
View file

@ -93,7 +93,7 @@ let
if job.daemonType == "fork" || job.daemonType == "daemon" then { Type = "forking"; GuessMainPID = true; } else
if job.daemonType == "none" then { } else
throw "invalid daemon type `${job.daemonType}'")
// optionalAttrs (!job.task && job.respawn)
// optionalAttrs (!job.task && !(job.script == "" && job.exec == "") && job.respawn)
{ Restart = "always"; }
// optionalAttrs job.task
{ Type = "oneshot"; RemainAfterExit = false; };

46
nixos/modules/tasks/cpu-freq.nix
View file

@ -2,6 +2,11 @@
with lib;
let
cpupower = config.boot.kernelPackages.cpupower;
cfg = config.powerManagement;
in
{
###### interface
@ -23,31 +28,28 @@ with lib;
###### implementation
config = mkIf (config.powerManagement.cpuFreqGovernor != null) {
config = mkIf (!config.boot.isContainer && config.powerManagement.cpuFreqGovernor != null) {
environment.systemPackages = [ pkgs.cpufrequtils ];
boot.kernelModules = [ "acpi-cpufreq" "speedstep-lib" "pcc-cpufreq"
"cpufreq_${cfg.cpuFreqGovernor}"
];
jobs.cpufreq =
{ description = "CPU Frequency Governor Setup";
environment.systemPackages = [ cpupower ];
after = [ "systemd-modules-load.service" ];
wantedBy = [ "multi-user.target" ];
unitConfig.ConditionPathIsReadWrite = "/sys/devices/";
path = [ pkgs.cpufrequtils ];
preStart = ''
for i in $(seq 0 $(($(nproc) - 1))); do
for gov in $(cpufreq-info -c $i -g); do
if [ "$gov" = ${config.powerManagement.cpuFreqGovernor} ]; then
echo "<6>setting governor on CPU $i to $gov"
cpufreq-set -c $i -g $gov
fi
done
done
'';
systemd.services.cpufreq = {
description = "CPU Frequency Governor Setup";
after = [ "systemd-modules-load.service" ];
wantedBy = [ "multi-user.target" ];
path = [ cpupower ];
script = ''
cpupower frequency-set -g ${cfg.cpuFreqGovernor}
'';
unitConfig.ConditionVirtualization = false;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
};
};
};
}

14
nixos/modules/tasks/kbd.nix
View file

@ -52,19 +52,7 @@ in
# /dev/tty0 to prevent putting the X server in non-raw mode, and
# it has a restart trigger.
systemd.services."systemd-vconsole-setup" =
{ description = "Setup Virtual Console";
wantedBy = [ "sysinit.target" "multi-user.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig =
{ DefaultDependencies = "no";
ConditionPathExists = "/dev/tty1";
};
serviceConfig =
{ Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-vconsole-setup /dev/tty1";
};
{ wantedBy = [ "multi-user.target" ];
restartTriggers = [ vconsoleConf ];
};

6
nixos/modules/tasks/lvm.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
with lib;
{
###### implementation
config = {
config = mkIf (!config.boot.isContainer) {
environment.systemPackages = [ pkgs.lvm2 ];

9
nixos/modules/tasks/network-interfaces.nix
View file

@ -191,6 +191,15 @@ in
'';
};
networking.useHostResolvConf = mkOption {
type = types.bool;
default = false;
description = ''
In containers, whether to use the
<filename>resolv.conf</filename> supplied by the host.
'';
};
networking.localCommands = mkOption {
default = "";
example = "text=anything; echo You can put $text here.";

2
nixos/modules/testing/test-instrumentation.nix
View file

@ -86,6 +86,8 @@ let kernel = config.boot.kernelPackages.kernel; in
(isEnabled "VIRTIO_CONSOLE")
];
networking.usePredictableInterfaceNames = false;
};
}

36
nixos/modules/virtualisation/container-config.nix
View file

@ -6,34 +6,18 @@ with lib;
config = mkIf config.boot.isContainer {
# Provide a login prompt on /var/lib/login.socket. On the host,
# you can connect to it by running socat
# unix:<path-to-container>/var/lib/login.socket -,echo=0,raw.
systemd.sockets.login =
{ description = "Login Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/login.socket";
SocketMode = "0666";
Accept = true;
};
};
# Disable some features that are not useful in a container.
sound.enable = mkDefault false;
services.udisks2.enable = mkDefault false;
systemd.services."login@" =
{ description = "Login %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
ExecStart = "${pkgs.socat}/bin/socat -t0 - exec:${pkgs.shadow}/bin/login,pty,setsid,setpgid,stderr,ctty";
TimeoutStopSec = 1; # FIXME
};
restartIfChanged = false;
};
networking.useHostResolvConf = true;
# Also provide a root login prompt on /var/lib/root-login.socket
# that doesn't ask for a password. This socket can only be used by
# root on the host.
# Shut up warnings about not having a boot loader.
system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
# Provide a root login prompt on /var/lib/root-login.socket that
# doesn't ask for a password. This socket can only be used by root
# on the host.
systemd.sockets.root-login =
{ description = "Root Login Socket";
wantedBy = [ "sockets.target" ];

28
nixos/modules/virtualisation/containers.nix
View file

@ -176,7 +176,6 @@ in
"/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE"
SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf"
fi
@ -212,14 +211,22 @@ in
extraFlags="--capability=CAP_NET_ADMIN"
fi
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
''}
exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \
-M "$INSTANCE" -D "/var/lib/containers/$INSTANCE" $extraFlags \
-M "$INSTANCE" -D "$root" $extraFlags \
--bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
"$SYSTEM_PATH/init"
"''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
'';
postStart =
@ -233,20 +240,7 @@ in
preStop =
''
pid="$(cat /sys/fs/cgroup/systemd/machine/$INSTANCE.nspawn/system/tasks 2> /dev/null)"
if [ -n "$pid" ]; then
# Send the RTMIN+3 signal, which causes the container
# systemd to start halt.target.
echo "killing container systemd, PID = $pid"
kill -RTMIN+3 $pid
# Wait for the container to exit. We can't let systemd
# do this because it will send a signal to the entire
# cgroup.
for ((n = 0; n < 180; n++)); do
if ! kill -0 $pid 2> /dev/null; then break; fi
sleep 1
done
fi
machinectl poweroff "$INSTANCE"
'';
restartIfChanged = false;

2
nixos/modules/virtualisation/nixos-container.pl
View file

@ -203,7 +203,7 @@ elsif ($action eq "update") {
}
elsif ($action eq "login") {
exec($socat, "unix:$root/var/lib/login.socket", "-,echo=0,raw");
exec("machinectl", "login", "--", $containerName);
}
elsif ($action eq "root-login") {

5
nixos/modules/virtualisation/qemu-vm.nix
View file

@ -399,6 +399,11 @@ in
# Wireless won't work in the VM.
networking.wireless.enable = mkVMOverride false;
# Speed up booting by not waiting for ARP.
networking.dhcpcd.extraConfig = "noarp";
networking.usePredictableInterfaceNames = false;
system.requiredKernelConfig = with config.lib.kernelConfig;
[ (isEnabled "VIRTIO_BLK")
(isEnabled "VIRTIO_PCI")

1
nixos/release-combined.nix
View file

@ -61,6 +61,7 @@ in rec {
(all nixos.tests.printing)
(all nixos.tests.proxy)
(all nixos.tests.udisks)
(all nixos.tests.udisks2)
(all nixos.tests.xfce)
nixpkgs.tarball

1
nixos/release.nix
View file

@ -245,6 +245,7 @@ in rec {
tests.simple = callTest tests/simple.nix {};
tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks = callTest tests/udisks.nix {};
tests.udisks2 = callTest tests/udisks2.nix {};
tests.xfce = callTest tests/xfce.nix {};
}

4
nixos/tests/containers.nix
View file

@ -25,7 +25,7 @@ import ./make-test.nix {
testScript =
''
$machine->succeed("nixos-container list") =~ /webserver/;
$machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container.
$machine->succeed("nixos-container start webserver");
@ -65,7 +65,7 @@ import ./make-test.nix {
$machine->succeed("nixos-container start $id1");
# Execute commands via the root shell.
$machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/;
$machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die;
$machine->succeed("nixos-container set-root-password $id1 foobar");
# Destroy the containers.

5
nixos/tests/login.nix
View file

@ -9,7 +9,8 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
testScript =
''
$machine->waitForUnit("default.target");
$machine->waitForUnit('multi-user.target');
$machine->waitUntilSucceeds("pgrep -f 'agetty.*tty1'");
$machine->screenshot("postboot");
subtest "create user", sub {
@ -19,9 +20,11 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
# Check whether switching VTs works.
subtest "virtual console switching", sub {
$machine->fail("pgrep -f 'agetty.*tty2'");
$machine->sendKeys("alt-f2");
$machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]");
$machine->waitForUnit('getty@tty2.service');
$machine->waitUntilSucceeds("pgrep -f 'agetty.*tty2'");
};
# Log in as alice on a virtual console.

17
nixos/tests/misc.nix
View file

@ -8,6 +8,7 @@ import ./make-test.nix {
[ { device = "/root/swapfile"; size = 128; } ];
environment.variables.EDITOR = pkgs.lib.mkOverride 0 "emacs";
services.nixosManual.enable = pkgs.lib.mkOverride 0 true;
systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
};
testScript =
@ -63,6 +64,22 @@ import ./make-test.nix {
$machine->succeed('[ "`hostname`" = machine ]');
$machine->succeed('[ "`hostname -s`" = machine ]');
};
# Test whether systemd-udevd automatically loads modules for our hardware.
subtest "udev-auto-load", sub {
$machine->waitForUnit('systemd-udev-settle.service');
$machine->succeed('lsmod | grep psmouse');
};
# Test whether systemd-tmpfiles-clean works.
subtest "tmpfiles", sub {
$machine->succeed('touch /tmp/foo');
$machine->succeed('systemctl start systemd-tmpfiles-clean');
$machine->succeed('[ -e /tmp/foo ]');
$machine->succeed('date -s "@$(($(date +%s) + 1000000))"'); # move into the future
$machine->succeed('systemctl start systemd-tmpfiles-clean');
$machine->fail('[ -e /tmp/foo ]');
};
'';
}

2
nixos/tests/printing.nix
View file

@ -31,7 +31,9 @@ import ./make-test.nix ({pkgs, ... }: {
# Make sure that cups is up on both sides.
$server->waitForUnit("cupsd.service");
$server->waitForUnit("network.target");
$client->waitForUnit("cupsd.service");
$client->waitForUnit("network.target");
$client->succeed("lpstat -r") =~ /scheduler is running/ or die;
$client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die;
$client->succeed("curl --fail http://localhost:631/");

2
nixos/tests/udisks.nix
View file

@ -40,7 +40,7 @@ in
# Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'");
$machine->succeed("su - alice -c 'udisks --mount /dev/sda1'");
$machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/;
$machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/ or die;
$machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear.

56
nixos/tests/udisks2.nix Normal file
View file

@ -0,0 +1,56 @@
import ./make-test.nix ({ pkgs, ... }:
let
stick = pkgs.fetchurl {
url = http://nixos.org/~eelco/nix/udisks-test.img.xz;
sha256 = "0was1xgjkjad91nipzclaz5biv3m4b2nk029ga6nk7iklwi19l8b";
};
in
{
machine =
{ config, pkgs, ... }:
{ services.udisks2.enable = true;
imports = [ ./common/user-account.nix ];
security.polkit.extraConfig =
''
polkit.addRule(function(action, subject) {
if (subject.user == "alice") return "yes";
});
'';
};
testScript =
''
my $stick = $machine->stateDir . "/usbstick.img";
system("xz -d < ${stick} > $stick") == 0 or die;
$machine->succeed("udisksctl info -b /dev/vda >&2");
$machine->fail("udisksctl info -b /dev/sda1");
# Attach a USB stick and wait for it to show up.
$machine->sendMonitorCommand("usb_add disk:$stick");
$machine->waitUntilSucceeds("udisksctl info -b /dev/sda1");
$machine->succeed("udisksctl info -b /dev/sda1 | grep 'IdLabel:.*USBSTICK'");
# Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisksctl info -b /dev/sda1'");
$machine->succeed("su - alice -c 'udisksctl mount -b /dev/sda1'");
$machine->succeed("su - alice -c 'cat /run/media/alice/USBSTICK/test.txt'") =~ /Hello World/ or die;
$machine->succeed("su - alice -c 'echo foo > /run/media/alice/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear.
$machine->succeed("su - alice -c 'udisksctl unmount -b /dev/sda1'");
$machine->fail("[ -d /run/media/alice/USBSTICK ]");
# Remove the USB stick.
$machine->sendMonitorCommand("usb_del 0.3"); # FIXME
$machine->waitUntilFails("udisksctl info -b /dev/sda1");
$machine->fail("[ -e /dev/sda ]");
'';
})

23
pkgs/development/libraries/dbus/default.nix
View file

@ -67,14 +67,12 @@ let
} merge ]);
libs = dbus_drv "libs" "dbus" ({
libs = dbus_drv "libs" "dbus" {
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
NIX_CFLAGS_COMPILE = "-DDBUS_ENABLE_X11_AUTOLAUNCH=1";
} // stdenv.lib.optionalAttrs (systemdOrEmpty != []) {
buildInputs = [ systemd.headers ];
patches = [ ./systemd.patch ]; # bypass systemd detection
});
buildInputs = [ systemdOrEmpty ];
};
attrs = rec {
@ -83,14 +81,13 @@ let
# This package has been split because most applications only need dbus.lib
# which serves as an interface to a *system-wide* daemon,
# see e.g. http://en.wikipedia.org/wiki/D-Bus#Architecture .
# Also some circular dependencies get split by this (like with systemd).
inherit libs;
tools = dbus_drv "tools" "tools" {
configureFlags = [ "--with-dbus-daemondir=${daemon}/bin" ];
buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon dbus_glib ];
NIX_CFLAGS_LINK =
buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon ];
NIX_CFLAGS_LINK =
stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
+ "-ldbus-1";
@ -102,16 +99,6 @@ let
buildInputs = systemdOrEmpty;
};
# Some of the tests don't work yet; in fact, @vcunat tried several packages
# containing dbus testing, and all of them have some test failure.
tests = dbus_drv "tests" "test" {
preBuild = makeInternalLib;
buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs tools daemon dbus_glib python ];
NIX_CFLAGS_LINK =
stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
+ "-ldbus-1";
};
docs = dbus_drv "docs" "doc" {
postInstall = ''rm -r "$out/lib"'';
};

42
pkgs/os-specific/linux/cpupower/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ stdenv, fetchurl, kernel, coreutils, pciutils, gettext }:
stdenv.mkDerivation {
name = "cpupower-${kernel.version}";
src = kernel.src;
buildInputs = [ coreutils pciutils gettext ];
configurePhase = ''
cd tools/power/cpupower
sed -i 's,/bin/true,${coreutils}/bin/true,' Makefile
sed -i 's,/bin/pwd,${coreutils}/bin/pwd,' Makefile
sed -i 's,/usr/bin/install,${coreutils}/bin/install,' Makefile
'';
buildPhase = ''
make
'';
installPhase = ''
make \
bindir="$out/bin" \
sbindir="$out/sbin" \
mandir="$out/share/man" \
includedir="$out/include" \
libdir="$out/lib" \
localedir="$out/share/locale" \
docdir="$out/share/doc/cpupower" \
confdir="$out/etc" \
install install-man
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "Tool to examine and tune power saving features.";
homepage = https://www.kernel.org.org/;
license = licenses.gpl2;
platforms = platforms.linux;
};
}

37
pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
View file

@ -6,26 +6,27 @@
{ stdenv, fetchurl, dpkg }:
let
version = "0.40";
version = "0.41";
packages = [
{ name = "adi"; sha256 = "0wwks9ff4n772435s57z1fjrffi4xl9nxnfn3v7xfcwdjb395d88"; }
{ name = "atheros"; sha256 = "1gj7hfnyclzgyq06scynaclnfajhs6lw5i51j1w1hikv4yh20djz"; }
{ name = "bnx2"; sha256 = "15qjj0sfjin5cbkpby29r5czn11xyiyyc4fmhwlqvgfgrnbp0aqk"; }
{ name = "bnx2x"; sha256 = "08nvbln94ff47b2q0avxj1aa2wx4qih8sq8knbq54lp46kjf3k0h"; }
{ name = "brcm80211"; sha256 = "1ndsw3s6xkr1n39nf9ig1xhnaglx5qvvvm8rh6ah41v644lzha79"; }
{ name = "intelwimax"; sha256 = "1qwxmykh90v92asn4ivq0fak761hs7hd2zmz1dpkjidwsycrfyqn"; }
{ name = "ipw2x00"; sha256 = "0a2nb17b5n3k1b6y4dbi5i8k1fm19ba2abq2jh2hjjmyyl3y388m"; }
{ name = "ivtv"; sha256 = "1239gsjq16f4kd1yn77iq3ar8ndx3pzd16kpqafr1h2y0zwh452r"; }
{ name = "iwlwifi"; sha256 = "03kmh5szd02pkbm1nlyz99fr2njhg88wiv73f1fz485m9rvgga43"; }
{ name = "libertas"; sha256 = "0qjziwmwqbp83hxrjw7x3ralxg4ib9y23bcbn1g8yb5b6m84ca6b"; }
{ name = "linux"; sha256 = "0ypidsrrfx4kvbfisdpgx2fzbil7g2jixgqhnv960iy5l348amrl"; }
{ name = "linux-nonfree"; sha256 = "0p9ql3cdxljflh48r6z40kpyisbzp3s3g1qjb9f64n6cppllwjfr"; }
{ name = "myricom"; sha256 = "12spfaq7z2bb93cy15zldlic1wx2v6h9sn7ny09nkzy4m26zds4q"; }
{ name = "netxen"; sha256 = "03gmda16bdqw8a4x8x11ph41ksjh48hxydv0f0z3gi3czgbh7sn3"; }
{ name = "qlogic"; sha256 = "1ah8rrwzi44p1l4q8qkql18djmn5kihsiinpy204xklm1csf3vs1"; }
{ name = "ralink"; sha256 = "005549jk0wnyfnb247awv2wncsx5is05m1hdwcd33iq0dlbmm39b"; }
{ name = "realtek"; sha256 = "1ai1klzrql8qxmb7945xiqlkfkyz8admrpb10b3r4ixvclkrvfi2"; }
{ name = "adi"; sha256 = "19dm96djp34g6l84g9shwbmqbmfd15c24frcy1zh5nz8x12phgm4"; }
{ name = "atheros"; sha256 = "0vrdyxiq7nx89h6ykdrs8s3l9frn3hmcfb9vsz68i12975y8ib5n"; }
{ name = "bnx2"; sha256 = "12l3l54q69n1ky8lp7bmzscfqysabjrgmswwj57ryc6l82s7081y"; }
{ name = "bnx2x"; sha256 = "10m9p479dq2ylpj5mw6d5vyfh9hybmh5xgs5sxma065v7r3c3v31"; }
{ name = "brcm80211"; sha256 = "0l2lg5pshb1kb829hfq9w791scwa8biikrfzsx9wvlvkyxfdh187"; }
{ name = "intelwimax"; sha256 = "13jqm8ik0mm8vnsskbbp63idpjqazzp2x4gaq7786jg5yj3zh1cf"; }
{ name = "ipw2x00"; sha256 = "1hvxrzqbc75phxdbmqfh7ky36m0qna2pncwxpfdircy9i6fx7ipy"; }
{ name = "ivtv"; sha256 = "0ckw1ynzfqnkwlmwpzfbdfx4s6bsl4nwp097g8khaavqxk94n88v"; }
{ name = "iwlwifi"; sha256 = "1djazi2qsi5z6q0izirprxgfpg8vh55skab2nijyfl66drlcha72"; }
{ name = "libertas"; sha256 = "1yj9dd9pwd98gknx5mvblfcbr6k347xzi8l6bk0pr4570j8ss8y3"; }
{ name = "linux"; sha256 = "0vc4cbrq73y5hibx5k3gbfqaqxvaa3g8rv9kzwks2zl3hdxm6xaq"; }
{ name = "linux-nonfree"; sha256 = "05vv8yq7kix5cw9s4agz4vgya6i3ff88jp3rxln1ssznhvzrjzx9"; }
{ name = "myricom"; sha256 = "1idfvdfw7z4jbbjyq40hd2bpllvw7jz0ah7k3iwljxp8l2lf2nmf"; }
{ name = "netxen"; sha256 = "0fdgllv8i7j9qbk5hi14zvw6fcn4nd1isr1486d8fv7nf2bf1mxx"; }
{ name = "qlogic"; sha256 = "12w1qnqhs24am2psdfmv0ligczzxh9crllmp7r4y3vqghyvwax7i"; }
{ name = "ralink"; sha256 = "1ryplg9shi7nam79zd86z7a0qzp0f9m7q89nq989z57qiysbrra4"; }
{ name = "realtek"; sha256 = "1l867724qrw7nwksdv4k0hkz7nrjjs9vq2s3937wyaa0r2r66mg6"; }
{ name = "ti-connectivity"; sha256 = "00cl9gyxa7795a57zwcvl26kxfl4qzppi4z8ksg5friv3db8sm1p"; }
];
fetchPackage =

38
pkgs/os-specific/linux/kernel-headers/2.6.28.nix → pkgs/os-specific/linux/kernel-headers/3.14.nix
View file

@ -1,46 +1,50 @@
{stdenv, fetchurl, perl, cross ? null}:
{ stdenv, fetchurl, perl, cross ? null }:
assert cross == null -> stdenv.isLinux;
let version = "2.6.28.5"; in
let
version = "3.14.1";
kernelHeadersBaseConfig =
if cross == null
then stdenv.platform.kernelHeadersBaseConfig
else cross.platform.kernelHeadersBaseConfig;
in
stdenv.mkDerivation {
name = "linux-headers-${version}";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v2.6/linux-${version}.tar.bz2";
sha256 = "0hifjh75sinifr5138v22zwbpqln6lhn65k8b57a1dyzlqca7cl9";
url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
sha256 = "1njm8gvlj7cq0m1051yxszl4f63383a7sv1na13hkqkv36kipgqx";
};
targetConfig = if cross != null then cross.config else null;
platform =
if cross != null then cross.arch else
if cross != null then cross.platform.kernelArch else
if stdenv.system == "i686-linux" then "i386" else
if stdenv.system == "x86_64-linux" then "x86_64" else
if stdenv.system == "powerpc-linux" then "powerpc" else
if stdenv.isArm then "arm" else
if stdenv.system == "mips64el-linux" then "mips" else
if stdenv.platform ? kernelArch then stdenv.platform.kernelArch else
abort "don't know what the kernel include directory is called for this platform";
buildInputs = [perl];
extraIncludeDirs =
if cross != null then
(if cross.arch == "powerpc" then ["ppc"] else [])
(if cross.arch == "powerpc" then ["ppc"] else [])
else if stdenv.system == "powerpc-linux" then ["ppc"] else [];
patchPhase = ''
patch --verbose -p1 < "${./unifdef-getline.patch}"
sed -i '/scsi/d' include/Kbuild
sed -i 's|/ %/: prepare scripts FORCE|%/: prepare scripts FORCE|' Makefile
'';
buildPhase = ''
if test -n "$targetConfig"; then
export ARCH=$platform
fi
make mrproper headers_check
make ${kernelHeadersBaseConfig} SHELL=bash
make mrproper headers_check SHELL=bash
'';
installPhase = ''
@ -58,4 +62,10 @@ stdenv.mkDerivation {
ln -s asm $out/include/asm-x86
fi
'';
meta = with stdenv.lib; {
description = "Header files and scripts for Linux kernel";
license = licenses.gpl2;
platforms = platforms.linux;
};
}

1
pkgs/os-specific/linux/kernel/common-config.nix
View file

@ -114,6 +114,7 @@ with stdenv.lib;
VGA_SWITCHEROO y
# Sound.
SND_DYNAMIC_MINORS y
SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode
SND_HDA_INPUT_BEEP y # Support digital beep via input layer
SND_USB_CAIAQ_INPUT y

4
pkgs/os-specific/linux/kmod/default.nix
View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, xz, zlib, pkgconfig, libxslt }:
stdenv.mkDerivation rec {
name = "kmod-16";
name = "kmod-17";
src = fetchurl {
url = "mirror://kernel/linux/utils/kernel/kmod/${name}.tar.xz";
sha256 = "63412efab37c70459ccef167556965c93fd4f56af5986cd3750542a684c613c5";
sha256 = "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv";
};
# Disable xz/zlib support to prevent needing them in the initrd.

46
pkgs/os-specific/linux/kmod/module-dir.patch
View file

@ -1,7 +1,7 @@
diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
--- kmod-7-orig/libkmod/libkmod.c 2012-03-15 08:19:16.750010226 -0400
+++ kmod-7/libkmod/libkmod.c 2012-04-04 15:21:29.532074313 -0400
@@ -200,7 +200,7 @@
diff -ru -x '*~' kmod-17-orig/libkmod/libkmod.c kmod-17/libkmod/libkmod.c
--- kmod-17-orig/libkmod/libkmod.c 2014-04-01 12:40:37.161940089 +0200
+++ kmod-17/libkmod/libkmod.c 2014-04-17 13:47:15.871441987 +0200
@@ -201,7 +201,7 @@
static char *get_kernel_release(const char *dirname)
{
struct utsname u;
@ -10,7 +10,7 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
if (dirname != NULL)
return path_make_absolute_cwd(dirname);
@@ -208,7 +208,10 @@
@@ -209,7 +209,10 @@
if (uname(&u) < 0)
return NULL;
@ -22,3 +22,39 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
return NULL;
return p;
diff -ru -x '*~' kmod-17-orig/tools/static-nodes.c kmod-17/tools/static-nodes.c
--- kmod-17-orig/tools/static-nodes.c 2013-12-17 22:05:42.159047316 +0100
+++ kmod-17/tools/static-nodes.c 2014-04-17 13:51:17.945974320 +0200
@@ -159,6 +159,7 @@
FILE *in = NULL, *out = NULL;
const struct static_nodes_format *format = &static_nodes_format_human;
int r, ret = EXIT_SUCCESS;
+ char *dirname_prefix;
for (;;) {
int c, idx = 0, valid;
@@ -211,16 +212,19 @@
goto finish;
}
- snprintf(modules, sizeof(modules), "/lib/modules/%s/modules.devname", kernel.release);
+ if ((dirname_prefix = getenv("MODULE_DIR")) == NULL)
+ dirname_prefix = "/lib/modules";
+
+ snprintf(modules, sizeof(modules), "%s/%s/modules.devname", dirname_prefix, kernel.release);
in = fopen(modules, "re");
if (in == NULL) {
if (errno == ENOENT) {
- fprintf(stderr, "Warning: /lib/modules/%s/modules.devname not found - ignoring\n",
- kernel.release);
+ fprintf(stderr, "Warning: %s/%s/modules.devname not found - ignoring\n",
+ dirname_prefix, kernel.release);
ret = EXIT_SUCCESS;
} else {
- fprintf(stderr, "Error: could not open /lib/modules/%s/modules.devname - %m\n",
- kernel.release);
+ fprintf(stderr, "Error: could not open %s/%s/modules.devname - %m\n",
+ dirname_prefix, kernel.release);
ret = EXIT_FAILURE;
}
goto finish;

6
pkgs/os-specific/linux/lvm2/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils }:
let
v = "2.02.104";
v = "2.02.106";
in
stdenv.mkDerivation {
@ -9,7 +9,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${v}.tgz";
sha256 = "1xa7hvp8bsx96nncgksxrqxaqcgipfmmpr8aysayb8aisyjvas0d";
sha256 = "0nr833bl0q4zq52drjxmmpf7bs6kqxwa5kahwwxm9411khkxz0vc";
};
configureFlags =
@ -29,6 +29,8 @@ stdenv.mkDerivation {
sed -i /DEFAULT_PROFILE_DIR/d conf/Makefile.in
'';
enableParallelBuilding = true;
#patches = [ ./purity.patch ];
# To prevent make install from failing.

6
pkgs/os-specific/linux/nvidia-x11/default.nix
View file

@ -12,7 +12,7 @@ assert (!libsOnly) -> kernel != null;
let
versionNumber = "331.49";
versionNumber = "331.67";
in
@ -27,12 +27,12 @@ stdenv.mkDerivation {
if stdenv.system == "i686-linux" then
fetchurl {
url = "http://us.download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run";
sha256 = "00d7bq8cfxk52qd4y226fz8m9m3mjq45fbgr3q7k08jyy9qmswmn";
sha256 = "1imc66yxnm01i58xwqrwqc612h0rhdz8x170hqr2pjyk99bllsv9";
}
else if stdenv.system == "x86_64-linux" then
fetchurl {
url = "http://us.download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-no-compat32.run";
sha256 = "0q3lvl1lypi33i847nqz4k3161ackh2n9kgyjn6v2c480f405hfk";
sha256 = "0qxd4jd25ymcr6w97f71kfn549x6wgg4g3vixd3sqlczknn85f47";
}
else throw "nvidia-x11 does not support platform ${stdenv.system}";

6
pkgs/os-specific/linux/pam/default.nix
View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, flex, cracklib }:
stdenv.mkDerivation rec {
name = "linux-pam-1.1.6";
name = "linux-pam-1.1.8";
src = fetchurl {
url = https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.6.tar.bz2;
sha256 = "1hlz2kqvbjisvwyicdincq7nz897b9rrafyzccwzqiqg53b8gf5s";
url = http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.bz2;
sha256 = "0m8ygb40l1c13nsd4hkj1yh4p1ldawhhg8pyjqj9w5kd4cxg5cf4";
};
nativeBuildInputs = [ flex ];

51
pkgs/os-specific/linux/systemd/default.nix
View file

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod
, xz, pam, acl, cryptsetup, libuuid, m4, utillinux
, glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl
, kexectools, libmicrohttpd
, kexectools, libmicrohttpd, linuxHeaders
, python ? null, pythonSupport ? false
}:
@ -10,26 +10,24 @@ assert stdenv.isLinux;
assert pythonSupport -> python != null;
stdenv.mkDerivation rec {
version = "203";
version = "212";
name = "systemd-${version}";
src = fetchurl {
url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz";
sha256 = "07gvn3rpski8sh1nz16npjf2bvj0spsjdwc5px9685g2pi6kxcb1";
sha256 = "1hpjcc42svrs06q3isjm3m5aphgkpfdylmvpnif71zh46ys0cab5";
};
patches =
[ # These are all changes between upstream and
# https://github.com/edolstra/systemd/tree/nixos-v203.
# https://github.com/edolstra/systemd/tree/nixos-v212.
./fixes.patch
./fix_console_in_containers.patch
]
++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
];
buildInputs =
[ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl
[ pkgconfig intltool gperf libcap kmod xz pam acl
/* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl
libmicrohttpd
libmicrohttpd linuxHeaders
] ++ stdenv.lib.optional pythonSupport python;
configureFlags =
@ -45,15 +43,18 @@ stdenv.mkDerivation rec {
"--with-dbussessionservicedir=$(out)/share/dbus-1/services"
"--with-firmware-path=/root/test-firmware:/run/current-system/firmware"
"--with-tty-gid=3" # tty in NixOS has gid 3
"--disable-networkd" # enable/use eventually
"--enable-compat-libs" # get rid of this eventually
];
preConfigure =
''
# FIXME: patch this in systemd properly (and send upstream).
# FIXME: use sulogin from util-linux once updated.
for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c; do
for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c; do
test -e $i
substituteInPlace $i \
--replace /usr/bin/getent ${stdenv.glibc}/bin/getent \
--replace /bin/mount ${utillinux}/bin/mount \
--replace /bin/umount ${utillinux}/bin/umount \
--replace /sbin/swapon ${utillinux}/sbin/swapon \
@ -69,6 +70,10 @@ stdenv.mkDerivation rec {
--replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
'';
# This is needed because systemd uses the gold linker, which doesn't
# yet have the wrapper script to add rpath flags automatically.
NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib -rpath ${stdenv.gcc.gcc}/lib";
PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python
NIX_CFLAGS_COMPILE =
@ -77,10 +82,6 @@ stdenv.mkDerivation rec {
"-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\""
"-fno-stack-protector"
# Work around our kernel headers being too old. FIXME: remove
# this after the next stdenv update.
"-DFS_NOCOW_FL=0x00800000"
# Set the release_agent on /sys/fs/cgroup/systemd to the
# currently running systemd (/run/current-system/systemd) so
# that we don't use an obsolete/garbage-collected release agent.
@ -94,7 +95,12 @@ stdenv.mkDerivation rec {
# /var is mounted.
makeFlags = "hwdb_bin=/var/lib/udev/hwdb.bin";
installFlags = "localstatedir=$(TMPDIR)/var sysconfdir=$(out)/etc sysvinitdir=$(TMPDIR)/etc/init.d";
installFlags =
[ "localstatedir=$(TMPDIR)/var"
"sysconfdir=$(out)/etc"
"sysvinitdir=$(TMPDIR)/etc/init.d"
"pamconfdir=$(out)/etc/pam.d"
];
# Get rid of configuration-specific data.
postInstall =
@ -103,6 +109,8 @@ stdenv.mkDerivation rec {
mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example
mv $out/lib/systemd/{system,user} $out/example/systemd
rm -rf $out/etc/systemd/system
# Install SysV compatibility commands.
mkdir -p $out/sbin
ln -s $out/lib/systemd/systemd $out/sbin/telinit
@ -128,19 +136,6 @@ stdenv.mkDerivation rec {
# runtime; otherwise we can't and we need to reboot.
passthru.interfaceVersion = 2;
passthru.headers = stdenv.mkDerivation {
name = "systemd-headers-${version}";
inherit src;
phases = [ "unpackPhase" "installPhase" ];
# some are needed by dbus.libs, which is needed for systemd :-)
installPhase = ''
mkdir -p "$out/include/systemd"
mv src/systemd/*.h "$out/include/systemd"
'';
};
meta = {
homepage = "http://www.freedesktop.org/wiki/Software/systemd";
description = "A system and service manager for Linux";

14
pkgs/os-specific/linux/systemd/fix_console_in_containers.patch
View file

@ -1,14 +0,0 @@
diff -ruN systemd-203/units/getty@.service.m4 systemd-203-patched/units/getty@.service.m4
--- systemd-203/units/getty@.service.m4 2013-01-07 22:50:49.083315575 +0100
+++ systemd-203-patched/units/getty@.service.m4 2014-03-18 09:54:40.002476232 +0100
@@ -23,7 +23,9 @@
# On systems without virtual consoles, don't start any getty. (Note
# that serial gettys are covered by serial-getty@.service, not this
# unit
-ConditionPathExists=/dev/tty0
+ConditionPathExists=|/dev/tty0
+ConditionVirtualization=|lxc
+ConditionVirtualization=|lxc-libvirt
[Service]
# the VT is cleared by TTYVTDisallocate

816
pkgs/os-specific/linux/systemd/fixes.patch
View file

@ -1,144 +1,23 @@
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 7164b1e..29401eb 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -381,7 +381,7 @@
this unit during
installation. This is best
configured via
- <varname>WantedBy=multi-uer.target</varname>
+ <varname>WantedBy=multi-user.target</varname>
in the unit's
<literal>[Install]</literal>
section.</para>
diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules
index 15b5bc4..c5f1b38 100644
--- a/rules/80-net-name-slot.rules
+++ b/rules/80-net-name-slot.rules
@@ -1,6 +1,6 @@
# do not edit this file, it will be overwritten on update
-ACTION=="remove", GOTO="net_name_slot_end"
+ACTION!="add", GOTO="net_name_slot_end"
SUBSYSTEM!="net", GOTO="net_name_slot_end"
NAME!="", GOTO="net_name_slot_end"
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
index d17bdd9..040b10e 100644
index db72373..2fc12ca 100644
--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd"
SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
-# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it.
-SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-
# Ignore raid devices that are not yet assembled and started
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
index 82b02bb..7df9d01 100644
--- a/src/core/cgroup-semantics.c
+++ b/src/core/cgroup-semantics.c
@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
}
static const CGroupSemantics semantics[] = {
- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL },
+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL },
{ "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL },
{ "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL },
{ "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL },
diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
index 91d70e5..698102f 100644
--- a/src/core/dbus-execute.h
+++ b/src/core/dbus-execute.h
@@ -63,7 +63,7 @@
" <property name=\"CPUSchedulingPolicy\" type=\"i\" access=\"read\"/>\n" \
" <property name=\"CPUSchedulingPriority\" type=\"i\" access=\"read\"/>\n" \
" <property name=\"CPUAffinity\" type=\"ay\" access=\"read\"/>\n" \
- " <property name=\"TimerSlackNS\" type=\"t\" access=\"read\"/>\n" \
+ " <property name=\"TimerSlackNSec\" type=\"t\" access=\"read\"/>\n" \
" <property name=\"CPUSchedulingResetOnFork\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"NonBlocking\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"StandardInput\" type=\"s\" access=\"read\"/>\n" \
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 56b02a1..2b6d799 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
_cleanup_strv_free_ char **l = NULL;
char **e = NULL;
- SELINUX_ACCESS_CHECK(connection, message, "reboot");
+ SELINUX_ACCESS_CHECK(connection, message, "reload");
r = bus_parse_strv(message, &l);
if (r == -ENOMEM)
@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
_cleanup_strv_free_ char **l = NULL;
char **e = NULL;
- SELINUX_ACCESS_CHECK(connection, message, "reboot");
+ SELINUX_ACCESS_CHECK(connection, message, "reload");
r = bus_parse_strv(message, &l);
if (r == -ENOMEM)
@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
char **f = NULL;
DBusMessageIter iter;
- SELINUX_ACCESS_CHECK(connection, message, "reboot");
+ SELINUX_ACCESS_CHECK(connection, message, "reload");
if (!dbus_message_iter_init(message, &iter))
goto oom;
diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
index 2e99fba..e72749a 100644
--- a/src/core/dbus-swap.c
+++ b/src/core/dbus-swap.c
@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result,
static const BusProperty bus_swap_properties[] = {
{ "What", bus_property_append_string, "s", offsetof(Swap, what), true },
{ "Priority", bus_swap_append_priority, "i", 0 },
+ { "TimeoutUSec",bus_property_append_usec, "t", offsetof(Swap, timeout_usec)},
BUS_EXEC_COMMAND_PROPERTY("ExecActivate", offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]), false),
BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false),
{ "ControlPID", bus_property_append_pid, "u", offsetof(Swap, control_pid) },
diff --git a/src/core/main.c b/src/core/main.c
index 7fc06be..101ce79 100644
index 41605ee..8517369 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) {
log_error("Failed to adjust timer slack: %m");
if (arg_capability_bounding_set_drop) {
- r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
if (r < 0) {
- log_error("Failed to drop capability bounding set: %s", strerror(-r));
+ log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
goto finish;
}
- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+ r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
if (r < 0) {
- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+ log_error("Failed to drop capability bounding set: %s", strerror(-r));
goto finish;
}
}
@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) {
/* This will close all file descriptors that were opened, but
* not claimed by any unit. */
fdset_free(fds);
+ fds = NULL;
if (serialization) {
fclose(serialization);
@@ -1857,7 +1858,7 @@ finish:
@@ -1883,7 +1883,7 @@ finish:
char_array_0(sfd);
i = 0;
@ -147,69 +26,50 @@ index 7fc06be..101ce79 100644
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
diff --git a/src/core/manager.c b/src/core/manager.c
index c7f8f20..0508628 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
diff --git a/src/core/socket.c b/src/core/socket.c
index 7c18a2b..eba67d5 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
int k;
case SIGINT:
if (m->running_as == SYSTEMD_SYSTEM) {
- manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
+ manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
break;
}
k = getpeercred(fd, &ucred);
- if (k < 0)
+ if (k == -ENODATA) {
+ /* This handles the case where somebody is
+ * connecting from another pid/uid namespace
+ * (e.g. from outside of our container). */
+ if (asprintf(&r,
+ "%u-unknown",
+ nr) < 0)
+ return -ENOMEM;
+ }
+ else if (k < 0)
return k;
-
- if (asprintf(&r,
- "%u-%lu-%lu",
- nr,
- (unsigned long) ucred.pid,
- (unsigned long) ucred.uid) < 0)
- return -ENOMEM;
-
+ else {
+ if (asprintf(&r,
+ "%u-%lu-%lu",
+ nr,
+ (unsigned long) ucred.pid,
+ (unsigned long) ucred.uid) < 0)
+ return -ENOMEM;
+ }
break;
}
diff --git a/src/core/service.c b/src/core/service.c
index 3617c24..4d0e2ad 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
if (s->exec_context.var_tmp_dir)
unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir);
+ if (s->forbid_restart)
+ unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart));
+
return 0;
}
@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return log_oom();
s->exec_context.var_tmp_dir = t;
+ } else if (streq(key, "forbid-restart")) {
+ int b;
+
+ b = parse_boolean(value);
+ if (b < 0)
+ log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value);
+ else
+ s->forbid_restart = b;
} else
log_debug_unit(u->id, "Unknown serialization key '%s'", key);
diff --git a/src/core/snapshot.c b/src/core/snapshot.c
index a63eccd..a6807eb 100644
--- a/src/core/snapshot.c
+++ b/src/core/snapshot.c
@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0)
return -ENOMEM;
- if (!manager_get_unit(m, n))
+ if (!manager_get_unit(m, n)) {
+ name = n;
break;
+ }
free(n);
}
diff --git a/src/core/umount.c b/src/core/umount.c
index 1e95ad7..9f0e471 100644
index d1258f0..0311812 100644
--- a/src/core/umount.c
+++ b/src/core/umount.c
@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
@@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
* anyway, since we are running from it. They have
* already been remounted ro. */
if (path_equal(m->path, "/")
@ -218,285 +78,31 @@ index 1e95ad7..9f0e471 100644
#ifndef HAVE_SPLIT_USR
|| path_equal(m->path, "/usr")
#endif
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 81b7708..edd0b40 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -111,6 +111,7 @@ static int create_disk(
"Conflicts=umount.target\n"
"DefaultDependencies=no\n"
"BindsTo=dev-mapper-%i.device\n"
+ "IgnoreOnIsolate=true\n"
"After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
f);
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index c17299f..6b3e67e 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -351,7 +351,7 @@ static int add_mount(
if (automount && !path_equal(where, "/")) {
automount_name = unit_name_from_path(where, ".automount");
- if (!name)
+ if (!automount_name)
return log_oom();
automount_unit = strjoin(arg_dest, "/", automount_name, NULL);
@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) {
} else if (startswith(word, "rd.fstab=")) {
if (in_initrd()) {
- r = parse_boolean(word + 6);
+ r = parse_boolean(word + 9);
if (r < 0)
- log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6);
+ log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9);
else
arg_enabled = r;
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 9a9ed9d..9e46e18 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 38499a6..bb80905 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -907,6 +907,8 @@ static int journal_file_append_field(
} else {
+#if 0
const char *p;
osize = offsetof(Object, field.payload) + size;
r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
+ if (r < 0)
+ return r;
p = strappenda(arg_directory,
@@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) {
goto finish;
o->field.hash = htole64(hash);
memcpy(o->field.payload, field, size);
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 88163c0..e09ba4c 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -333,8 +333,10 @@ void server_rotate(Server *s) {
if (r < 0)
if (f)
log_error("Failed to rotate %s: %s", f->path, strerror(-r));
- else
+ else {
log_error("Failed to create user journal: %s", strerror(-r));
+ hashmap_remove(s->user_journals, k);
+ }
else {
hashmap_replace(s->user_journals, k, f);
server_fix_perms(s, f, PTR_TO_UINT32(k));
@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) {
ssize_t n;
if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "signal fd", ev->events);
return -EIO;
}
+#endif
}
@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) {
} else if (ev->data.fd == s->dev_kmsg_fd) {
int r;
- if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ if (ev->events & EPOLLERR)
+ log_warning("/dev/kmsg buffer overrun, some messages lost.");
+
+ if (!(ev->events & EPOLLIN)) {
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "/dev/kmsg", ev->events);
return -EIO;
}
@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) {
ev->data.fd == s->syslog_fd) {
if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
+ ev->events);
return -EIO;
}
@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) {
char *e;
if (n > 0 && n_fds == 0) {
- e = memchr(s->buffer, '\n', n);
- if (e)
- *e = 0;
- else
- s->buffer[n] = 0;
-
+ s->buffer[n] = 0;
server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
} else if (n_fds > 0)
log_warning("Got file descriptors via syslog socket. Ignoring.");
@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) {
} else if (ev->data.fd == s->stdout_fd) {
if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "stdout fd", ev->events);
return -EIO;
}
@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) {
StdoutStream *stream;
if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "stdout stream", ev->events);
log_error("Got invalid event from epoll.");
return -EIO;
}
diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
index 54bf114..bd197d0 100644
--- a/src/journal/mmap-cache.c
+++ b/src/journal/mmap-cache.c
@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) {
while ((c = hashmap_first(m->contexts)))
context_free(c);
+ hashmap_free(m->contexts);
+
while ((f = hashmap_first(m->fds)))
fd_free(f);
+ hashmap_free(m->fds);
+
while (m->unused)
window_free(m->unused);
diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c
index 0e66f3d..cac948e 100644
--- a/src/libsystemd-bus/bus-internal.c
+++ b/src/libsystemd-bus/bus-internal.c
@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) {
bool interface_name_is_valid(const char *p) {
const char *q;
- bool dot, found_dot;
+ bool dot, found_dot = false;
if (isempty(p))
return false;
@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) {
bool service_name_is_valid(const char *p) {
const char *q;
- bool dot, found_dot, unique;
+ bool dot, found_dot = false, unique;
if (isempty(p))
return false;
diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index 7d6d848..b0eb2f1 100644
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) {
if (r == 0)
return ret;
- r = 1;
+ ret = 1;
} while (!z);
*m = z;
- return 1;
+ return ret;
}
int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
index 5ccaabd..100c1fb 100644
--- a/src/libudev/libudev-enumerate.c
+++ b/src/libudev/libudev-enumerate.c
@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
/* skip to be delayed devices, and move the to
* the point where the prefix changes. We can
* only move one item at a time. */
- if (!move_later) {
+ if (move_later == -1) {
move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
if (move_later_prefix > 0) {
@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s
{
struct udev_list_entry *list_entry;
+ subsystem = subsystem ? : "";
+
udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) {
if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0)
return false;
@@ -826,23 +828,27 @@ nomatch:
static int parent_add_child(struct udev_enumerate *enumerate, const char *path)
{
struct udev_device *dev;
+ int r = 0;
dev = udev_device_new_from_syspath(enumerate->udev, path);
if (dev == NULL)
return -ENODEV;
if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
- return 0;
+ goto nomatch;
if (!match_sysname(enumerate, udev_device_get_sysname(dev)))
- return 0;
+ goto nomatch;
if (!match_property(enumerate, dev))
- return 0;
+ goto nomatch;
if (!match_sysattr(enumerate, dev))
- return 0;
+ goto nomatch;
syspath_add(enumerate, udev_device_get_syspath(dev));
+ r = 1;
+
+nomatch:
udev_device_unref(dev);
- return 1;
+ return r;
}
static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth)
diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
index 8e09430..1e6f885 100644
--- a/src/libudev/libudev.sym
+++ b/src/libudev/libudev.sym
@@ -109,5 +109,6 @@ global:
} LIBUDEV_189;
LIBUDEV_199 {
+global:
udev_device_set_sysattr_value;
} LIBUDEV_196;
diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
index 7b19ee0..49ee420 100644
--- a/src/modules-load/modules-load.c
+++ b/src/modules-load/modules-load.c
@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) {
STRV_FOREACH(i, arg_proc_cmdline_modules) {
k = load_module(ctx, *i);
- if (k < 0)
- r = EXIT_FAILURE;
+ if (k < 0 && r == 0)
+ r = k;
}
r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
} else {
char template[] = "/tmp/nspawn-root-XXXXXX";
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
index b1ef912..4f2ab5c 100644
index d61ecdf..228a3a4 100644
--- a/src/nss-myhostname/netlink.c
+++ b/src/nss-myhostname/netlink.c
@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
@@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
continue;
@ -507,174 +113,45 @@ index b1ef912..4f2ab5c 100644
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
continue;
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
index 8d004ba..99340c9 100644
--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) {
list[count ++] = id;
}
- qsort(list, count, sizeof(uint16_t), cmp_uint16);
+ if (list)
+ qsort(list, count, sizeof(uint16_t), cmp_uint16);
*options = list;
return count;
diff --git a/src/shared/env-util.c b/src/shared/env-util.c
index 6a52fb9..598222c 100644
--- a/src/shared/env-util.c
+++ b/src/shared/env-util.c
@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) {
e[k++] = *p;
}
- e[k] = NULL;
+ if (e)
+ e[k] = NULL;
+
return e;
}
diff --git a/src/shared/log.c b/src/shared/log.c
index 27317f7..8f4995a 100644
--- a/src/shared/log.c
+++ b/src/shared/log.c
@@ -115,16 +115,20 @@ void log_close_syslog(void) {
static int create_log_socket(int type) {
int fd;
+ struct timeval tv;
- /* All output to the syslog/journal fds we do asynchronously,
- * and if the buffers are full we just drop the messages */
-
- fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+ fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
if (fd < 0)
return -errno;
fd_inc_sndbuf(fd, SNDBUF_SIZE);
+ /* We need a blocking fd here since we'd otherwise lose
+ messages way too early. However, let's not hang forever in the
+ unlikely case of a deadlock. */
+ timeval_store(&tv, 1*USEC_PER_MINUTE);
+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
+
return fd;
}
diff --git a/src/shared/polkit.c b/src/shared/polkit.c
index cea7074..1c5e9e3 100644
--- a/src/shared/polkit.c
+++ b/src/shared/polkit.c
@@ -38,12 +38,8 @@ int verify_polkit(
#ifdef ENABLE_POLKIT
DBusMessage *m = NULL, *reply = NULL;
- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
uint32_t flags = interactive ? 1 : 0;
- pid_t pid_raw;
- uint32_t pid_u32;
- unsigned long long starttime_raw;
- uint64_t starttime_u64;
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
@@ -68,14 +64,6 @@ int verify_polkit(
#ifdef ENABLE_POLKIT
- pid_raw = bus_get_unix_process_id(c, sender, error);
- if (pid_raw == 0)
- return -EINVAL;
-
- r = get_starttime_of_pid(pid_raw, &starttime_raw);
- if (r < 0)
- return r;
-
m = dbus_message_new_method_call(
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
@@ -86,22 +74,13 @@ int verify_polkit(
dbus_message_iter_init_append(m, &iter_msg);
- pid_u32 = (uint32_t) pid_raw;
- starttime_u64 = (uint64_t) starttime_raw;
-
if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
!dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
!dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
!dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
!dbus_message_iter_close_container(&iter_array, &iter_dict) ||
!dbus_message_iter_close_container(&iter_struct, &iter_array) ||
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 3cca861..f6052dd 100644
index 0887bc3..6b502ce 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
} else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) {
uint32_t id;
- const char *path, *result, *unit;
+ const char *path, *result, *unit, *r;
if (dbus_message_get_args(message, &error,
DBUS_TYPE_UINT32, &id,
@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
DBUS_TYPE_STRING, &result,
DBUS_TYPE_INVALID)) {
- free(set_remove(d->set, (char*) path));
+ r = set_remove(d->set, (char*) path);
+ if (!r)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+ free(r);
if (!isempty(result))
d->result = strdup(result);
@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
/* Compatibility with older systemd versions <
* 183 during upgrades. This should be dropped
* one day. */
- free(set_remove(d->set, (char*) path));
+ r = set_remove(d->set, (char*) path);
+ if (!r)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+ free(r);
if (*result)
d->result = strdup(result);
@@ -1867,7 +1875,7 @@ static int start_unit_one(
return log_oom();
@@ -2561,7 +2561,7 @@ static int start_unit_one(
log_debug("Adding %s to the set", p);
r = set_consume(s, p);
- if (r < 0) {
+ if (r < 0 && r != -EEXIST) {
log_error("Failed to add path to set.");
return r;
}
- if (r < 0)
+ if (r < 0 && r != -EEXIST)
return log_oom();
}
diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
index 8ac51a4..cae9fb5 100644
--- a/units/console-getty.service.m4.in
+++ b/units/console-getty.service.m4.in
@@ -15,7 +15,6 @@ After=rc-local.service
Before=getty.target
[Service]
-ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in
index 4f7794b..bad2a9a 100644
--- a/units/container-getty@.service.m4.in
+++ b/units/container-getty@.service.m4.in
@@ -16,7 +16,6 @@ Before=getty.target
IgnoreOnIsolate=yes
[Service]
-ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/emergency.service.in b/units/emergency.service.in
index 442f0e0..6b7eafd 100644
index 94c090f..0d20640 100644
--- a/units/emergency.service.in
+++ b/units/emergency.service.in
@@ -15,7 +15,6 @@ Before=shutdown.target
@ -685,30 +162,61 @@ index 442f0e0..6b7eafd 100644
ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
ExecStart=-/sbin/sulogin
ExecStopPost=@SYSTEMCTL@ --fail --no-block default
diff --git a/units/getty@.service.m4 b/units/getty@.service.m4
index aa853b8..8bcc647 100644
--- a/units/getty@.service.m4
+++ b/units/getty@.service.m4
@@ -23,11 +23,12 @@ IgnoreOnIsolate=yes
# On systems without virtual consoles, don't start any getty. Note
# that serial gettys are covered by serial-getty@.service, not this
# unit.
-ConditionPathExists=/dev/tty0
+ConditionPathExists=|/dev/tty0
+ConditionVirtualization=|lxc
+ConditionVirtualization=|lxc-libvirt
[Service]
# the VT is cleared by TTYVTDisallocate
-ExecStart=-/sbin/agetty --noclear %I $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
index 368f980..d0c1bd2 100644
--- a/units/kmod-static-nodes.service.in
+++ b/units/kmod-static-nodes.service.in
@@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel
DefaultDependencies=no
Before=sysinit.target systemd-tmpfiles-setup-dev.service
ConditionCapability=CAP_MKNOD
-ConditionPathExists=/lib/modules/%v/modules.devname
[Service]
Type=oneshot
diff --git a/units/local-fs.target b/units/local-fs.target
index 18c3d74..a09054c 100644
index ae3cedc..0e36840 100644
--- a/units/local-fs.target
+++ b/units/local-fs.target
@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
After=local-fs-pre.target
@@ -13,3 +13,5 @@ DefaultDependencies=no
Conflicts=shutdown.target
OnFailure=emergency.target
OnFailureIsolate=no
OnFailureJobMode=replace-irreversibly
+
+X-StopOnReconfiguration=yes
diff --git a/units/remote-fs.target b/units/remote-fs.target
index 09213e8..47b4cf5 100644
index 43ffa5c..156a681 100644
--- a/units/remote-fs.target
+++ b/units/remote-fs.target
@@ -10,5 +10,7 @@ Description=Remote File Systems
Documentation=man:systemd.special(7)
After=remote-fs-pre.target
@@ -12,5 +12,7 @@ After=remote-fs-pre.target
DefaultDependencies=no
Conflicts=shutdown.target
+X-StopOnReconfiguration=yes
+
[Install]
WantedBy=multi-user.target
diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
index 269797a..2c640f4 100644
index 552ef89..af3915f 100644
--- a/units/rescue.service.m4.in
+++ b/units/rescue.service.m4.in
@@ -16,7 +16,6 @@ Before=shutdown.target
@ -719,6 +227,18 @@ index 269797a..2c640f4 100644
ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
ExecStart=-/sbin/sulogin
ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
index 4ac51e7..86a3b59 100644
--- a/units/serial-getty@.service.m4
+++ b/units/serial-getty@.service.m4
@@ -22,7 +22,6 @@ Before=getty.target
IgnoreOnIsolate=yes
[Service]
-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/sysinit.target b/units/sysinit.target
index 8f4fb8f..e0f0147 100644
--- a/units/sysinit.target
@ -731,11 +251,20 @@ index 8f4fb8f..e0f0147 100644
-After=local-fs.target swap.target emergency.service emergency.target
+After=emergency.service emergency.target
RefuseManualStart=yes
diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in
index e945d87..77728f2 100644
--- a/units/systemd-backlight@.service.in
+++ b/units/systemd-backlight@.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-backlight load %i
ExecStop=@rootlibexecdir@/systemd-backlight save %i
+X-RestartIfChanged=false
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index ab2e50c..9563a7d 100644
index de93879..c9a49f3 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
@@ -25,3 +25,8 @@ WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous
# services being run since we keep one fd open per service.
LimitNOFILE=16384
@ -744,6 +273,33 @@ index ab2e50c..9563a7d 100644
+# journald to stop logging (see
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
+X-RestartIfChanged=no
diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
index 1879b2f..9b895b9 100644
--- a/units/systemd-random-seed.service.in
+++ b/units/systemd-random-seed.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-random-seed load
ExecStop=@rootlibexecdir@/systemd-random-seed save
+X-RestartIfChanged=false
diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in
index 9d264a2..c505535 100644
--- a/units/systemd-rfkill@.service.in
+++ b/units/systemd-rfkill@.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-rfkill load %I
ExecStop=@rootlibexecdir@/systemd-rfkill save %I
+X-RestartIfChanged=false
diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in
index da7dda7..4cc550d 100644
--- a/units/systemd-update-utmp.service.in
+++ b/units/systemd-update-utmp.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-update-utmp reboot
ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown
+X-RestartIfChanged=false
diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
index 0869e73..b6ed958 100644
--- a/units/systemd-user-sessions.service.in

81
pkgs/os-specific/linux/systemd/libc-bug-accept4-arm.patch
View file

@ -1,81 +0,0 @@
Based on a patch for udev in
nixpkgs(upstart)/pkgs/os-specific/linux/udev/pre-accept4-kernel.patch
It was taken from:
https://github.com/archlinuxarm/PKGBUILDs/blob/master/core/udev-oxnas/pre-accept4-kernel.patch
Basically, ARM implemented accept4() only in 2.6.36. Nixpkgs now uses
linux headers from 2.6.35. And the particular nixpkgs glibc version had a bug,
not checking about 2.6.36 for accept4 on arm.
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 7b88f74..a9f7b62 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -347,10 +347,12 @@ int stdout_stream_new(Server *s) {
int fd, r;
socklen_t len;
struct epoll_event ev;
+ int flgs;
assert(s);
- fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+ //fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+ fd = accept(s->stdout_fd, NULL, NULL);
if (fd < 0) {
if (errno == EAGAIN)
return 0;
@@ -359,6 +361,11 @@ int stdout_stream_new(Server *s) {
return -errno;
}
+ // Since we don't have accept4
+ flgs = fcntl(fd, F_GETFL, NULL);
+ if(flgs >= 0) fcntl(fd, F_SETFL, flgs | O_NONBLOCK);
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+
if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
log_warning("Too many stdout streams, refusing connection.");
close_nointr_nofail(fd);
diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
index a235912..c05e4b4 100644
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -15,6 +15,7 @@
#include <stddef.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/poll.h>
#include <sys/socket.h>
@@ -181,6 +182,7 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
struct ucred ucred;
socklen_t slen;
const int on = 1;
+ int flgs;
conn = calloc(1, sizeof(struct udev_ctrl_connection));
if (conn == NULL)
@@ -188,13 +190,19 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
conn->refcount = 1;
conn->uctrl = uctrl;
- conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
+ //conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
+ conn->sock = accept(uctrl->sock, NULL, NULL);
if (conn->sock < 0) {
if (errno != EINTR)
log_error("unable to receive ctrl connection: %m\n");
goto err;
}
+ // Since we don't have accept4
+ flgs = fcntl(conn->sock, F_GETFL, NULL);
+ if(flgs >= 0) fcntl(conn->sock, F_SETFL, flgs | O_NONBLOCK);
+ fcntl(conn->sock, F_SETFD, FD_CLOEXEC);
+
/* check peer credential of connection */
slen = sizeof(ucred);
if (getsockopt(conn->sock, SOL_SOCKET, SO_PEERCRED, &ucred, &slen) < 0) {

12
pkgs/os-specific/linux/util-linux/default.nix
View file

@ -1,13 +1,11 @@
{ stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }:
let
ver = "2.24";
in
stdenv.mkDerivation rec {
name = "util-linux-${ver}";
name = "util-linux-2.24.1";
src = fetchurl {
url = "http://www.kernel.org/pub/linux/utils/util-linux/v${ver}/${name}.tar.bz2";
sha256 = "1nfnymj03rdcxjb677a9qq1zirppr8csh32cb85qm23x5xndi6v3";
url = "http://www.kernel.org/pub/linux/utils/util-linux/v2.24/${name}.tar.xz";
sha256 = "0444xhfm9525v3aagyfbp38mp7xsw2fn9zg4ya713c7s5hivcpl3";
};
crossAttrs = {
@ -19,8 +17,6 @@ stdenv.mkDerivation rec {
# (/sbin/mount.*) through an environment variable, but that's
# somewhat risky because we have to consider that mount can setuid
# root...
# --enable-libmount-mount fixes the behaviour being /etc/mtab a symlink to /proc/monunts
# http://pl.digipedia.org/usenet/thread/19513/1924/
configureFlags = ''
--enable-write
--enable-last

6
pkgs/servers/x11/xorg/default.nix
View file

@ -1960,11 +1960,11 @@ let
})) // {inherit ;};
xorgserver = (stdenv.mkDerivation ((if overrides ? xorgserver then overrides.xorgserver else x: x) {
name = "xorg-server-1.14.5";
name = "xorg-server-1.14.6";
builder = ./builder.sh;
src = fetchurl {
url = mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2;
sha256 = "1lb1fkscy7nwnabfj0d2shvxga16i047g11if18plj0n2jzhc3wd";
url = mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2;
sha256 = "0c57vp1z0p38dj5gfipkmlw6bvbz1mrr0sb3sbghdxxdyq4kzcz8";
};
buildInputs = [pkgconfig renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ];
})) // {inherit renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ;};

2
pkgs/servers/x11/xorg/tarballs-7.7.list
View file

@ -170,7 +170,7 @@ mirror://xorg/X11R7.7/src/everything/xlsatoms-1.1.1.tar.bz2
mirror://xorg/individual/app/xlsclients-1.1.3.tar.bz2
mirror://xorg/individual/app/xmodmap-1.0.8.tar.bz2
mirror://xorg/X11R7.7/src/everything/xorg-docs-1.7.tar.bz2
mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2
mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2
mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2
mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2
mirror://xorg/individual/app/xprop-1.2.2.tar.bz2

18
pkgs/stdenv/generic/default.nix
View file

@ -58,16 +58,14 @@ let
pos' = if pos != null then "" + pos.file + ":" + toString pos.line + "" else "«unknown-file»";
in
if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then
throw ''package ${attrs.name} in ${pos'} has an unfree license, refusing to evaluate.
You can set
{ nixpkgs.config.allowUnfree = true; }
in configuration.nix to override this.
If you use Nix standalone, you can add
{ config.allowUnfree = true; }
to ~/.nixpkgs/config.nix or pass
--arg config '{ allowUnfree = true; }'
on the command line.
''
throw ''
Package ${attrs.name} in ${pos'} has an unfree license, refusing to evaluate. You can set
{ nixpkgs.config.allowUnfree = true; }
in configuration.nix to override this. If you use Nix standalone, you can add
{ config.allowUnfree = true; }
to ~/.nixpkgs/config.nix or pass
--arg config '{ allowUnfree = true; }'
on the command line.''
else if !allowBroken && attrs.meta.broken or false then
throw "you can't use package ${attrs.name} in ${pos'} because it has been marked as broken"
else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then

4
pkgs/tools/networking/dhcpcd/default.nix
View file

@ -1,11 +1,11 @@
{ stdenv, fetchurl, pkgconfig, udev }:
stdenv.mkDerivation rec {
name = "dhcpcd-6.2.1";
name = "dhcpcd-6.3.2";
src = fetchurl {
url = "http://roy.marples.name/downloads/dhcpcd/${name}.tar.bz2";
sha256 = "1gs23zwhzml2aam4j6rdncaqfv3z5n1ifx6lq4b8ccifqa87gbga";
sha256 = "1v2m5wdr6x5cz6i0n1y63am9dhj5j7ylrk717scjgwwjdbq1x75n";
};
patches = [ ./lxc_ro_promote_secondaries.patch ];

33
pkgs/top-level/all-packages.nix
View file

@ -829,8 +829,6 @@ let
dhcpcd = callPackage ../tools/networking/dhcpcd { };
dhcpcd_without_udev = callPackage ../tools/networking/dhcpcd { udev = null; };
diffstat = callPackage ../tools/text/diffstat { };
diffutils = callPackage ../tools/text/diffutils { };
@ -4192,10 +4190,11 @@ let
dbus_glib = callPackage ../development/libraries/dbus-glib { };
dbus_java = callPackage ../development/libraries/java/dbus-java { };
dbus_python = callPackage ../development/python-modules/dbus { };
# Should we deprecate these? Currently there are many references.
dbus_tools = dbus.tools;
dbus_libs = dbus.libs;
dbus_daemon = dbus.daemon;
dbus_tools = pkgs.dbus.tools;
dbus_libs = pkgs.dbus.libs;
dbus_daemon = pkgs.dbus.daemon;
dhex = callPackage ../applications/editors/dhex { };
@ -6869,23 +6868,23 @@ let
libnl = callPackage ../os-specific/linux/libnl { };
libnl_3_2_19 = callPackage ../os-specific/linux/libnl/3.2.19.nix { };
linuxHeaders = linuxHeaders37;
linuxConsoleTools = callPackage ../os-specific/linux/consoletools { };
linuxHeaders26 = callPackage ../os-specific/linux/kernel-headers/2.6.32.nix { };
linuxHeaders = linuxHeaders_3_7;
linuxHeaders37 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { };
linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix {
inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem;
});
linuxHeaders26Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.6.32.nix {
inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem;
});
linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix {
inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem;
});
linuxHeaders_3_7 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { };
linuxHeaders_3_14 = callPackage ../os-specific/linux/kernel-headers/3.14.nix { };
# We can choose:
linuxHeadersCrossChooser = ver : if ver == "2.4" then linuxHeaders24Cross
@ -6895,8 +6894,6 @@ let
linuxHeadersCross = assert crossSystem != null;
linuxHeadersCrossChooser crossSystem.platform.kernelMajor;
linuxHeaders_2_6_28 = callPackage ../os-specific/linux/kernel-headers/2.6.28.nix { };
kernelPatches = callPackage ../os-specific/linux/kernel/patches.nix { };
linux_3_2 = makeOverridable (import ../os-specific/linux/kernel/linux-3.2.nix) {
@ -7005,6 +7002,8 @@ let
cryptodev = callPackage ../os-specific/linux/cryptodev { };
cpupower = callPackage ../os-specific/linux/cpupower { };
e1000e = callPackage ../os-specific/linux/e1000e {};
v4l2loopback = callPackage ../os-specific/linux/v4l2loopback { };
@ -7262,7 +7261,9 @@ let
sysstat = callPackage ../os-specific/linux/sysstat { };
systemd = callPackage ../os-specific/linux/systemd { };
systemd = callPackage ../os-specific/linux/systemd {
linuxHeaders = linuxHeaders_3_14;
};
systemtap = callPackage ../development/tools/profiling/systemtap {
inherit (gnome) libglademm;