Merge branch 'systemd-update'

This commit is contained in:
Eelco Dolstra 2014-04-20 19:31:01 +02:00
commit 4e8c2f0ff9
78 changed files with 947 additions and 1242 deletions

View File

@ -935,7 +935,7 @@ environment.systemPackages = [ (import ./my-hello.nix) ];
</programlisting> </programlisting>
where <filename>my-hello.nix</filename> contains: where <filename>my-hello.nix</filename> contains:
<programlisting> <programlisting>
with &lt;nixpkgs> {}; # bring all of Nixpkgs into scope with import &lt;nixpkgs> {}; # bring all of Nixpkgs into scope
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "hello-2.8"; name = "hello-2.8";

View File

@ -58,7 +58,7 @@ rec {
inherit system extraArgs modules prefix; inherit system extraArgs modules prefix;
# For efficiency, leave out most NixOS modules; they don't # For efficiency, leave out most NixOS modules; they don't
# define nixpkgs.config, so it's pointless to evaluate them. # define nixpkgs.config, so it's pointless to evaluate them.
baseModules = [ ../modules/misc/nixpkgs.nix ]; baseModules = [ ../modules/misc/nixpkgs.nix ../modules/config/no-x-libs.nix ];
pkgs = import ./nixpkgs.nix { system = system_; config = {}; }; pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
check = false; check = false;
}).config.nixpkgs; }).config.nixpkgs;

View File

@ -495,7 +495,7 @@ sub waitForX {
my ($self, $regexp) = @_; my ($self, $regexp) = @_;
$self->nest("waiting for the X11 server", sub { $self->nest("waiting for the X11 server", sub {
retry sub { retry sub {
my ($status, $out) = $self->execute("journalctl -bu systemd-logind | grep Linked"); my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
return 0 if $status != 0; return 0 if $status != 0;
($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1"); ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
return 1 if $status == 0; return 1 if $status == 0;

View File

@ -36,7 +36,7 @@ with lib;
# GNU lsh. # GNU lsh.
services.openssh.enable = false; services.openssh.enable = false;
services.lshd.enable = true; services.lshd.enable = true;
services.xserver.startOpenSSHAgent = false; programs.ssh.startAgent = false;
services.xserver.startGnuPGAgent = true; services.xserver.startGnuPGAgent = true;
# TODO: GNU dico. # TODO: GNU dico.

View File

@ -76,7 +76,12 @@ in
environment.systemPackages = [ glibcLocales ]; environment.systemPackages = [ glibcLocales ];
environment.variables.LANG = config.i18n.defaultLocale; environment.variables =
{ LANG = config.i18n.defaultLocale;
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
};
systemd.globalEnvironment.LOCALE_ARCHIVE = "${glibcLocales}/lib/locale/locale-archive";
# /etc/locale.conf is used by systemd. # /etc/locale.conf is used by systemd.
environment.etc = singleton environment.etc = singleton

View File

@ -1,3 +1,6 @@
# This module gets rid of all dependencies on X11 client libraries
# (including fontconfig).
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
@ -8,18 +11,22 @@ with lib;
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Switch off the options in the default configuration that require X libraries. Switch off the options in the default configuration that
Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts, require X11 libraries. This includes client-side font
fonts.enableFontConfig configuration and SSH forwarding of X11 authentication
in. Thus, you probably do not want to enable this option if
you want to run X11 programs on this machine via SSH.
''; '';
}; };
}; };
config = mkIf config.environment.noXlibs { config = mkIf config.environment.noXlibs {
programs.ssh.setXAuthLocation = false; programs.ssh.setXAuthLocation = false;
fonts = { security.pam.services.su.forwardXAuth = lib.mkForce false;
enableCoreFonts = false;
enableFontConfig = false; fonts.enableFontConfig = false;
};
nixpkgs.config.packageOverrides = pkgs:
{ dbus = pkgs.dbus.override { useX11 = false; }; };
}; };
} }

View File

@ -65,11 +65,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot.kernelModules = # FIXME: Implement powersave governor for sandy bridge or later Intel CPUs
[ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand"
"cpufreq_conservative"
];
powerManagement.cpuFreqGovernor = mkDefault "ondemand"; powerManagement.cpuFreqGovernor = mkDefault "ondemand";
powerManagement.scsiLinkPolicy = mkDefault "min_power"; powerManagement.scsiLinkPolicy = mkDefault "min_power";

View File

@ -45,19 +45,8 @@ in
) config.boot.kernel.sysctl); ) config.boot.kernel.sysctl);
systemd.services.systemd-sysctl = systemd.services.systemd-sysctl =
{ description = "Apply Kernel Variables"; { wantedBy = [ "multi-user.target" ];
before = [ "sysinit.target" "shutdown.target" ];
wantedBy = [ "sysinit.target" "multi-user.target" ];
restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ]; restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
unitConfig = {
DefaultDependencies = false; # needed to prevent a cycle
ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
};
}; };
# Enable hardlink and symlink restrictions. See # Enable hardlink and symlink restrictions. See

View File

@ -1,5 +1,7 @@
#! @shell@ #! @shell@
if [ -x "@shell@" ]; then export SHELL="@shell@"; fi;
set -e set -e
showSyntax() { showSyntax() {

View File

@ -1,11 +1,8 @@
# This module defines a small NixOS configuration. It does not # This module defines a small NixOS configuration. It does not
# contain any graphical stuff. # contain any graphical stuff.
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
# Don't include X libraries. environment.noXlibs = true;
programs.ssh.setXAuthLocation = false;
fonts.enableFontConfig = false;
fonts.enableCoreFonts = false;
} }

View File

@ -17,8 +17,7 @@ in
config = { config = {
environment.variables = environment.variables =
{ LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; { LOCATE_PATH = "/var/cache/locatedb";
LOCATE_PATH = "/var/cache/locatedb";
NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
NIX_PATH = NIX_PATH =
[ "/nix/var/nix/profiles/per-user/root/channels/nixos" [ "/nix/var/nix/profiles/per-user/root/channels/nixos"

View File

@ -47,7 +47,20 @@ in
for help. for help.
''; '';
}; };
startAgent = mkOption {
type = types.bool;
default = true;
description = ''
Whether to start the OpenSSH agent when you log in. The OpenSSH agent
remembers private keys for you so that you don't have to type in
passphrases every time you make an SSH connection. Use
<command>ssh-add</command> to add a key to the agent.
'';
};
}; };
}; };
config = { config = {
@ -71,5 +84,28 @@ in
target = "ssh/ssh_config"; target = "ssh/ssh_config";
} }
]; ];
# FIXME: this should really be socket-activated for über-awesomeness.
systemd.user.services.ssh-agent =
{ enable = cfg.startAgent;
description = "SSH Agent";
wantedBy = [ "default.target" ];
serviceConfig =
{ ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent";
StandardOutput = "null";
Type = "forking";
Restart = "on-failure";
SuccessExitStatus = "0 2";
};
};
environment.extraInit = optionalString cfg.startAgent
''
if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent"
fi
'';
}; };
} }

View File

@ -17,7 +17,7 @@ let
inherit from to; inherit from to;
name = "Obsolete name"; name = "Obsolete name";
use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x; define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
}; };
# abort if deprecated option is used # abort if deprecated option is used
@ -25,7 +25,7 @@ let
inherit from to; inherit from to;
name = "Deprecated name"; name = "Deprecated name";
use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'."; define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
}; };
showOption = concatStringsSep "."; showOption = concatStringsSep ".";
@ -103,6 +103,7 @@ in zipModules ([]
++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ] ++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]
++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ] ++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ] ++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ] ++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "xbmc" ]
# KDE # KDE

View File

@ -187,6 +187,8 @@ let
# Session management. # Session management.
session required pam_unix.so session required pam_unix.so
${optionalString cfg.setLoginUid
"session required pam_loginuid.so"}
${optionalString cfg.updateWtmp ${optionalString cfg.updateWtmp
"session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
${optionalString config.users.ldap.enable ${optionalString config.users.ldap.enable
@ -197,8 +199,6 @@ let
"session optional ${pkgs.otpw}/lib/security/pam_otpw.so"} "session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
${optionalString cfg.startSession ${optionalString cfg.startSession
"session optional ${pkgs.systemd}/lib/security/pam_systemd.so"} "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
${optionalString cfg.setLoginUid
"session required pam_loginuid.so"}
${optionalString cfg.forwardXAuth ${optionalString cfg.forwardXAuth
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"} "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
${optionalString (cfg.limits != []) ${optionalString (cfg.limits != [])

View File

@ -63,6 +63,9 @@ in
systemd.packages = [ pkgs.polkit ]; systemd.packages = [ pkgs.polkit ];
systemd.services.polkit.restartTriggers = [ config.system.path ];
systemd.services.polkit.unitConfig.X-StopIfChanged = false;
# The polkit daemon reads action/rule files # The polkit daemon reads action/rule files
environment.pathsToLink = [ "/share/polkit-1" ]; environment.pathsToLink = [ "/share/polkit-1" ];

View File

@ -30,8 +30,8 @@ int main(int argc, char * * argv)
creating hard link `X' from some other location, along with a creating hard link `X' from some other location, along with a
false `X.real' file, to allow arbitrary programs from being false `X.real' file, to allow arbitrary programs from being
executed setuid. */ executed setuid. */
assert ((strncmp(self, wrapperDir, sizeof(wrapperDir)) == 0) && assert ((strncmp(self, wrapperDir, strlen(wrapperDir)) == 0) &&
(self[strlen(wrapperDir)] == '/')); (self[strlen(wrapperDir)] == '/'));
/* Make *really* *really* sure that we were executed as `self', /* Make *really* *really* sure that we were executed as `self',
and not, say, as some other setuid program. That is, our and not, say, as some other setuid program. That is, our
@ -42,12 +42,12 @@ int main(int argc, char * * argv)
assert (lstat(self, &st) != -1); assert (lstat(self, &st) != -1);
//printf("%d %d\n", st.st_uid, st.st_gid); //printf("%d %d\n", st.st_uid, st.st_gid);
assert ((st.st_mode & S_ISUID) == 0 || assert ((st.st_mode & S_ISUID) == 0 ||
(st.st_uid == geteuid())); (st.st_uid == geteuid()));
assert ((st.st_mode & S_ISGID) == 0 || assert ((st.st_mode & S_ISGID) == 0 ||
st.st_gid == getegid()); st.st_gid == getegid());
/* And, of course, we shouldn't be writable. */ /* And, of course, we shouldn't be writable. */
assert (!(st.st_mode & (S_IWGRP | S_IWOTH))); assert (!(st.st_mode & (S_IWGRP | S_IWOTH)));
@ -69,13 +69,13 @@ int main(int argc, char * * argv)
real[len] = 0; real[len] = 0;
close(fdSelf); close(fdSelf);
//printf("real = %s, len = %d\n", real, len); //printf("real = %s, len = %d\n", real, len);
execve(real, argv, environ); execve(real, argv, environ);
fprintf(stderr, "%s: cannot run `%s': %s\n", fprintf(stderr, "%s: cannot run `%s': %s\n",
argv[0], real, strerror(errno)); argv[0], real, strerror(errno));
exit(1); exit(1);
} }

View File

@ -9,10 +9,11 @@ let
setuidWrapper = pkgs.stdenv.mkDerivation { setuidWrapper = pkgs.stdenv.mkDerivation {
name = "setuid-wrapper"; name = "setuid-wrapper";
buildCommand = '' buildCommand = ''
ensureDir $out/bin mkdir -p $out/bin
cp ${./setuid-wrapper.c} setuid-wrapper.c
gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \ gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
${./setuid-wrapper.c} -o $out/bin/setuid-wrapper setuid-wrapper.c -o $out/bin/setuid-wrapper
strip -s $out/bin/setuid-wrapper strip -S $out/bin/setuid-wrapper
''; '';
}; };
@ -116,8 +117,7 @@ in
# programs to be wrapped. # programs to be wrapped.
SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin
if test -d ${wrapperDir}; then rm -f ${wrapperDir}/*; fi # */ rm -f ${wrapperDir}/* # */
mkdir -p ${wrapperDir}
${concatMapStrings makeSetuidWrapper setuidPrograms} ${concatMapStrings makeSetuidWrapper setuidPrograms}
''; '';

View File

@ -215,7 +215,7 @@ in
# Shut down Postgres using SIGINT ("Fast Shutdown mode"). See # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See
# http://www.postgresql.org/docs/current/static/server-shutdown.html # http://www.postgresql.org/docs/current/static/server-shutdown.html
KillSignal = "SIGINT"; KillSignal = "SIGINT";
KillMode = "process"; # FIXME: this may cause processes to be left behind in the cgroup even after the final SIGKILL KillMode = "mixed";
# Give Postgres a decent amount of time to clean up after # Give Postgres a decent amount of time to clean up after
# receiving systemd's SIGINT. # receiving systemd's SIGINT.

View File

@ -0,0 +1,13 @@
# Copied from systemd 203.
ACTION=="remove", GOTO="net_name_slot_end"
SUBSYSTEM!="net", GOTO="net_name_slot_end"
NAME!="", GOTO="net_name_slot_end"
IMPORT{cmdline}="net.ifnames"
ENV{net.ifnames}=="0", GOTO="net_name_slot_end"
NAME=="", ENV{ID_NET_NAME_ONBOARD}!="", NAME="$env{ID_NET_NAME_ONBOARD}"
NAME=="", ENV{ID_NET_NAME_SLOT}!="", NAME="$env{ID_NET_NAME_SLOT}"
NAME=="", ENV{ID_NET_NAME_PATH}!="", NAME="$env{ID_NET_NAME_PATH}"
LABEL="net_name_slot_end"

View File

@ -83,8 +83,8 @@ let
grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true
done done
${optionalString (!config.networking.usePredictableInterfaceNames) '' ${optionalString config.networking.usePredictableInterfaceNames ''
ln -s /dev/null $out/80-net-name-slot.rules cp ${./80-net-name-slot.rules} $out/80-net-name-slot.rules
''} ''}
# If auto-configuration is disabled, then remove # If auto-configuration is disabled, then remove
@ -243,5 +243,9 @@ in
fi fi
''; '';
systemd.services.systemd-udevd =
{ environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
};
}; };
} }

View File

@ -14,7 +14,7 @@ with lib;
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = true;
description = '' description = ''
Whether to enable Udisks, a DBus service that allows Whether to enable Udisks, a DBus service that allows
applications to query and manipulate storage devices. applications to query and manipulate storage devices.

View File

@ -275,28 +275,18 @@ in
) cfg.buildMachines; ) cfg.buildMachines;
}; };
systemd.sockets."nix-daemon" = systemd.packages = [ nix ];
{ description = "Nix Daemon Socket";
wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ];
unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
};
systemd.services."nix-daemon" = systemd.sockets.nix-daemon.wantedBy = [ "sockets.target" ];
{ description = "Nix Daemon";
path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ] systemd.services.nix-daemon =
{ path = [ nix pkgs.openssl pkgs.utillinux pkgs.openssh ]
++ optionals cfg.distributedBuilds [ pkgs.gzip ]; ++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; }; environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
serviceConfig = serviceConfig =
{ ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon"; { Nice = cfg.daemonNiceLevel;
KillMode = "process";
Nice = cfg.daemonNiceLevel;
IOSchedulingPriority = cfg.daemonIONiceLevel; IOSchedulingPriority = cfg.daemonIONiceLevel;
LimitNOFILE = 4096; LimitNOFILE = 4096;
}; };
@ -352,8 +342,7 @@ in
/nix/var/nix/profiles \ /nix/var/nix/profiles \
/nix/var/nix/db \ /nix/var/nix/db \
/nix/var/log/nix/drvs \ /nix/var/log/nix/drvs \
/nix/var/nix/channel-cache \ /nix/var/nix/channel-cache
/nix/var/nix/chroots
mkdir -m 1777 -p \ mkdir -m 1777 -p \
/nix/var/nix/gcroots/per-user \ /nix/var/nix/gcroots/per-user \
/nix/var/nix/profiles/per-user \ /nix/var/nix/profiles/per-user \

View File

@ -4,7 +4,7 @@ with lib;
let let
dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd_without_udev; dhcpcd = if !config.boot.isContainer then pkgs.dhcpcd else pkgs.dhcpcd.override { udev = null; };
# Don't start dhcpcd on explicitly configured interfaces or on # Don't start dhcpcd on explicitly configured interfaces or on
# interfaces that are part of a bridge. # interfaces that are part of a bridge.
@ -80,6 +80,7 @@ in
options = { options = {
networking.dhcpcd.denyInterfaces = mkOption { networking.dhcpcd.denyInterfaces = mkOption {
type = types.listOf types.str;
default = []; default = [];
description = '' description = ''
Disable the DHCP client for any interface whose name matches Disable the DHCP client for any interface whose name matches
@ -90,6 +91,7 @@ in
}; };
networking.dhcpcd.extraConfig = mkOption { networking.dhcpcd.extraConfig = mkOption {
type = types.lines;
default = ""; default = "";
description = '' description = ''
Literal string to append to the config file generated for dhcpcd. Literal string to append to the config file generated for dhcpcd.
@ -107,6 +109,7 @@ in
{ description = "DHCP Client"; { description = "DHCP Client";
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
after = [ "systemd-udev-settle.service" ]; # FIXME
# Stopping dhcpcd during a reconfiguration is undesirable # Stopping dhcpcd during a reconfiguration is undesirable
# because it brings down the network interfaces configured by # because it brings down the network interfaces configured by

View File

@ -18,8 +18,6 @@
*/ */
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
@ -266,14 +264,23 @@ in
message = "This kernel does not support disabling conntrack helpers"; } message = "This kernel does not support disabling conntrack helpers"; }
]; ];
jobs.firewall = systemd.services.firewall =
{ description = "Firewall"; { description = "Firewall";
startOn = "started network-interfaces"; wantedBy = [ "network.target" ];
after = [ "network-interfaces.target" "systemd-modules-load.service" ];
path = [ pkgs.iptables ]; path = [ pkgs.iptables ];
preStart = # FIXME: this module may also try to load kernel modules, but
# containers don't have CAP_SYS_MODULE. So the host system had
# better have all necessary modules already loaded.
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script =
'' ''
${helpers} ${helpers}

View File

@ -258,7 +258,6 @@ in
path = [ pkgs.openssh pkgs.gawk ]; path = [ pkgs.openssh pkgs.gawk ];
environment.LD_LIBRARY_PATH = nssModulesPath; environment.LD_LIBRARY_PATH = nssModulesPath;
environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
preStart = preStart =
'' ''

View File

@ -49,22 +49,20 @@ with lib;
config = { config = {
systemd.services."getty@" = systemd.services."getty@" =
{ baseUnit = pkgs.runCommand "getty.service" {} { serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud %I 115200,38400,9600 $TERM";
''
sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/getty@.service > $out
'';
serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400";
restartIfChanged = false; restartIfChanged = false;
}; };
systemd.services."serial-getty@" = systemd.services."serial-getty@" =
{ baseUnit = pkgs.runCommand "serial-getty.service" {} { serviceConfig.ExecStart =
''
sed '/ExecStart/ d' < ${config.systemd.package}/example/systemd/system/serial-getty@.service > $out
'';
serviceConfig.ExecStart =
let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed); let speeds = concatStringsSep "," (map toString config.services.mingetty.serialSpeed);
in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds}"; in "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I ${speeds} $TERM";
restartIfChanged = false;
};
systemd.services."container-getty@" =
{ unitConfig.ConditionPathExists = "/dev/pts/%I"; # Work around being respawned when "machinectl login" exits.
serviceConfig.ExecStart = "@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login --keep-baud pts/%I 115200,38400,9600 $TERM";
restartIfChanged = false; restartIfChanged = false;
}; };

View File

@ -40,12 +40,15 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
jobs.gpm = systemd.services.gpm =
{ description = "General purpose mouse"; { description = "Console Mouse Daemon";
startOn = "started udev"; wantedBy = [ "multi-user.target" ];
requires = [ "getty.target" ];
exec = "${pkgs.gpm}/sbin/gpm -m /dev/input/mice -t ${cfg.protocol} -D &>/dev/null"; serviceConfig.ExecStart = "@${pkgs.gpm}/sbin/gpm gpm -m /dev/input/mice -t ${cfg.protocol}";
serviceConfig.Type = "forking";
serviceConfig.PIDFile = "/run/gpm.pid";
}; };
}; };

View File

@ -450,7 +450,7 @@ in
extraModules = mkOption { extraModules = mkOption {
type = types.listOf types.unspecified; type = types.listOf types.unspecified;
default = []; default = [];
example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${php}/modules/libphp5.so"; } ]''; example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${pkgs.php}/modules/libphp5.so"; } ]'';
description = '' description = ''
Additional Apache modules to be used. These can be Additional Apache modules to be used. These can be
specified as a string in the case of modules distributed specified as a string in the case of modules distributed

View File

@ -159,7 +159,7 @@ in
# Enable helpful DBus services. # Enable helpful DBus services.
services.udisks.enable = ! wantsUdisks2; services.udisks.enable = ! wantsUdisks2;
services.udisks2.enable = wantsUdisks2; services.udisks2.enable = true;
services.upower.enable = config.powerManagement.enable; services.upower.enable = config.powerManagement.enable;
security.pam.services.kde = { allowNullPassword = true; }; security.pam.services.kde = { allowNullPassword = true; };

View File

@ -51,17 +51,6 @@ let
''} ''}
${optionalString cfg.startOpenSSHAgent ''
if test -z "$SSH_AUTH_SOCK"; then
# Restart this script as a child of the SSH agent. (It is
# also possible to start the agent as a child that prints
# the required environment variabled on stdout, but in
# that mode ssh-agent is not terminated when we log out.)
export SSH_ASKPASS=${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass
exec ${pkgs.openssh}/bin/ssh-agent "$0" "$sessionType"
fi
''}
${optionalString cfg.startGnuPGAgent '' ${optionalString cfg.startGnuPGAgent ''
if test -z "$SSH_AUTH_SOCK"; then if test -z "$SSH_AUTH_SOCK"; then
# Restart this script as a child of the GnuPG agent. # Restart this script as a child of the GnuPG agent.

View File

@ -201,17 +201,6 @@ in
''; '';
}; };
startOpenSSHAgent = mkOption {
type = types.bool;
default = true;
description = ''
Whether to start the OpenSSH agent when you log in. The OpenSSH agent
remembers private keys for you so that you don't have to type in
passphrases every time you make an SSH connection. Use
<command>ssh-add</command> to add a key to the agent.
'';
};
startGnuPGAgent = mkOption { startGnuPGAgent = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -400,11 +389,11 @@ in
hardware.opengl.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ]; hardware.opengl.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ];
assertions = assertions =
[ { assertion = !(cfg.startOpenSSHAgent && cfg.startGnuPGAgent); [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
message = message =
'' ''
The OpenSSH agent and GnuPG agent cannot be started both. The OpenSSH agent and GnuPG agent cannot be started both. Please
Choose between `startOpenSSHAgent' and `startGnuPGAgent'. choose between programs.ssh.startAgent and services.xserver.startGnuPGAgent.
''; '';
} }
{ assertion = config.security.polkit.enable; { assertion = config.security.polkit.enable;

View File

@ -65,12 +65,12 @@ $SIG{PIPE} = "IGNORE";
sub getActiveUnits { sub getActiveUnits {
# FIXME: use D-Bus or whatever to query this, since parsing the # FIXME: use D-Bus or whatever to query this, since parsing the
# output of list-units is likely to break. # output of list-units is likely to break.
my $lines = `@systemd@/bin/systemctl list-units --full`; my $lines = `LANG= @systemd@/bin/systemctl list-units --full`;
my $res = {}; my $res = {};
foreach my $line (split '\n', $lines) { foreach my $line (split '\n', $lines) {
chomp $line; chomp $line;
last if $line eq ""; last if $line eq "";
$line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next; $line =~ /^\*?\s*(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
next if $1 eq "UNIT"; next if $1 eq "UNIT";
$res->{$1} = { load => $2, state => $3, substate => $4 }; $res->{$1} = { load => $2, state => $3, substate => $4 };
} }
@ -96,18 +96,19 @@ sub parseFstab {
sub parseUnit { sub parseUnit {
my ($filename) = @_; my ($filename) = @_;
parseKeyValues(read_file($filename)); my $info = {};
parseKeyValues($info, read_file($filename));
parseKeyValues($info, read_file("${filename}.d/overrides.conf")) if -f "${filename}.d/overrides.conf";
return $info;
} }
sub parseKeyValues { sub parseKeyValues {
my @lines = @_; my $info = shift;
my $info = {};
foreach my $line (@_) { foreach my $line (@_) {
# FIXME: not quite correct. # FIXME: not quite correct.
$line =~ /^([^=]+)=(.*)$/ or next; $line =~ /^([^=]+)=(.*)$/ or next;
$info->{$1} = $2; $info->{$1} = $2;
} }
return $info;
} }
sub boolIsTrue { sub boolIsTrue {
@ -115,6 +116,14 @@ sub boolIsTrue {
return $s eq "yes" || $s eq "true"; return $s eq "yes" || $s eq "true";
} }
# As a fingerprint for determining whether a unit has changed, we use
# its absolute path. If it has an override file, we append *its*
# absolute path as well.
sub fingerprintUnit {
my ($s) = @_;
return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : "");
}
# Stop all services that no longer exist or have changed in the new # Stop all services that no longer exist or have changed in the new
# configuration. # configuration.
my (@unitsToStop, @unitsToSkip); my (@unitsToStop, @unitsToSkip);
@ -166,7 +175,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
} }
} }
elsif (abs_path($prevUnitFile) ne abs_path($newUnitFile)) { elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) {
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") { if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") {
# Do nothing. These cannot be restarted directly. # Do nothing. These cannot be restarted directly.
} elsif ($unit =~ /\.mount$/) { } elsif ($unit =~ /\.mount$/) {
@ -354,7 +363,8 @@ while (my ($unit, $state) = each %{$activeNew}) {
elsif ($state->{state} eq "auto-restart") { elsif ($state->{state} eq "auto-restart") {
# A unit in auto-restart state is a failure *if* it previously failed to start # A unit in auto-restart state is a failure *if* it previously failed to start
my $lines = `@systemd@/bin/systemctl show '$unit'`; my $lines = `@systemd@/bin/systemctl show '$unit'`;
my $info = parseKeyValues(split "\n", $lines); my $info = {};
parseKeyValues($info, split("\n", $lines));
if ($info->{ExecMainStatus} ne '0') { if ($info->{ExecMainStatus} ne '0') {
push @failed, $unit; push @failed, $unit;

View File

@ -68,6 +68,7 @@ let
echo -n "$configurationName" > $out/configuration-name echo -n "$configurationName" > $out/configuration-name
echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
echo -n "$nixosVersion" > $out/nixos-version echo -n "$nixosVersion" > $out/nixos-version
echo -n "$system" > $out/system
mkdir $out/fine-tune mkdir $out/fine-tune
childCount=0 childCount=0

View File

@ -218,37 +218,26 @@ in
# Create /etc/modules-load.d/nixos.conf, which is read by # Create /etc/modules-load.d/nixos.conf, which is read by
# systemd-modules-load.service to load required kernel modules. # systemd-modules-load.service to load required kernel modules.
# FIXME: ensure that systemd-modules-load.service is restarted if
# this file changes.
environment.etc = singleton environment.etc = singleton
{ target = "modules-load.d/nixos.conf"; { target = "modules-load.d/nixos.conf";
source = kernelModulesConf; source = kernelModulesConf;
}; };
# Sigh. This overrides systemd's systemd-modules-load.service
# just so we can set a restart trigger. Also make
# multi-user.target pull it in so that it gets started if it
# failed earlier.
systemd.services."systemd-modules-load" = systemd.services."systemd-modules-load" =
{ description = "Load Kernel Modules"; { wantedBy = [ "multi-user.target" ];
wantedBy = [ "sysinit.target" "multi-user.target" ]; restartTriggers = [ kernelModulesConf ];
before = [ "sysinit.target" "shutdown.target" ]; environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
conflicts = [ "shutdown.target" ];
unitConfig =
{ DefaultDependencies = false;
ConditionCapability = "CAP_SYS_MODULE";
};
serviceConfig = serviceConfig =
{ Type = "oneshot"; { # Ignore failed module loads. Typically some of the
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-modules-load";
# Ignore failed module loads. Typically some of the
# modules in boot.kernelModules are "nice to have but # modules in boot.kernelModules are "nice to have but
# not required" (e.g. acpi-cpufreq), so we don't want to # not required" (e.g. acpi-cpufreq), so we don't want to
# barf on those. # barf on those.
SuccessExitStatus = "0 1"; SuccessExitStatus = "0 1";
}; };
restartTriggers = [ kernelModulesConf ]; };
systemd.services.kmod-static-nodes =
{ environment.MODULE_DIR = "/run/booted-system/kernel-modules/lib/modules";
}; };
lib.kernelConfig = { lib.kernelConfig = {

View File

@ -139,8 +139,6 @@ mkdir -p /dev/.mdadm
systemd-udevd --daemon systemd-udevd --daemon
udevadm trigger --action=add udevadm trigger --action=add
udevadm settle || true udevadm settle || true
modprobe scsi_wait_scan || true
udevadm settle || true
# Load boot-time keymap before any LVM/LUKS initialization # Load boot-time keymap before any LVM/LUKS initialization

View File

@ -74,7 +74,7 @@ let
cp -v ${pkgs.lvm2}/sbin/dmsetup $out/bin/dmsetup cp -v ${pkgs.lvm2}/sbin/dmsetup $out/bin/dmsetup
cp -v ${pkgs.lvm2}/sbin/lvm $out/bin/lvm cp -v ${pkgs.lvm2}/sbin/lvm $out/bin/lvm
cp -v ${pkgs.lvm2}/lib/libdevmapper.so.*.* $out/lib cp -v ${pkgs.lvm2}/lib/libdevmapper.so.*.* $out/lib
cp -v ${pkgs.systemd}/lib/libsystemd-daemon.so.* $out/lib cp -v ${pkgs.systemd}/lib/libsystemd.so.* $out/lib
# Add RAID mdadm tool. # Add RAID mdadm tool.
cp -v ${pkgs.mdadm}/sbin/mdadm $out/bin/mdadm cp -v ${pkgs.mdadm}/sbin/mdadm $out/bin/mdadm

View File

@ -82,7 +82,7 @@ done
# More special file systems, initialise required directories. # More special file systems, initialise required directories.
mkdir -m 0755 /dev/shm mkdir -m 0755 /dev/shm
mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" tmpfs /dev/shm mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" none /dev/shm
mkdir -m 0755 -p /dev/pts mkdir -m 0755 -p /dev/pts
[ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default [ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default
mkdir -m 01777 -p /tmp mkdir -m 01777 -p /tmp
@ -96,28 +96,14 @@ mkdir -m 0755 -p /etc/nixos
# Miscellaneous boot time cleanup. # Miscellaneous boot time cleanup.
rm -rf /var/run /var/lock rm -rf /var/run /var/lock
rm -f /etc/resolv.conf
touch /etc/resolv.conf
rm -f /etc/{group,passwd,shadow}.lock rm -f /etc/{group,passwd,shadow}.lock
if test -n "@cleanTmpDir@"; then if test -n "@cleanTmpDir@"; then
echo -n "cleaning \`/tmp'..." echo -n "cleaning \`/tmp'..."
find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
echo " done" echo " done"
else
# Get rid of ICE locks...
rm -rf /tmp/.ICE-unix
fi fi
# ... and ensure that it's owned by root.
mkdir -m 1777 /tmp/.ICE-unix
# This is a good time to clean up /nix/var/nix/chroots. Doing an `rm
# -rf' on it isn't safe in general because it can contain bind mounts
# to /nix/store and other places. But after rebooting these are all
# gone, of course.
rm -rf /nix/var/nix/chroots # recreated in activate-configuration.sh
# Also get rid of temporary GC roots. # Also get rid of temporary GC roots.
rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
@ -155,6 +141,20 @@ if test -n "$resumeDevice"; then
fi fi
# Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.
if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then
cat /etc/resolv.conf | resolvconf -m 1000 -a host
else
touch /etc/resolv.conf
fi
# Create /var/setuid-wrappers as a tmpfs.
rm -rf /var/setuid-wrappers
mkdir -m 0755 -p /var/setuid-wrappers
mount -t tmpfs -o "mode=0755" none /var/setuid-wrappers
# Run the script that performs all configuration activation that does # Run the script that performs all configuration activation that does
# not have to be done at boot time. # not have to be done at boot time.
echo "running activation script..." echo "running activation script..."

View File

@ -19,11 +19,13 @@ let
isExecutable = true; isExecutable = true;
inherit (config.boot) devShmSize runSize cleanTmpDir; inherit (config.boot) devShmSize runSize cleanTmpDir;
inherit (config.nix) readOnlyStore; inherit (config.nix) readOnlyStore;
inherit (config.networking) useHostResolvConf;
ttyGid = config.ids.gids.tty; ttyGid = config.ids.gids.tty;
path = path =
[ pkgs.coreutils [ pkgs.coreutils
pkgs.utillinux pkgs.utillinux
pkgs.sysvtools pkgs.sysvtools
pkgs.openresolv
] ++ (optional config.boot.cleanTmpDir pkgs.findutils) ] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
++ optional config.nix.readOnlyStore readonlyMountpoint; ++ optional config.nix.readOnlyStore readonlyMountpoint;
postBootCommands = pkgs.writeText "local-cmds" postBootCommands = pkgs.writeText "local-cmds"
@ -79,6 +81,7 @@ in
''; '';
}; };
# FIXME: should replace this with something that uses systemd-tmpfiles.
cleanTmpDir = mkOption { cleanTmpDir = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;

View File

@ -28,7 +28,7 @@ let
in rec { in rec {
unitOptions = { sharedOptions = {
enable = mkOption { enable = mkOption {
default = true; default = true;
@ -41,12 +41,37 @@ in rec {
''; '';
}; };
baseUnit = mkOption { requiredBy = mkOption {
type = types.nullOr types.path; default = [];
default = null; type = types.listOf types.string;
description = "Path to an upstream unit file on which the NixOS unit configuration will be based."; description = "Units that require (i.e. depend on and need to go down with) this unit.";
}; };
wantedBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that want (i.e. depend on) this unit.";
};
};
concreteUnitOptions = sharedOptions // {
text = mkOption {
type = types.nullOr types.str;
default = null;
description = "Text of this systemd unit.";
};
unit = mkOption {
internal = true;
description = "The generated unit.";
};
};
commonUnitOptions = sharedOptions // {
description = mkOption { description = mkOption {
default = ""; default = "";
type = types.str; type = types.str;
@ -115,18 +140,6 @@ in rec {
''; '';
}; };
requiredBy = mkOption {
default = [];
type = types.listOf types.str;
description = "Units that require (i.e. depend on and need to go down with) this unit.";
};
wantedBy = mkOption {
default = [];
type = types.listOf types.str;
description = "Units that want (i.e. depend on) this unit.";
};
unitConfig = mkOption { unitConfig = mkOption {
default = {}; default = {};
example = { RequiresMountsFor = "/data"; }; example = { RequiresMountsFor = "/data"; };
@ -152,7 +165,7 @@ in rec {
}; };
serviceOptions = unitOptions // { serviceOptions = commonUnitOptions // {
environment = mkOption { environment = mkOption {
default = {}; default = {};
@ -286,7 +299,7 @@ in rec {
}; };
socketOptions = unitOptions // { socketOptions = commonUnitOptions // {
listenStreams = mkOption { listenStreams = mkOption {
default = []; default = [];
@ -313,7 +326,7 @@ in rec {
}; };
timerOptions = unitOptions // { timerOptions = commonUnitOptions // {
timerConfig = mkOption { timerConfig = mkOption {
default = {}; default = {};
@ -332,7 +345,7 @@ in rec {
}; };
pathOptions = unitOptions // { pathOptions = commonUnitOptions // {
pathConfig = mkOption { pathConfig = mkOption {
default = {}; default = {};
@ -349,7 +362,7 @@ in rec {
}; };
mountOptions = unitOptions // { mountOptions = commonUnitOptions // {
what = mkOption { what = mkOption {
example = "/dev/sda1"; example = "/dev/sda1";
@ -393,7 +406,7 @@ in rec {
}; };
}; };
automountOptions = unitOptions // { automountOptions = commonUnitOptions // {
where = mkOption { where = mkOption {
example = "/mnt"; example = "/mnt";
@ -417,4 +430,6 @@ in rec {
}; };
}; };
targetOptions = commonUnitOptions;
} }

View File

@ -24,14 +24,13 @@ let
ln -s /dev/null $out/${name} ln -s /dev/null $out/${name}
''; '';
upstreamUnits = upstreamSystemUnits =
[ # Targets. [ # Targets.
"basic.target" "basic.target"
"sysinit.target" "sysinit.target"
"sockets.target" "sockets.target"
"graphical.target" "graphical.target"
"multi-user.target" "multi-user.target"
"getty.target"
"network.target" "network.target"
"network-online.target" "network-online.target"
"nss-lookup.target" "nss-lookup.target"
@ -41,6 +40,7 @@ let
"sigpwr.target" "sigpwr.target"
"timers.target" "timers.target"
"paths.target" "paths.target"
"rpcbind.target"
# Rescue mode. # Rescue mode.
"rescue.target" "rescue.target"
@ -53,6 +53,13 @@ let
"systemd-udev-settle.service" "systemd-udev-settle.service"
"systemd-udev-trigger.service" "systemd-udev-trigger.service"
# Consoles.
"getty.target"
"getty@.service"
"serial-getty@.service"
"container-getty@.service"
"systemd-vconsole-setup.service"
# Hardware (started by udev when a relevant device is plugged in). # Hardware (started by udev when a relevant device is plugged in).
"sound.target" "sound.target"
"bluetooth.target" "bluetooth.target"
@ -65,12 +72,15 @@ let
#"systemd-vconsole-setup.service" #"systemd-vconsole-setup.service"
"systemd-user-sessions.service" "systemd-user-sessions.service"
"dbus-org.freedesktop.login1.service" "dbus-org.freedesktop.login1.service"
"dbus-org.freedesktop.machine1.service"
"user@.service" "user@.service"
# Journal. # Journal.
"systemd-journald.socket" "systemd-journald.socket"
"systemd-journald.service" "systemd-journald.service"
"systemd-journal-flush.service" "systemd-journal-flush.service"
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
"syslog.socket" "syslog.socket"
# SysV init compatibility. # SysV init compatibility.
@ -78,7 +88,8 @@ let
"systemd-initctl.service" "systemd-initctl.service"
# Kernel module loading. # Kernel module loading.
#"systemd-modules-load.service" "systemd-modules-load.service"
"kmod-static-nodes.service"
# Filesystems. # Filesystems.
"systemd-fsck@.service" "systemd-fsck@.service"
@ -91,10 +102,16 @@ let
"swap.target" "swap.target"
"dev-hugepages.mount" "dev-hugepages.mount"
"dev-mqueue.mount" "dev-mqueue.mount"
"proc-sys-fs-binfmt_misc.mount"
"sys-fs-fuse-connections.mount" "sys-fs-fuse-connections.mount"
"sys-kernel-config.mount" "sys-kernel-config.mount"
"sys-kernel-debug.mount" "sys-kernel-debug.mount"
# Maintaining state across reboots.
"systemd-random-seed.service"
"systemd-backlight@.service"
"systemd-rfkill@.service"
# Hibernate / suspend. # Hibernate / suspend.
"hibernate.target" "hibernate.target"
"suspend.target" "suspend.target"
@ -119,34 +136,57 @@ let
"final.target" "final.target"
"kexec.target" "kexec.target"
"systemd-kexec.service" "systemd-kexec.service"
"systemd-update-utmp.service"
# Password entry. # Password entry.
"systemd-ask-password-console.path" "systemd-ask-password-console.path"
"systemd-ask-password-console.service" "systemd-ask-password-console.service"
"systemd-ask-password-wall.path" "systemd-ask-password-wall.path"
"systemd-ask-password-wall.service" "systemd-ask-password-wall.service"
# Slices / containers.
"slices.target"
"-.slice"
"system.slice"
"user.slice"
"machine.slice"
"systemd-machined.service"
# Temporary file creation / cleanup.
"systemd-tmpfiles-clean.service"
"systemd-tmpfiles-clean.timer"
"systemd-tmpfiles-setup.service"
"systemd-tmpfiles-setup-dev.service"
# Misc.
"systemd-sysctl.service"
] ]
++ optionals cfg.enableEmergencyMode [ ++ optionals cfg.enableEmergencyMode [
"emergency.target" "emergency.target"
"emergency.service" "emergency.service"
]
++ optionals config.services.journald.enableHttpGateway [
"systemd-journal-gatewayd.socket"
"systemd-journal-gatewayd.service"
]; ];
upstreamWants = upstreamSystemWants =
[ #"basic.target.wants" [ #"basic.target.wants"
"sysinit.target.wants" "sysinit.target.wants"
"sockets.target.wants" "sockets.target.wants"
"local-fs.target.wants" "local-fs.target.wants"
"multi-user.target.wants" "multi-user.target.wants"
"shutdown.target.wants"
"timers.target.wants" "timers.target.wants"
]; ];
upstreamUserUnits =
[ "basic.target"
"default.target"
"exit.target"
"paths.target"
"shutdown.target"
"sockets.target"
"systemd-exit.service"
"timers.target"
];
makeJobScript = name: text: makeJobScript = name: text:
let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; }; let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; };
in "${x}/bin/${name}"; in "${x}/bin/${name}";
@ -178,7 +218,7 @@ let
serviceConfig = { name, config, ... }: { serviceConfig = { name, config, ... }: {
config = mkMerge config = mkMerge
[ (mkIf (config.baseUnit == null) { # Default path for systemd services. Should be quite minimal. [ { # Default path for systemd services. Should be quite minimal.
path = path =
[ pkgs.coreutils [ pkgs.coreutils
pkgs.findutils pkgs.findutils
@ -187,7 +227,7 @@ let
systemd systemd
]; ];
environment.PATH = config.path; environment.PATH = config.path;
}) }
(mkIf (config.preStart != "") (mkIf (config.preStart != "")
{ serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" '' { serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" ''
#! ${pkgs.stdenv.shell} -e #! ${pkgs.stdenv.shell} -e
@ -255,10 +295,7 @@ let
(if isList value then value else [value])) (if isList value then value else [value]))
as)); as));
commonUnitText = def: commonUnitText = def: ''
optionalString (def.baseUnit != null) ''
.include ${def.baseUnit}
'' + ''
[Unit] [Unit]
${attrsToSection def.unitConfig} ${attrsToSection def.unitConfig}
''; '';
@ -335,63 +372,91 @@ let
''; '';
}; };
units = pkgs.runCommand "units" { preferLocalBuild = true; } generateUnits = type: units: upstreamUnits: upstreamWants:
'' pkgs.runCommand "${type}-units" { preferLocalBuild = true; } ''
mkdir -p $out mkdir -p $out
# Copy the upstream systemd units we're interested in.
for i in ${toString upstreamUnits}; do for i in ${toString upstreamUnits}; do
fn=${systemd}/example/systemd/system/$i fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi if ! [ -e $fn ]; then echo "missing $fn"; false; fi
if [ -L $fn ]; then if [ -L $fn ]; then
cp -pd $fn $out/ target="$(readlink "$fn")"
if [ ''${target:0:3} = ../ ]; then
ln -s "$(readlink -f "$fn")" $out/
else
cp -pd $fn $out/
fi
else else
ln -s $fn $out/ ln -s $fn $out/
fi fi
done done
# Copy .wants links, but only those that point to units that
# we're interested in.
for i in ${toString upstreamWants}; do for i in ${toString upstreamWants}; do
fn=${systemd}/example/systemd/system/$i fn=${systemd}/example/systemd/${type}/$i
if ! [ -e $fn ]; then echo "missing $fn"; false; fi if ! [ -e $fn ]; then echo "missing $fn"; false; fi
x=$out/$(basename $fn) x=$out/$(basename $fn)
mkdir $x mkdir $x
for i in $fn/*; do for i in $fn/*; do
y=$x/$(basename $i) y=$x/$(basename $i)
cp -pd $i $y cp -pd $i $y
if ! [ -e $y ]; then rm -v $y; fi if ! [ -e $y ]; then rm $y; fi
done done
done done
for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do # Symlink all units provided listed in systemd.packages.
ln -fs $i/* $out/
done
for i in ${toString cfg.packages}; do for i in ${toString cfg.packages}; do
ln -s $i/etc/systemd/system/* $out/ files=$(echo $i/etc/systemd/${type}/* $i/lib/systemd/${type}/*)
if [ -n "$files" ]; then
ln -s $files $out/
fi
done done
# Symlink all units defined by systemd.units. If these are also
# provided by systemd or systemd.packages, then add them as
# <unit-name>.d/overrides.conf, which makes them extend the
# upstream unit.
for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
fn=$(basename $i/*)
if [ -e $out/$fn ]; then
if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
ln -sfn /dev/null $out/$fn
else
mkdir $out/$fn.d
ln -s $i/$fn $out/$fn.d/overrides.conf
fi
else
ln -fs $i/$fn $out/
fi
done
# Created .wants and .requires symlinks from the wantedBy and
# requiredBy options.
${concatStrings (mapAttrsToList (name: unit: ${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: '' concatMapStrings (name2: ''
mkdir -p $out/'${name2}.wants' mkdir -p $out/'${name2}.wants'
ln -sfn '../${name}' $out/'${name2}.wants'/ ln -sfn '../${name}' $out/'${name2}.wants'/
'') unit.wantedBy) cfg.units)} '') unit.wantedBy) units)}
${concatStrings (mapAttrsToList (name: unit: ${concatStrings (mapAttrsToList (name: unit:
concatMapStrings (name2: '' concatMapStrings (name2: ''
mkdir -p $out/'${name2}.requires' mkdir -p $out/'${name2}.requires'
ln -sfn '../${name}' $out/'${name2}.requires'/ ln -sfn '../${name}' $out/'${name2}.requires'/
'') unit.requiredBy) cfg.units)} '') unit.requiredBy) units)}
ln -s ${cfg.defaultUnit} $out/default.target ${optionalString (type == "system") ''
# Stupid misc. symlinks.
ln -s ${cfg.defaultUnit} $out/default.target
ln -s rescue.target $out/kbrequest.target ln -s rescue.target $out/kbrequest.target
mkdir -p $out/getty.target.wants/ mkdir -p $out/getty.target.wants/
ln -s ../autovt@tty1.service $out/getty.target.wants/ ln -s ../autovt@tty1.service $out/getty.target.wants/
ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \ ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \
../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/ ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/
${ optionalString config.services.journald.enableHttpGateway ''
ln -s ../systemd-journal-gatewayd.service $out/multi-user-target.wants/
''} ''}
''; # */ ''; # */
@ -414,37 +479,7 @@ in
default = {}; default = {};
type = types.attrsOf types.optionSet; type = types.attrsOf types.optionSet;
options = { name, config, ... }: options = { name, config, ... }:
{ options = { { options = concreteUnitOptions;
text = mkOption {
type = types.nullOr types.str;
default = null;
description = "Text of this systemd unit.";
};
enable = mkOption {
default = true;
type = types.bool;
description = ''
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. <literal>serial-getty@ttyS0</literal>)
from being started.
'';
};
requiredBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that require (i.e. depend on and need to go down with) this unit.";
};
wantedBy = mkOption {
default = [];
type = types.listOf types.string;
description = "Units that want (i.e. depend on) this unit.";
};
unit = mkOption {
internal = true;
description = "The generated unit.";
};
};
config = { config = {
unit = mkDefault (makeUnit name config); unit = mkDefault (makeUnit name config);
}; };
@ -460,7 +495,7 @@ in
systemd.targets = mkOption { systemd.targets = mkOption {
default = {}; default = {};
type = types.attrsOf types.optionSet; type = types.attrsOf types.optionSet;
options = [ unitOptions unitConfig ]; options = [ targetOptions unitConfig ];
description = "Definition of systemd target units."; description = "Definition of systemd target units.";
}; };
@ -583,7 +618,7 @@ in
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = ''
Enable journal http gateway Whether to enable the HTTP gateway to the journal.
''; '';
}; };
@ -610,6 +645,41 @@ in
''; '';
}; };
systemd.tmpfiles.rules = mkOption {
type = types.listOf types.str;
default = [];
example = [ "d /tmp 1777 root root 10d" ];
description = ''
Rules for creating and cleaning up temporary files
automatically. See
<citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for the exact format. You should not use this option to create
files required by systemd services, since there is no
guarantee that <command>systemd-tmpfiles</command> runs when
the system is reconfigured using
<command>nixos-rebuild</command>.
'';
};
systemd.user.units = mkOption {
description = "Definition of systemd per-user units.";
default = {};
type = types.attrsOf types.optionSet;
options = { name, config, ... }:
{ options = concreteUnitOptions;
config = {
unit = mkDefault (makeUnit name config);
};
};
};
systemd.user.services = mkOption {
default = {};
type = types.attrsOf types.optionSet;
options = [ serviceOptions unitConfig serviceConfig ];
description = "Definition of systemd per-user service units.";
};
}; };
@ -617,11 +687,20 @@ in
config = { config = {
system.build.units = units; assertions = mapAttrsToList (name: service: {
assertion = service.serviceConfig.Type or "" == "oneshot" -> service.serviceConfig.Restart or "no" == "no";
message = "${name}: Type=oneshot services must have Restart=no";
}) cfg.services;
system.build.units = cfg.units;
environment.systemPackages = [ systemd ]; environment.systemPackages = [ systemd ];
environment.etc."systemd/system".source = units; environment.etc."systemd/system".source =
generateUnits "system" cfg.units upstreamSystemUnits upstreamSystemWants;
environment.etc."systemd/user".source =
generateUnits "user" cfg.user.units upstreamUserUnits [];
environment.etc."systemd/system.conf".text = environment.etc."systemd/system.conf".text =
'' ''
@ -685,6 +764,9 @@ in
(v: let n = escapeSystemdPath v.where; (v: let n = escapeSystemdPath v.where;
in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
systemd.user.units =
mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.user.services;
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [ system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [
"CGROUPS" "AUTOFS4_FS" "DEVTMPFS" "CGROUPS" "AUTOFS4_FS" "DEVTMPFS"
]; ];
@ -708,43 +790,25 @@ in
}) })
(filterAttrs (name: service: service.startAt != "") cfg.services); (filterAttrs (name: service: service.startAt != "") cfg.services);
# FIXME: These are borrowed from upstream systemd. systemd.sockets.systemd-journal-gatewayd.wantedBy =
systemd.services."systemd-update-utmp" = optional config.services.journald.enableHttpGateway "sockets.target";
{ description = "Update UTMP about System Reboot/Shutdown";
wantedBy = [ "sysinit.target" ]; # Provide the systemd-user PAM service, required to run systemd
after = [ "systemd-remount-fs.service" ]; # user instances.
before = [ "sysinit.target" "shutdown.target" ]; security.pam.services.systemd-user =
conflicts = [ "shutdown.target" ]; { # Ensure that pam_systemd gets included. This is special-cased
unitConfig = { # in systemd to provide XDG_RUNTIME_DIR.
DefaultDependencies = false; startSession = true;
RequiresMountsFor = "/var/log";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot";
ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown";
};
restartIfChanged = false;
}; };
systemd.services."systemd-random-seed" = environment.etc."tmpfiles.d/x11.conf".source = "${systemd}/example/tmpfiles.d/x11.conf";
{ description = "Load/Save Random Seed";
wantedBy = [ "sysinit.target" "multi-user.target" ]; environment.etc."tmpfiles.d/nixos.conf".text =
after = [ "systemd-remount-fs.service" ]; ''
before = [ "sysinit.target" "shutdown.target" ]; # This file is created automatically and should not be modified.
conflicts = [ "shutdown.target" ]; # Please change the option systemd.tmpfiles.rules instead.
unitConfig = { ${concatStringsSep "\n" cfg.tmpfiles.rules}
DefaultDependencies = false; '';
RequiresMountsFor = "/var/lib";
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${systemd}/lib/systemd/systemd-random-seed load";
ExecStop = "${systemd}/lib/systemd/systemd-random-seed save";
};
};
}; };
} }

View File

@ -93,7 +93,7 @@ let
if job.daemonType == "fork" || job.daemonType == "daemon" then { Type = "forking"; GuessMainPID = true; } else if job.daemonType == "fork" || job.daemonType == "daemon" then { Type = "forking"; GuessMainPID = true; } else
if job.daemonType == "none" then { } else if job.daemonType == "none" then { } else
throw "invalid daemon type `${job.daemonType}'") throw "invalid daemon type `${job.daemonType}'")
// optionalAttrs (!job.task && job.respawn) // optionalAttrs (!job.task && !(job.script == "" && job.exec == "") && job.respawn)
{ Restart = "always"; } { Restart = "always"; }
// optionalAttrs job.task // optionalAttrs job.task
{ Type = "oneshot"; RemainAfterExit = false; }; { Type = "oneshot"; RemainAfterExit = false; };

View File

@ -2,6 +2,11 @@
with lib; with lib;
let
cpupower = config.boot.kernelPackages.cpupower;
cfg = config.powerManagement;
in
{ {
###### interface ###### interface
@ -23,31 +28,28 @@ with lib;
###### implementation ###### implementation
config = mkIf (config.powerManagement.cpuFreqGovernor != null) { config = mkIf (!config.boot.isContainer && config.powerManagement.cpuFreqGovernor != null) {
environment.systemPackages = [ pkgs.cpufrequtils ]; boot.kernelModules = [ "acpi-cpufreq" "speedstep-lib" "pcc-cpufreq"
"cpufreq_${cfg.cpuFreqGovernor}"
];
jobs.cpufreq = environment.systemPackages = [ cpupower ];
{ description = "CPU Frequency Governor Setup";
after = [ "systemd-modules-load.service" ]; systemd.services.cpufreq = {
wantedBy = [ "multi-user.target" ]; description = "CPU Frequency Governor Setup";
after = [ "systemd-modules-load.service" ];
unitConfig.ConditionPathIsReadWrite = "/sys/devices/"; wantedBy = [ "multi-user.target" ];
path = [ cpupower ];
path = [ pkgs.cpufrequtils ]; script = ''
cpupower frequency-set -g ${cfg.cpuFreqGovernor}
preStart = '' '';
for i in $(seq 0 $(($(nproc) - 1))); do unitConfig.ConditionVirtualization = false;
for gov in $(cpufreq-info -c $i -g); do serviceConfig = {
if [ "$gov" = ${config.powerManagement.cpuFreqGovernor} ]; then Type = "oneshot";
echo "<6>setting governor on CPU $i to $gov" RemainAfterExit = "yes";
cpufreq-set -c $i -g $gov
fi
done
done
'';
}; };
}; };
};
} }

View File

@ -52,19 +52,7 @@ in
# /dev/tty0 to prevent putting the X server in non-raw mode, and # /dev/tty0 to prevent putting the X server in non-raw mode, and
# it has a restart trigger. # it has a restart trigger.
systemd.services."systemd-vconsole-setup" = systemd.services."systemd-vconsole-setup" =
{ description = "Setup Virtual Console"; { wantedBy = [ "multi-user.target" ];
wantedBy = [ "sysinit.target" "multi-user.target" ];
before = [ "sysinit.target" "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig =
{ DefaultDependencies = "no";
ConditionPathExists = "/dev/tty1";
};
serviceConfig =
{ Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${config.systemd.package}/lib/systemd/systemd-vconsole-setup /dev/tty1";
};
restartTriggers = [ vconsoleConf ]; restartTriggers = [ vconsoleConf ];
}; };

View File

@ -1,10 +1,12 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
{ {
###### implementation ###### implementation
config = { config = mkIf (!config.boot.isContainer) {
environment.systemPackages = [ pkgs.lvm2 ]; environment.systemPackages = [ pkgs.lvm2 ];

View File

@ -191,6 +191,15 @@ in
''; '';
}; };
networking.useHostResolvConf = mkOption {
type = types.bool;
default = false;
description = ''
In containers, whether to use the
<filename>resolv.conf</filename> supplied by the host.
'';
};
networking.localCommands = mkOption { networking.localCommands = mkOption {
default = ""; default = "";
example = "text=anything; echo You can put $text here."; example = "text=anything; echo You can put $text here.";

View File

@ -86,6 +86,8 @@ let kernel = config.boot.kernelPackages.kernel; in
(isEnabled "VIRTIO_CONSOLE") (isEnabled "VIRTIO_CONSOLE")
]; ];
networking.usePredictableInterfaceNames = false;
}; };
} }

View File

@ -6,34 +6,18 @@ with lib;
config = mkIf config.boot.isContainer { config = mkIf config.boot.isContainer {
# Provide a login prompt on /var/lib/login.socket. On the host, # Disable some features that are not useful in a container.
# you can connect to it by running socat sound.enable = mkDefault false;
# unix:<path-to-container>/var/lib/login.socket -,echo=0,raw. services.udisks2.enable = mkDefault false;
systemd.sockets.login =
{ description = "Login Socket";
wantedBy = [ "sockets.target" ];
socketConfig =
{ ListenStream = "/var/lib/login.socket";
SocketMode = "0666";
Accept = true;
};
};
systemd.services."login@" = networking.useHostResolvConf = true;
{ description = "Login %i";
environment.TERM = "linux";
serviceConfig =
{ Type = "simple";
StandardInput = "socket";
ExecStart = "${pkgs.socat}/bin/socat -t0 - exec:${pkgs.shadow}/bin/login,pty,setsid,setpgid,stderr,ctty";
TimeoutStopSec = 1; # FIXME
};
restartIfChanged = false;
};
# Also provide a root login prompt on /var/lib/root-login.socket # Shut up warnings about not having a boot loader.
# that doesn't ask for a password. This socket can only be used by system.build.installBootLoader = "${pkgs.coreutils}/bin/true";
# root on the host.
# Provide a root login prompt on /var/lib/root-login.socket that
# doesn't ask for a password. This socket can only be used by root
# on the host.
systemd.sockets.root-login = systemd.sockets.root-login =
{ description = "Root Login Socket"; { description = "Root Login Socket";
wantedBy = [ "sockets.target" ]; wantedBy = [ "sockets.target" ];

View File

@ -176,7 +176,6 @@ in
"/nix/var/nix/profiles/per-container/$INSTANCE" \ "/nix/var/nix/profiles/per-container/$INSTANCE" \
"/nix/var/nix/gcroots/per-container/$INSTANCE" "/nix/var/nix/gcroots/per-container/$INSTANCE"
SYSTEM_PATH=/nix/var/nix/profiles/system
if [ -f "/etc/containers/$INSTANCE.conf" ]; then if [ -f "/etc/containers/$INSTANCE.conf" ]; then
. "/etc/containers/$INSTANCE.conf" . "/etc/containers/$INSTANCE.conf"
fi fi
@ -212,14 +211,22 @@ in
extraFlags="--capability=CAP_NET_ADMIN" extraFlags="--capability=CAP_NET_ADMIN"
fi fi
# If the host is 64-bit and the container is 32-bit, add a
# --personality flag.
${optionalString (config.nixpkgs.system == "x86_64-linux") ''
if [ "$(< ''${SYSTEM_PATH:-/nix/var/nix/profiles/per-container/$INSTANCE/system}/system)" = i686-linux ]; then
extraFlags+=" --personality=x86"
fi
''}
exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \ exec $runInNetNs ${config.systemd.package}/bin/systemd-nspawn \
-M "$INSTANCE" -D "/var/lib/containers/$INSTANCE" $extraFlags \ -M "$INSTANCE" -D "$root" $extraFlags \
--bind-ro=/nix/store \ --bind-ro=/nix/store \
--bind-ro=/nix/var/nix/db \ --bind-ro=/nix/var/nix/db \
--bind-ro=/nix/var/nix/daemon-socket \ --bind-ro=/nix/var/nix/daemon-socket \
--bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \ --bind="/nix/var/nix/profiles/per-container/$INSTANCE:/nix/var/nix/profiles" \
--bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \ --bind="/nix/var/nix/gcroots/per-container/$INSTANCE:/nix/var/nix/gcroots" \
"$SYSTEM_PATH/init" "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/init"
''; '';
postStart = postStart =
@ -233,20 +240,7 @@ in
preStop = preStop =
'' ''
pid="$(cat /sys/fs/cgroup/systemd/machine/$INSTANCE.nspawn/system/tasks 2> /dev/null)" machinectl poweroff "$INSTANCE"
if [ -n "$pid" ]; then
# Send the RTMIN+3 signal, which causes the container
# systemd to start halt.target.
echo "killing container systemd, PID = $pid"
kill -RTMIN+3 $pid
# Wait for the container to exit. We can't let systemd
# do this because it will send a signal to the entire
# cgroup.
for ((n = 0; n < 180; n++)); do
if ! kill -0 $pid 2> /dev/null; then break; fi
sleep 1
done
fi
''; '';
restartIfChanged = false; restartIfChanged = false;

View File

@ -203,7 +203,7 @@ elsif ($action eq "update") {
} }
elsif ($action eq "login") { elsif ($action eq "login") {
exec($socat, "unix:$root/var/lib/login.socket", "-,echo=0,raw"); exec("machinectl", "login", "--", $containerName);
} }
elsif ($action eq "root-login") { elsif ($action eq "root-login") {

View File

@ -399,6 +399,11 @@ in
# Wireless won't work in the VM. # Wireless won't work in the VM.
networking.wireless.enable = mkVMOverride false; networking.wireless.enable = mkVMOverride false;
# Speed up booting by not waiting for ARP.
networking.dhcpcd.extraConfig = "noarp";
networking.usePredictableInterfaceNames = false;
system.requiredKernelConfig = with config.lib.kernelConfig; system.requiredKernelConfig = with config.lib.kernelConfig;
[ (isEnabled "VIRTIO_BLK") [ (isEnabled "VIRTIO_BLK")
(isEnabled "VIRTIO_PCI") (isEnabled "VIRTIO_PCI")

View File

@ -61,6 +61,7 @@ in rec {
(all nixos.tests.printing) (all nixos.tests.printing)
(all nixos.tests.proxy) (all nixos.tests.proxy)
(all nixos.tests.udisks) (all nixos.tests.udisks)
(all nixos.tests.udisks2)
(all nixos.tests.xfce) (all nixos.tests.xfce)
nixpkgs.tarball nixpkgs.tarball

View File

@ -245,6 +245,7 @@ in rec {
tests.simple = callTest tests/simple.nix {}; tests.simple = callTest tests/simple.nix {};
tests.tomcat = callTest tests/tomcat.nix {}; tests.tomcat = callTest tests/tomcat.nix {};
tests.udisks = callTest tests/udisks.nix {}; tests.udisks = callTest tests/udisks.nix {};
tests.udisks2 = callTest tests/udisks2.nix {};
tests.xfce = callTest tests/xfce.nix {}; tests.xfce = callTest tests/xfce.nix {};
} }

View File

@ -25,7 +25,7 @@ import ./make-test.nix {
testScript = testScript =
'' ''
$machine->succeed("nixos-container list") =~ /webserver/; $machine->succeed("nixos-container list") =~ /webserver/ or die;
# Start the webserver container. # Start the webserver container.
$machine->succeed("nixos-container start webserver"); $machine->succeed("nixos-container start webserver");
@ -65,7 +65,7 @@ import ./make-test.nix {
$machine->succeed("nixos-container start $id1"); $machine->succeed("nixos-container start $id1");
# Execute commands via the root shell. # Execute commands via the root shell.
$machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/; $machine->succeed("nixos-container run $id1 -- uname") =~ /Linux/ or die;
$machine->succeed("nixos-container set-root-password $id1 foobar"); $machine->succeed("nixos-container set-root-password $id1 foobar");
# Destroy the containers. # Destroy the containers.

View File

@ -9,7 +9,8 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
testScript = testScript =
'' ''
$machine->waitForUnit("default.target"); $machine->waitForUnit('multi-user.target');
$machine->waitUntilSucceeds("pgrep -f 'agetty.*tty1'");
$machine->screenshot("postboot"); $machine->screenshot("postboot");
subtest "create user", sub { subtest "create user", sub {
@ -19,9 +20,11 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }:
# Check whether switching VTs works. # Check whether switching VTs works.
subtest "virtual console switching", sub { subtest "virtual console switching", sub {
$machine->fail("pgrep -f 'agetty.*tty2'");
$machine->sendKeys("alt-f2"); $machine->sendKeys("alt-f2");
$machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]"); $machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]");
$machine->waitForUnit('getty@tty2.service'); $machine->waitForUnit('getty@tty2.service');
$machine->waitUntilSucceeds("pgrep -f 'agetty.*tty2'");
}; };
# Log in as alice on a virtual console. # Log in as alice on a virtual console.

View File

@ -8,6 +8,7 @@ import ./make-test.nix {
[ { device = "/root/swapfile"; size = 128; } ]; [ { device = "/root/swapfile"; size = 128; } ];
environment.variables.EDITOR = pkgs.lib.mkOverride 0 "emacs"; environment.variables.EDITOR = pkgs.lib.mkOverride 0 "emacs";
services.nixosManual.enable = pkgs.lib.mkOverride 0 true; services.nixosManual.enable = pkgs.lib.mkOverride 0 true;
systemd.tmpfiles.rules = [ "d /tmp 1777 root root 10d" ];
}; };
testScript = testScript =
@ -63,6 +64,22 @@ import ./make-test.nix {
$machine->succeed('[ "`hostname`" = machine ]'); $machine->succeed('[ "`hostname`" = machine ]');
$machine->succeed('[ "`hostname -s`" = machine ]'); $machine->succeed('[ "`hostname -s`" = machine ]');
}; };
# Test whether systemd-udevd automatically loads modules for our hardware.
subtest "udev-auto-load", sub {
$machine->waitForUnit('systemd-udev-settle.service');
$machine->succeed('lsmod | grep psmouse');
};
# Test whether systemd-tmpfiles-clean works.
subtest "tmpfiles", sub {
$machine->succeed('touch /tmp/foo');
$machine->succeed('systemctl start systemd-tmpfiles-clean');
$machine->succeed('[ -e /tmp/foo ]');
$machine->succeed('date -s "@$(($(date +%s) + 1000000))"'); # move into the future
$machine->succeed('systemctl start systemd-tmpfiles-clean');
$machine->fail('[ -e /tmp/foo ]');
};
''; '';
} }

View File

@ -31,7 +31,9 @@ import ./make-test.nix ({pkgs, ... }: {
# Make sure that cups is up on both sides. # Make sure that cups is up on both sides.
$server->waitForUnit("cupsd.service"); $server->waitForUnit("cupsd.service");
$server->waitForUnit("network.target");
$client->waitForUnit("cupsd.service"); $client->waitForUnit("cupsd.service");
$client->waitForUnit("network.target");
$client->succeed("lpstat -r") =~ /scheduler is running/ or die; $client->succeed("lpstat -r") =~ /scheduler is running/ or die;
$client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die; $client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die;
$client->succeed("curl --fail http://localhost:631/"); $client->succeed("curl --fail http://localhost:631/");

View File

@ -40,7 +40,7 @@ in
# Mount the stick as a non-root user and do some stuff with it. # Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'"); $machine->succeed("su - alice -c 'udisks --enumerate | grep /org/freedesktop/UDisks/devices/sda1'");
$machine->succeed("su - alice -c 'udisks --mount /dev/sda1'"); $machine->succeed("su - alice -c 'udisks --mount /dev/sda1'");
$machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/; $machine->succeed("su - alice -c 'cat /media/USBSTICK/test.txt'") =~ /Hello World/ or die;
$machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'"); $machine->succeed("su - alice -c 'echo foo > /media/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear. # Unmounting the stick should make the mountpoint disappear.

56
nixos/tests/udisks2.nix Normal file
View File

@ -0,0 +1,56 @@
import ./make-test.nix ({ pkgs, ... }:
let
stick = pkgs.fetchurl {
url = http://nixos.org/~eelco/nix/udisks-test.img.xz;
sha256 = "0was1xgjkjad91nipzclaz5biv3m4b2nk029ga6nk7iklwi19l8b";
};
in
{
machine =
{ config, pkgs, ... }:
{ services.udisks2.enable = true;
imports = [ ./common/user-account.nix ];
security.polkit.extraConfig =
''
polkit.addRule(function(action, subject) {
if (subject.user == "alice") return "yes";
});
'';
};
testScript =
''
my $stick = $machine->stateDir . "/usbstick.img";
system("xz -d < ${stick} > $stick") == 0 or die;
$machine->succeed("udisksctl info -b /dev/vda >&2");
$machine->fail("udisksctl info -b /dev/sda1");
# Attach a USB stick and wait for it to show up.
$machine->sendMonitorCommand("usb_add disk:$stick");
$machine->waitUntilSucceeds("udisksctl info -b /dev/sda1");
$machine->succeed("udisksctl info -b /dev/sda1 | grep 'IdLabel:.*USBSTICK'");
# Mount the stick as a non-root user and do some stuff with it.
$machine->succeed("su - alice -c 'udisksctl info -b /dev/sda1'");
$machine->succeed("su - alice -c 'udisksctl mount -b /dev/sda1'");
$machine->succeed("su - alice -c 'cat /run/media/alice/USBSTICK/test.txt'") =~ /Hello World/ or die;
$machine->succeed("su - alice -c 'echo foo > /run/media/alice/USBSTICK/bar.txt'");
# Unmounting the stick should make the mountpoint disappear.
$machine->succeed("su - alice -c 'udisksctl unmount -b /dev/sda1'");
$machine->fail("[ -d /run/media/alice/USBSTICK ]");
# Remove the USB stick.
$machine->sendMonitorCommand("usb_del 0.3"); # FIXME
$machine->waitUntilFails("udisksctl info -b /dev/sda1");
$machine->fail("[ -e /dev/sda ]");
'';
})

View File

@ -67,14 +67,12 @@ let
} merge ]); } merge ]);
libs = dbus_drv "libs" "dbus" ({ libs = dbus_drv "libs" "dbus" {
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11 # Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands. # (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
NIX_CFLAGS_COMPILE = "-DDBUS_ENABLE_X11_AUTOLAUNCH=1"; NIX_CFLAGS_COMPILE = "-DDBUS_ENABLE_X11_AUTOLAUNCH=1";
} // stdenv.lib.optionalAttrs (systemdOrEmpty != []) { buildInputs = [ systemdOrEmpty ];
buildInputs = [ systemd.headers ]; };
patches = [ ./systemd.patch ]; # bypass systemd detection
});
attrs = rec { attrs = rec {
@ -83,14 +81,13 @@ let
# This package has been split because most applications only need dbus.lib # This package has been split because most applications only need dbus.lib
# which serves as an interface to a *system-wide* daemon, # which serves as an interface to a *system-wide* daemon,
# see e.g. http://en.wikipedia.org/wiki/D-Bus#Architecture . # see e.g. http://en.wikipedia.org/wiki/D-Bus#Architecture .
# Also some circular dependencies get split by this (like with systemd).
inherit libs; inherit libs;
tools = dbus_drv "tools" "tools" { tools = dbus_drv "tools" "tools" {
configureFlags = [ "--with-dbus-daemondir=${daemon}/bin" ]; configureFlags = [ "--with-dbus-daemondir=${daemon}/bin" ];
buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon dbus_glib ]; buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs daemon ];
NIX_CFLAGS_LINK = NIX_CFLAGS_LINK =
stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed " stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
+ "-ldbus-1"; + "-ldbus-1";
@ -102,16 +99,6 @@ let
buildInputs = systemdOrEmpty; buildInputs = systemdOrEmpty;
}; };
# Some of the tests don't work yet; in fact, @vcunat tried several packages
# containing dbus testing, and all of them have some test failure.
tests = dbus_drv "tests" "test" {
preBuild = makeInternalLib;
buildInputs = buildInputsX ++ systemdOrEmpty ++ [ libs tools daemon dbus_glib python ];
NIX_CFLAGS_LINK =
stdenv.lib.optionalString (!stdenv.isDarwin) "-Wl,--as-needed "
+ "-ldbus-1";
};
docs = dbus_drv "docs" "doc" { docs = dbus_drv "docs" "doc" {
postInstall = ''rm -r "$out/lib"''; postInstall = ''rm -r "$out/lib"'';
}; };

View File

@ -0,0 +1,42 @@
{ stdenv, fetchurl, kernel, coreutils, pciutils, gettext }:
stdenv.mkDerivation {
name = "cpupower-${kernel.version}";
src = kernel.src;
buildInputs = [ coreutils pciutils gettext ];
configurePhase = ''
cd tools/power/cpupower
sed -i 's,/bin/true,${coreutils}/bin/true,' Makefile
sed -i 's,/bin/pwd,${coreutils}/bin/pwd,' Makefile
sed -i 's,/usr/bin/install,${coreutils}/bin/install,' Makefile
'';
buildPhase = ''
make
'';
installPhase = ''
make \
bindir="$out/bin" \
sbindir="$out/sbin" \
mandir="$out/share/man" \
includedir="$out/include" \
libdir="$out/lib" \
localedir="$out/share/locale" \
docdir="$out/share/doc/cpupower" \
confdir="$out/etc" \
install install-man
'';
enableParallelBuilding = true;
meta = with stdenv.lib; {
description = "Tool to examine and tune power saving features.";
homepage = https://www.kernel.org.org/;
license = licenses.gpl2;
platforms = platforms.linux;
};
}

View File

@ -6,26 +6,27 @@
{ stdenv, fetchurl, dpkg }: { stdenv, fetchurl, dpkg }:
let let
version = "0.40"; version = "0.41";
packages = [ packages = [
{ name = "adi"; sha256 = "0wwks9ff4n772435s57z1fjrffi4xl9nxnfn3v7xfcwdjb395d88"; } { name = "adi"; sha256 = "19dm96djp34g6l84g9shwbmqbmfd15c24frcy1zh5nz8x12phgm4"; }
{ name = "atheros"; sha256 = "1gj7hfnyclzgyq06scynaclnfajhs6lw5i51j1w1hikv4yh20djz"; } { name = "atheros"; sha256 = "0vrdyxiq7nx89h6ykdrs8s3l9frn3hmcfb9vsz68i12975y8ib5n"; }
{ name = "bnx2"; sha256 = "15qjj0sfjin5cbkpby29r5czn11xyiyyc4fmhwlqvgfgrnbp0aqk"; } { name = "bnx2"; sha256 = "12l3l54q69n1ky8lp7bmzscfqysabjrgmswwj57ryc6l82s7081y"; }
{ name = "bnx2x"; sha256 = "08nvbln94ff47b2q0avxj1aa2wx4qih8sq8knbq54lp46kjf3k0h"; } { name = "bnx2x"; sha256 = "10m9p479dq2ylpj5mw6d5vyfh9hybmh5xgs5sxma065v7r3c3v31"; }
{ name = "brcm80211"; sha256 = "1ndsw3s6xkr1n39nf9ig1xhnaglx5qvvvm8rh6ah41v644lzha79"; } { name = "brcm80211"; sha256 = "0l2lg5pshb1kb829hfq9w791scwa8biikrfzsx9wvlvkyxfdh187"; }
{ name = "intelwimax"; sha256 = "1qwxmykh90v92asn4ivq0fak761hs7hd2zmz1dpkjidwsycrfyqn"; } { name = "intelwimax"; sha256 = "13jqm8ik0mm8vnsskbbp63idpjqazzp2x4gaq7786jg5yj3zh1cf"; }
{ name = "ipw2x00"; sha256 = "0a2nb17b5n3k1b6y4dbi5i8k1fm19ba2abq2jh2hjjmyyl3y388m"; } { name = "ipw2x00"; sha256 = "1hvxrzqbc75phxdbmqfh7ky36m0qna2pncwxpfdircy9i6fx7ipy"; }
{ name = "ivtv"; sha256 = "1239gsjq16f4kd1yn77iq3ar8ndx3pzd16kpqafr1h2y0zwh452r"; } { name = "ivtv"; sha256 = "0ckw1ynzfqnkwlmwpzfbdfx4s6bsl4nwp097g8khaavqxk94n88v"; }
{ name = "iwlwifi"; sha256 = "03kmh5szd02pkbm1nlyz99fr2njhg88wiv73f1fz485m9rvgga43"; } { name = "iwlwifi"; sha256 = "1djazi2qsi5z6q0izirprxgfpg8vh55skab2nijyfl66drlcha72"; }
{ name = "libertas"; sha256 = "0qjziwmwqbp83hxrjw7x3ralxg4ib9y23bcbn1g8yb5b6m84ca6b"; } { name = "libertas"; sha256 = "1yj9dd9pwd98gknx5mvblfcbr6k347xzi8l6bk0pr4570j8ss8y3"; }
{ name = "linux"; sha256 = "0ypidsrrfx4kvbfisdpgx2fzbil7g2jixgqhnv960iy5l348amrl"; } { name = "linux"; sha256 = "0vc4cbrq73y5hibx5k3gbfqaqxvaa3g8rv9kzwks2zl3hdxm6xaq"; }
{ name = "linux-nonfree"; sha256 = "0p9ql3cdxljflh48r6z40kpyisbzp3s3g1qjb9f64n6cppllwjfr"; } { name = "linux-nonfree"; sha256 = "05vv8yq7kix5cw9s4agz4vgya6i3ff88jp3rxln1ssznhvzrjzx9"; }
{ name = "myricom"; sha256 = "12spfaq7z2bb93cy15zldlic1wx2v6h9sn7ny09nkzy4m26zds4q"; } { name = "myricom"; sha256 = "1idfvdfw7z4jbbjyq40hd2bpllvw7jz0ah7k3iwljxp8l2lf2nmf"; }
{ name = "netxen"; sha256 = "03gmda16bdqw8a4x8x11ph41ksjh48hxydv0f0z3gi3czgbh7sn3"; } { name = "netxen"; sha256 = "0fdgllv8i7j9qbk5hi14zvw6fcn4nd1isr1486d8fv7nf2bf1mxx"; }
{ name = "qlogic"; sha256 = "1ah8rrwzi44p1l4q8qkql18djmn5kihsiinpy204xklm1csf3vs1"; } { name = "qlogic"; sha256 = "12w1qnqhs24am2psdfmv0ligczzxh9crllmp7r4y3vqghyvwax7i"; }
{ name = "ralink"; sha256 = "005549jk0wnyfnb247awv2wncsx5is05m1hdwcd33iq0dlbmm39b"; } { name = "ralink"; sha256 = "1ryplg9shi7nam79zd86z7a0qzp0f9m7q89nq989z57qiysbrra4"; }
{ name = "realtek"; sha256 = "1ai1klzrql8qxmb7945xiqlkfkyz8admrpb10b3r4ixvclkrvfi2"; } { name = "realtek"; sha256 = "1l867724qrw7nwksdv4k0hkz7nrjjs9vq2s3937wyaa0r2r66mg6"; }
{ name = "ti-connectivity"; sha256 = "00cl9gyxa7795a57zwcvl26kxfl4qzppi4z8ksg5friv3db8sm1p"; }
]; ];
fetchPackage = fetchPackage =

View File

@ -1,46 +1,50 @@
{stdenv, fetchurl, perl, cross ? null}: { stdenv, fetchurl, perl, cross ? null }:
assert cross == null -> stdenv.isLinux; assert cross == null -> stdenv.isLinux;
let version = "2.6.28.5"; in let
version = "3.14.1";
kernelHeadersBaseConfig =
if cross == null
then stdenv.platform.kernelHeadersBaseConfig
else cross.platform.kernelHeadersBaseConfig;
in
stdenv.mkDerivation { stdenv.mkDerivation {
name = "linux-headers-${version}"; name = "linux-headers-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://kernel/linux/kernel/v2.6/linux-${version}.tar.bz2"; url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
sha256 = "0hifjh75sinifr5138v22zwbpqln6lhn65k8b57a1dyzlqca7cl9"; sha256 = "1njm8gvlj7cq0m1051yxszl4f63383a7sv1na13hkqkv36kipgqx";
}; };
targetConfig = if cross != null then cross.config else null; targetConfig = if cross != null then cross.config else null;
platform = platform =
if cross != null then cross.arch else if cross != null then cross.platform.kernelArch else
if stdenv.system == "i686-linux" then "i386" else if stdenv.system == "i686-linux" then "i386" else
if stdenv.system == "x86_64-linux" then "x86_64" else if stdenv.system == "x86_64-linux" then "x86_64" else
if stdenv.system == "powerpc-linux" then "powerpc" else if stdenv.system == "powerpc-linux" then "powerpc" else
if stdenv.isArm then "arm" else if stdenv.isArm then "arm" else
if stdenv.system == "mips64el-linux" then "mips" else if stdenv.platform ? kernelArch then stdenv.platform.kernelArch else
abort "don't know what the kernel include directory is called for this platform"; abort "don't know what the kernel include directory is called for this platform";
buildInputs = [perl]; buildInputs = [perl];
extraIncludeDirs = extraIncludeDirs =
if cross != null then if cross != null then
(if cross.arch == "powerpc" then ["ppc"] else []) (if cross.arch == "powerpc" then ["ppc"] else [])
else if stdenv.system == "powerpc-linux" then ["ppc"] else []; else if stdenv.system == "powerpc-linux" then ["ppc"] else [];
patchPhase = ''
patch --verbose -p1 < "${./unifdef-getline.patch}"
sed -i '/scsi/d' include/Kbuild
sed -i 's|/ %/: prepare scripts FORCE|%/: prepare scripts FORCE|' Makefile
'';
buildPhase = '' buildPhase = ''
if test -n "$targetConfig"; then if test -n "$targetConfig"; then
export ARCH=$platform export ARCH=$platform
fi fi
make mrproper headers_check make ${kernelHeadersBaseConfig} SHELL=bash
make mrproper headers_check SHELL=bash
''; '';
installPhase = '' installPhase = ''
@ -58,4 +62,10 @@ stdenv.mkDerivation {
ln -s asm $out/include/asm-x86 ln -s asm $out/include/asm-x86
fi fi
''; '';
meta = with stdenv.lib; {
description = "Header files and scripts for Linux kernel";
license = licenses.gpl2;
platforms = platforms.linux;
};
} }

View File

@ -114,6 +114,7 @@ with stdenv.lib;
VGA_SWITCHEROO y VGA_SWITCHEROO y
# Sound. # Sound.
SND_DYNAMIC_MINORS y
SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode SND_AC97_POWER_SAVE y # AC97 Power-Saving Mode
SND_HDA_INPUT_BEEP y # Support digital beep via input layer SND_HDA_INPUT_BEEP y # Support digital beep via input layer
SND_USB_CAIAQ_INPUT y SND_USB_CAIAQ_INPUT y

View File

@ -1,11 +1,11 @@
{ stdenv, fetchurl, xz, zlib, pkgconfig, libxslt }: { stdenv, fetchurl, xz, zlib, pkgconfig, libxslt }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "kmod-16"; name = "kmod-17";
src = fetchurl { src = fetchurl {
url = "mirror://kernel/linux/utils/kernel/kmod/${name}.tar.xz"; url = "mirror://kernel/linux/utils/kernel/kmod/${name}.tar.xz";
sha256 = "63412efab37c70459ccef167556965c93fd4f56af5986cd3750542a684c613c5"; sha256 = "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv";
}; };
# Disable xz/zlib support to prevent needing them in the initrd. # Disable xz/zlib support to prevent needing them in the initrd.

View File

@ -1,7 +1,7 @@
diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c diff -ru -x '*~' kmod-17-orig/libkmod/libkmod.c kmod-17/libkmod/libkmod.c
--- kmod-7-orig/libkmod/libkmod.c 2012-03-15 08:19:16.750010226 -0400 --- kmod-17-orig/libkmod/libkmod.c 2014-04-01 12:40:37.161940089 +0200
+++ kmod-7/libkmod/libkmod.c 2012-04-04 15:21:29.532074313 -0400 +++ kmod-17/libkmod/libkmod.c 2014-04-17 13:47:15.871441987 +0200
@@ -200,7 +200,7 @@ @@ -201,7 +201,7 @@
static char *get_kernel_release(const char *dirname) static char *get_kernel_release(const char *dirname)
{ {
struct utsname u; struct utsname u;
@ -10,7 +10,7 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
if (dirname != NULL) if (dirname != NULL)
return path_make_absolute_cwd(dirname); return path_make_absolute_cwd(dirname);
@@ -208,7 +208,10 @@ @@ -209,7 +209,10 @@
if (uname(&u) < 0) if (uname(&u) < 0)
return NULL; return NULL;
@ -22,3 +22,39 @@ diff -Naur kmod-7-orig/libkmod/libkmod.c kmod-7/libkmod/libkmod.c
return NULL; return NULL;
return p; return p;
diff -ru -x '*~' kmod-17-orig/tools/static-nodes.c kmod-17/tools/static-nodes.c
--- kmod-17-orig/tools/static-nodes.c 2013-12-17 22:05:42.159047316 +0100
+++ kmod-17/tools/static-nodes.c 2014-04-17 13:51:17.945974320 +0200
@@ -159,6 +159,7 @@
FILE *in = NULL, *out = NULL;
const struct static_nodes_format *format = &static_nodes_format_human;
int r, ret = EXIT_SUCCESS;
+ char *dirname_prefix;
for (;;) {
int c, idx = 0, valid;
@@ -211,16 +212,19 @@
goto finish;
}
- snprintf(modules, sizeof(modules), "/lib/modules/%s/modules.devname", kernel.release);
+ if ((dirname_prefix = getenv("MODULE_DIR")) == NULL)
+ dirname_prefix = "/lib/modules";
+
+ snprintf(modules, sizeof(modules), "%s/%s/modules.devname", dirname_prefix, kernel.release);
in = fopen(modules, "re");
if (in == NULL) {
if (errno == ENOENT) {
- fprintf(stderr, "Warning: /lib/modules/%s/modules.devname not found - ignoring\n",
- kernel.release);
+ fprintf(stderr, "Warning: %s/%s/modules.devname not found - ignoring\n",
+ dirname_prefix, kernel.release);
ret = EXIT_SUCCESS;
} else {
- fprintf(stderr, "Error: could not open /lib/modules/%s/modules.devname - %m\n",
- kernel.release);
+ fprintf(stderr, "Error: could not open %s/%s/modules.devname - %m\n",
+ dirname_prefix, kernel.release);
ret = EXIT_FAILURE;
}
goto finish;

View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils }: { stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils }:
let let
v = "2.02.104"; v = "2.02.106";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
@ -9,7 +9,7 @@ stdenv.mkDerivation {
src = fetchurl { src = fetchurl {
url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${v}.tgz"; url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${v}.tgz";
sha256 = "1xa7hvp8bsx96nncgksxrqxaqcgipfmmpr8aysayb8aisyjvas0d"; sha256 = "0nr833bl0q4zq52drjxmmpf7bs6kqxwa5kahwwxm9411khkxz0vc";
}; };
configureFlags = configureFlags =
@ -29,6 +29,8 @@ stdenv.mkDerivation {
sed -i /DEFAULT_PROFILE_DIR/d conf/Makefile.in sed -i /DEFAULT_PROFILE_DIR/d conf/Makefile.in
''; '';
enableParallelBuilding = true;
#patches = [ ./purity.patch ]; #patches = [ ./purity.patch ];
# To prevent make install from failing. # To prevent make install from failing.

View File

@ -12,7 +12,7 @@ assert (!libsOnly) -> kernel != null;
let let
versionNumber = "331.49"; versionNumber = "331.67";
in in
@ -27,12 +27,12 @@ stdenv.mkDerivation {
if stdenv.system == "i686-linux" then if stdenv.system == "i686-linux" then
fetchurl { fetchurl {
url = "http://us.download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run"; url = "http://us.download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run";
sha256 = "00d7bq8cfxk52qd4y226fz8m9m3mjq45fbgr3q7k08jyy9qmswmn"; sha256 = "1imc66yxnm01i58xwqrwqc612h0rhdz8x170hqr2pjyk99bllsv9";
} }
else if stdenv.system == "x86_64-linux" then else if stdenv.system == "x86_64-linux" then
fetchurl { fetchurl {
url = "http://us.download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-no-compat32.run"; url = "http://us.download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-no-compat32.run";
sha256 = "0q3lvl1lypi33i847nqz4k3161ackh2n9kgyjn6v2c480f405hfk"; sha256 = "0qxd4jd25ymcr6w97f71kfn549x6wgg4g3vixd3sqlczknn85f47";
} }
else throw "nvidia-x11 does not support platform ${stdenv.system}"; else throw "nvidia-x11 does not support platform ${stdenv.system}";

View File

@ -1,11 +1,11 @@
{ stdenv, fetchurl, flex, cracklib }: { stdenv, fetchurl, flex, cracklib }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "linux-pam-1.1.6"; name = "linux-pam-1.1.8";
src = fetchurl { src = fetchurl {
url = https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.6.tar.bz2; url = http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.bz2;
sha256 = "1hlz2kqvbjisvwyicdincq7nz897b9rrafyzccwzqiqg53b8gf5s"; sha256 = "0m8ygb40l1c13nsd4hkj1yh4p1ldawhhg8pyjqj9w5kd4cxg5cf4";
}; };
nativeBuildInputs = [ flex ]; nativeBuildInputs = [ flex ];

View File

@ -1,7 +1,7 @@
{ stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod { stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod
, xz, pam, acl, cryptsetup, libuuid, m4, utillinux , xz, pam, acl, cryptsetup, libuuid, m4, utillinux
, glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl , glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl
, kexectools, libmicrohttpd , kexectools, libmicrohttpd, linuxHeaders
, python ? null, pythonSupport ? false , python ? null, pythonSupport ? false
}: }:
@ -10,26 +10,24 @@ assert stdenv.isLinux;
assert pythonSupport -> python != null; assert pythonSupport -> python != null;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "203"; version = "212";
name = "systemd-${version}"; name = "systemd-${version}";
src = fetchurl { src = fetchurl {
url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz"; url = "http://www.freedesktop.org/software/systemd/${name}.tar.xz";
sha256 = "07gvn3rpski8sh1nz16npjf2bvj0spsjdwc5px9685g2pi6kxcb1"; sha256 = "1hpjcc42svrs06q3isjm3m5aphgkpfdylmvpnif71zh46ys0cab5";
}; };
patches = patches =
[ # These are all changes between upstream and [ # These are all changes between upstream and
# https://github.com/edolstra/systemd/tree/nixos-v203. # https://github.com/edolstra/systemd/tree/nixos-v212.
./fixes.patch ./fixes.patch
./fix_console_in_containers.patch ];
]
++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
buildInputs = buildInputs =
[ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl [ pkgconfig intltool gperf libcap kmod xz pam acl
/* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl /* cryptsetup */ libuuid m4 glib libxslt libgcrypt docbook_xsl
libmicrohttpd libmicrohttpd linuxHeaders
] ++ stdenv.lib.optional pythonSupport python; ] ++ stdenv.lib.optional pythonSupport python;
configureFlags = configureFlags =
@ -45,15 +43,18 @@ stdenv.mkDerivation rec {
"--with-dbussessionservicedir=$(out)/share/dbus-1/services" "--with-dbussessionservicedir=$(out)/share/dbus-1/services"
"--with-firmware-path=/root/test-firmware:/run/current-system/firmware" "--with-firmware-path=/root/test-firmware:/run/current-system/firmware"
"--with-tty-gid=3" # tty in NixOS has gid 3 "--with-tty-gid=3" # tty in NixOS has gid 3
"--disable-networkd" # enable/use eventually
"--enable-compat-libs" # get rid of this eventually
]; ];
preConfigure = preConfigure =
'' ''
# FIXME: patch this in systemd properly (and send upstream). # FIXME: patch this in systemd properly (and send upstream).
# FIXME: use sulogin from util-linux once updated. # FIXME: use sulogin from util-linux once updated.
for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c; do for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c; do
test -e $i test -e $i
substituteInPlace $i \ substituteInPlace $i \
--replace /usr/bin/getent ${stdenv.glibc}/bin/getent \
--replace /bin/mount ${utillinux}/bin/mount \ --replace /bin/mount ${utillinux}/bin/mount \
--replace /bin/umount ${utillinux}/bin/umount \ --replace /bin/umount ${utillinux}/bin/umount \
--replace /sbin/swapon ${utillinux}/sbin/swapon \ --replace /sbin/swapon ${utillinux}/sbin/swapon \
@ -69,6 +70,10 @@ stdenv.mkDerivation rec {
--replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/ --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
''; '';
# This is needed because systemd uses the gold linker, which doesn't
# yet have the wrapper script to add rpath flags automatically.
NIX_LDFLAGS = "-rpath ${pam}/lib -rpath ${libcap}/lib -rpath ${acl}/lib -rpath ${stdenv.gcc.gcc}/lib";
PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python PYTHON_BINARY = "${coreutils}/bin/env python"; # don't want a build time dependency on Python
NIX_CFLAGS_COMPILE = NIX_CFLAGS_COMPILE =
@ -77,10 +82,6 @@ stdenv.mkDerivation rec {
"-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\"" "-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\""
"-fno-stack-protector" "-fno-stack-protector"
# Work around our kernel headers being too old. FIXME: remove
# this after the next stdenv update.
"-DFS_NOCOW_FL=0x00800000"
# Set the release_agent on /sys/fs/cgroup/systemd to the # Set the release_agent on /sys/fs/cgroup/systemd to the
# currently running systemd (/run/current-system/systemd) so # currently running systemd (/run/current-system/systemd) so
# that we don't use an obsolete/garbage-collected release agent. # that we don't use an obsolete/garbage-collected release agent.
@ -94,7 +95,12 @@ stdenv.mkDerivation rec {
# /var is mounted. # /var is mounted.
makeFlags = "hwdb_bin=/var/lib/udev/hwdb.bin"; makeFlags = "hwdb_bin=/var/lib/udev/hwdb.bin";
installFlags = "localstatedir=$(TMPDIR)/var sysconfdir=$(out)/etc sysvinitdir=$(TMPDIR)/etc/init.d"; installFlags =
[ "localstatedir=$(TMPDIR)/var"
"sysconfdir=$(out)/etc"
"sysvinitdir=$(TMPDIR)/etc/init.d"
"pamconfdir=$(out)/etc/pam.d"
];
# Get rid of configuration-specific data. # Get rid of configuration-specific data.
postInstall = postInstall =
@ -103,6 +109,8 @@ stdenv.mkDerivation rec {
mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example
mv $out/lib/systemd/{system,user} $out/example/systemd mv $out/lib/systemd/{system,user} $out/example/systemd
rm -rf $out/etc/systemd/system
# Install SysV compatibility commands. # Install SysV compatibility commands.
mkdir -p $out/sbin mkdir -p $out/sbin
ln -s $out/lib/systemd/systemd $out/sbin/telinit ln -s $out/lib/systemd/systemd $out/sbin/telinit
@ -128,19 +136,6 @@ stdenv.mkDerivation rec {
# runtime; otherwise we can't and we need to reboot. # runtime; otherwise we can't and we need to reboot.
passthru.interfaceVersion = 2; passthru.interfaceVersion = 2;
passthru.headers = stdenv.mkDerivation {
name = "systemd-headers-${version}";
inherit src;
phases = [ "unpackPhase" "installPhase" ];
# some are needed by dbus.libs, which is needed for systemd :-)
installPhase = ''
mkdir -p "$out/include/systemd"
mv src/systemd/*.h "$out/include/systemd"
'';
};
meta = { meta = {
homepage = "http://www.freedesktop.org/wiki/Software/systemd"; homepage = "http://www.freedesktop.org/wiki/Software/systemd";
description = "A system and service manager for Linux"; description = "A system and service manager for Linux";

View File

@ -1,14 +0,0 @@
diff -ruN systemd-203/units/getty@.service.m4 systemd-203-patched/units/getty@.service.m4
--- systemd-203/units/getty@.service.m4 2013-01-07 22:50:49.083315575 +0100
+++ systemd-203-patched/units/getty@.service.m4 2014-03-18 09:54:40.002476232 +0100
@@ -23,7 +23,9 @@
# On systems without virtual consoles, don't start any getty. (Note
# that serial gettys are covered by serial-getty@.service, not this
# unit
-ConditionPathExists=/dev/tty0
+ConditionPathExists=|/dev/tty0
+ConditionVirtualization=|lxc
+ConditionVirtualization=|lxc-libvirt
[Service]
# the VT is cleared by TTYVTDisallocate

View File

@ -1,144 +1,23 @@
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 7164b1e..29401eb 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -381,7 +381,7 @@
this unit during
installation. This is best
configured via
- <varname>WantedBy=multi-uer.target</varname>
+ <varname>WantedBy=multi-user.target</varname>
in the unit's
<literal>[Install]</literal>
section.</para>
diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules
index 15b5bc4..c5f1b38 100644
--- a/rules/80-net-name-slot.rules
+++ b/rules/80-net-name-slot.rules
@@ -1,6 +1,6 @@
# do not edit this file, it will be overwritten on update
-ACTION=="remove", GOTO="net_name_slot_end"
+ACTION!="add", GOTO="net_name_slot_end"
SUBSYSTEM!="net", GOTO="net_name_slot_end"
NAME!="", GOTO="net_name_slot_end"
diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
index d17bdd9..040b10e 100644 index db72373..2fc12ca 100644
--- a/rules/99-systemd.rules.in --- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in +++ b/rules/99-systemd.rules.in
@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd" @@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd" SUBSYSTEM=="block", KERNEL!="ram*", TAG+="systemd"
SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
-# Ignore encrypted devices with no identified superblock on it, since -# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it. -# we are probably still calling mke2fs or mkswap on it.
-SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0" -SUBSYSTEM=="block", KERNEL!="ram*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
- -
# Ignore raid devices that are not yet assembled and started # Ignore raid devices that are not yet assembled and started
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0" SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
index 82b02bb..7df9d01 100644
--- a/src/core/cgroup-semantics.c
+++ b/src/core/cgroup-semantics.c
@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
}
static const CGroupSemantics semantics[] = {
- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL },
+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL },
{ "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL },
{ "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL },
{ "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL },
diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
index 91d70e5..698102f 100644
--- a/src/core/dbus-execute.h
+++ b/src/core/dbus-execute.h
@@ -63,7 +63,7 @@
" <property name=\"CPUSchedulingPolicy\" type=\"i\" access=\"read\"/>\n" \
" <property name=\"CPUSchedulingPriority\" type=\"i\" access=\"read\"/>\n" \
" <property name=\"CPUAffinity\" type=\"ay\" access=\"read\"/>\n" \
- " <property name=\"TimerSlackNS\" type=\"t\" access=\"read\"/>\n" \
+ " <property name=\"TimerSlackNSec\" type=\"t\" access=\"read\"/>\n" \
" <property name=\"CPUSchedulingResetOnFork\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"NonBlocking\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"StandardInput\" type=\"s\" access=\"read\"/>\n" \
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 56b02a1..2b6d799 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
_cleanup_strv_free_ char **l = NULL;
char **e = NULL;
- SELINUX_ACCESS_CHECK(connection, message, "reboot");
+ SELINUX_ACCESS_CHECK(connection, message, "reload");
r = bus_parse_strv(message, &l);
if (r == -ENOMEM)
@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
_cleanup_strv_free_ char **l = NULL;
char **e = NULL;
- SELINUX_ACCESS_CHECK(connection, message, "reboot");
+ SELINUX_ACCESS_CHECK(connection, message, "reload");
r = bus_parse_strv(message, &l);
if (r == -ENOMEM)
@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
char **f = NULL;
DBusMessageIter iter;
- SELINUX_ACCESS_CHECK(connection, message, "reboot");
+ SELINUX_ACCESS_CHECK(connection, message, "reload");
if (!dbus_message_iter_init(message, &iter))
goto oom;
diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
index 2e99fba..e72749a 100644
--- a/src/core/dbus-swap.c
+++ b/src/core/dbus-swap.c
@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result,
static const BusProperty bus_swap_properties[] = {
{ "What", bus_property_append_string, "s", offsetof(Swap, what), true },
{ "Priority", bus_swap_append_priority, "i", 0 },
+ { "TimeoutUSec",bus_property_append_usec, "t", offsetof(Swap, timeout_usec)},
BUS_EXEC_COMMAND_PROPERTY("ExecActivate", offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]), false),
BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false),
{ "ControlPID", bus_property_append_pid, "u", offsetof(Swap, control_pid) },
diff --git a/src/core/main.c b/src/core/main.c diff --git a/src/core/main.c b/src/core/main.c
index 7fc06be..101ce79 100644 index 41605ee..8517369 100644
--- a/src/core/main.c --- a/src/core/main.c
+++ b/src/core/main.c +++ b/src/core/main.c
@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) { @@ -1883,7 +1883,7 @@ finish:
log_error("Failed to adjust timer slack: %m");
if (arg_capability_bounding_set_drop) {
- r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
if (r < 0) {
- log_error("Failed to drop capability bounding set: %s", strerror(-r));
+ log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
goto finish;
}
- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+ r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
if (r < 0) {
- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+ log_error("Failed to drop capability bounding set: %s", strerror(-r));
goto finish;
}
}
@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) {
/* This will close all file descriptors that were opened, but
* not claimed by any unit. */
fdset_free(fds);
+ fds = NULL;
if (serialization) {
fclose(serialization);
@@ -1857,7 +1858,7 @@ finish:
char_array_0(sfd); char_array_0(sfd);
i = 0; i = 0;
@ -147,69 +26,50 @@ index 7fc06be..101ce79 100644
if (switch_root_dir) if (switch_root_dir)
args[i++] = "--switched-root"; args[i++] = "--switched-root";
args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
diff --git a/src/core/manager.c b/src/core/manager.c diff --git a/src/core/socket.c b/src/core/socket.c
index c7f8f20..0508628 100644 index 7c18a2b..eba67d5 100644
--- a/src/core/manager.c --- a/src/core/socket.c
+++ b/src/core/manager.c +++ b/src/core/socket.c
@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) { @@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
int k;
case SIGINT: k = getpeercred(fd, &ucred);
if (m->running_as == SYSTEMD_SYSTEM) { - if (k < 0)
- manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE); + if (k == -ENODATA) {
+ manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY); + /* This handles the case where somebody is
break; + * connecting from another pid/uid namespace
} + * (e.g. from outside of our container). */
+ if (asprintf(&r,
+ "%u-unknown",
+ nr) < 0)
+ return -ENOMEM;
+ }
+ else if (k < 0)
return k;
-
- if (asprintf(&r,
- "%u-%lu-%lu",
- nr,
- (unsigned long) ucred.pid,
- (unsigned long) ucred.uid) < 0)
- return -ENOMEM;
-
+ else {
+ if (asprintf(&r,
+ "%u-%lu-%lu",
+ nr,
+ (unsigned long) ucred.pid,
+ (unsigned long) ucred.uid) < 0)
+ return -ENOMEM;
+ }
break;
}
diff --git a/src/core/service.c b/src/core/service.c
index 3617c24..4d0e2ad 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
if (s->exec_context.var_tmp_dir)
unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir);
+ if (s->forbid_restart)
+ unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart));
+
return 0;
}
@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return log_oom();
s->exec_context.var_tmp_dir = t;
+ } else if (streq(key, "forbid-restart")) {
+ int b;
+
+ b = parse_boolean(value);
+ if (b < 0)
+ log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value);
+ else
+ s->forbid_restart = b;
} else
log_debug_unit(u->id, "Unknown serialization key '%s'", key);
diff --git a/src/core/snapshot.c b/src/core/snapshot.c
index a63eccd..a6807eb 100644
--- a/src/core/snapshot.c
+++ b/src/core/snapshot.c
@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0)
return -ENOMEM;
- if (!manager_get_unit(m, n))
+ if (!manager_get_unit(m, n)) {
+ name = n;
break;
+ }
free(n);
}
diff --git a/src/core/umount.c b/src/core/umount.c diff --git a/src/core/umount.c b/src/core/umount.c
index 1e95ad7..9f0e471 100644 index d1258f0..0311812 100644
--- a/src/core/umount.c --- a/src/core/umount.c
+++ b/src/core/umount.c +++ b/src/core/umount.c
@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e @@ -404,6 +404,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
* anyway, since we are running from it. They have * anyway, since we are running from it. They have
* already been remounted ro. */ * already been remounted ro. */
if (path_equal(m->path, "/") if (path_equal(m->path, "/")
@ -218,285 +78,31 @@ index 1e95ad7..9f0e471 100644
#ifndef HAVE_SPLIT_USR #ifndef HAVE_SPLIT_USR
|| path_equal(m->path, "/usr") || path_equal(m->path, "/usr")
#endif #endif
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 81b7708..edd0b40 100644 index 9a9ed9d..9e46e18 100644
--- a/src/cryptsetup/cryptsetup-generator.c --- a/src/nspawn/nspawn.c
+++ b/src/cryptsetup/cryptsetup-generator.c +++ b/src/nspawn/nspawn.c
@@ -111,6 +111,7 @@ static int create_disk( @@ -2667,6 +2667,7 @@ int main(int argc, char *argv[]) {
"Conflicts=umount.target\n" goto finish;
"DefaultDependencies=no\n"
"BindsTo=dev-mapper-%i.device\n"
+ "IgnoreOnIsolate=true\n"
"After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
f);
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index c17299f..6b3e67e 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -351,7 +351,7 @@ static int add_mount(
if (automount && !path_equal(where, "/")) {
automount_name = unit_name_from_path(where, ".automount");
- if (!name)
+ if (!automount_name)
return log_oom();
automount_unit = strjoin(arg_dest, "/", automount_name, NULL);
@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) {
} else if (startswith(word, "rd.fstab=")) {
if (in_initrd()) {
- r = parse_boolean(word + 6);
+ r = parse_boolean(word + 9);
if (r < 0)
- log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6);
+ log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9);
else
arg_enabled = r;
} }
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c } else {
index 38499a6..bb80905 100644 +#if 0
--- a/src/journal/journal-file.c const char *p;
+++ b/src/journal/journal-file.c
@@ -907,6 +907,8 @@ static int journal_file_append_field(
osize = offsetof(Object, field.payload) + size; p = strappenda(arg_directory,
r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p); @@ -2676,6 +2677,7 @@ int main(int argc, char *argv[]) {
+ if (r < 0) goto finish;
+ return r;
o->field.hash = htole64(hash); }
memcpy(o->field.payload, field, size); +#endif
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 88163c0..e09ba4c 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -333,8 +333,10 @@ void server_rotate(Server *s) {
if (r < 0)
if (f)
log_error("Failed to rotate %s: %s", f->path, strerror(-r));
- else
+ else {
log_error("Failed to create user journal: %s", strerror(-r));
+ hashmap_remove(s->user_journals, k);
+ }
else {
hashmap_replace(s->user_journals, k, f);
server_fix_perms(s, f, PTR_TO_UINT32(k));
@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) {
ssize_t n;
if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "signal fd", ev->events);
return -EIO;
} }
} else {
@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) { char template[] = "/tmp/nspawn-root-XXXXXX";
} else if (ev->data.fd == s->dev_kmsg_fd) {
int r;
- if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ if (ev->events & EPOLLERR)
+ log_warning("/dev/kmsg buffer overrun, some messages lost.");
+
+ if (!(ev->events & EPOLLIN)) {
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "/dev/kmsg", ev->events);
return -EIO;
}
@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) {
ev->data.fd == s->syslog_fd) {
if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
+ ev->events);
return -EIO;
}
@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) {
char *e;
if (n > 0 && n_fds == 0) {
- e = memchr(s->buffer, '\n', n);
- if (e)
- *e = 0;
- else
- s->buffer[n] = 0;
-
+ s->buffer[n] = 0;
server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
} else if (n_fds > 0)
log_warning("Got file descriptors via syslog socket. Ignoring.");
@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) {
} else if (ev->data.fd == s->stdout_fd) {
if (ev->events != EPOLLIN) {
- log_error("Got invalid event from epoll.");
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "stdout fd", ev->events);
return -EIO;
}
@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) {
StdoutStream *stream;
if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
+ log_error("Got invalid event from epoll for %s: %"PRIx32,
+ "stdout stream", ev->events);
log_error("Got invalid event from epoll.");
return -EIO;
}
diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
index 54bf114..bd197d0 100644
--- a/src/journal/mmap-cache.c
+++ b/src/journal/mmap-cache.c
@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) {
while ((c = hashmap_first(m->contexts)))
context_free(c);
+ hashmap_free(m->contexts);
+
while ((f = hashmap_first(m->fds)))
fd_free(f);
+ hashmap_free(m->fds);
+
while (m->unused)
window_free(m->unused);
diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c
index 0e66f3d..cac948e 100644
--- a/src/libsystemd-bus/bus-internal.c
+++ b/src/libsystemd-bus/bus-internal.c
@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) {
bool interface_name_is_valid(const char *p) {
const char *q;
- bool dot, found_dot;
+ bool dot, found_dot = false;
if (isempty(p))
return false;
@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) {
bool service_name_is_valid(const char *p) {
const char *q;
- bool dot, found_dot, unique;
+ bool dot, found_dot = false, unique;
if (isempty(p))
return false;
diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index 7d6d848..b0eb2f1 100644
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) {
if (r == 0)
return ret;
- r = 1;
+ ret = 1;
} while (!z);
*m = z;
- return 1;
+ return ret;
}
int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
index 5ccaabd..100c1fb 100644
--- a/src/libudev/libudev-enumerate.c
+++ b/src/libudev/libudev-enumerate.c
@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
/* skip to be delayed devices, and move the to
* the point where the prefix changes. We can
* only move one item at a time. */
- if (!move_later) {
+ if (move_later == -1) {
move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
if (move_later_prefix > 0) {
@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s
{
struct udev_list_entry *list_entry;
+ subsystem = subsystem ? : "";
+
udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) {
if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0)
return false;
@@ -826,23 +828,27 @@ nomatch:
static int parent_add_child(struct udev_enumerate *enumerate, const char *path)
{
struct udev_device *dev;
+ int r = 0;
dev = udev_device_new_from_syspath(enumerate->udev, path);
if (dev == NULL)
return -ENODEV;
if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
- return 0;
+ goto nomatch;
if (!match_sysname(enumerate, udev_device_get_sysname(dev)))
- return 0;
+ goto nomatch;
if (!match_property(enumerate, dev))
- return 0;
+ goto nomatch;
if (!match_sysattr(enumerate, dev))
- return 0;
+ goto nomatch;
syspath_add(enumerate, udev_device_get_syspath(dev));
+ r = 1;
+
+nomatch:
udev_device_unref(dev);
- return 1;
+ return r;
}
static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth)
diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
index 8e09430..1e6f885 100644
--- a/src/libudev/libudev.sym
+++ b/src/libudev/libudev.sym
@@ -109,5 +109,6 @@ global:
} LIBUDEV_189;
LIBUDEV_199 {
+global:
udev_device_set_sysattr_value;
} LIBUDEV_196;
diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
index 7b19ee0..49ee420 100644
--- a/src/modules-load/modules-load.c
+++ b/src/modules-load/modules-load.c
@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) {
STRV_FOREACH(i, arg_proc_cmdline_modules) {
k = load_module(ctx, *i);
- if (k < 0)
- r = EXIT_FAILURE;
+ if (k < 0 && r == 0)
+ r = k;
}
r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
index b1ef912..4f2ab5c 100644 index d61ecdf..228a3a4 100644
--- a/src/nss-myhostname/netlink.c --- a/src/nss-myhostname/netlink.c
+++ b/src/nss-myhostname/netlink.c +++ b/src/nss-myhostname/netlink.c
@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) { @@ -112,6 +112,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE) ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
continue; continue;
@ -507,174 +113,45 @@ index b1ef912..4f2ab5c 100644
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED) if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
continue; continue;
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
index 8d004ba..99340c9 100644
--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) {
list[count ++] = id;
}
- qsort(list, count, sizeof(uint16_t), cmp_uint16);
+ if (list)
+ qsort(list, count, sizeof(uint16_t), cmp_uint16);
*options = list;
return count;
diff --git a/src/shared/env-util.c b/src/shared/env-util.c
index 6a52fb9..598222c 100644
--- a/src/shared/env-util.c
+++ b/src/shared/env-util.c
@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) {
e[k++] = *p;
}
- e[k] = NULL;
+ if (e)
+ e[k] = NULL;
+
return e;
}
diff --git a/src/shared/log.c b/src/shared/log.c
index 27317f7..8f4995a 100644
--- a/src/shared/log.c
+++ b/src/shared/log.c
@@ -115,16 +115,20 @@ void log_close_syslog(void) {
static int create_log_socket(int type) {
int fd;
+ struct timeval tv;
- /* All output to the syslog/journal fds we do asynchronously,
- * and if the buffers are full we just drop the messages */
-
- fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
+ fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
if (fd < 0)
return -errno;
fd_inc_sndbuf(fd, SNDBUF_SIZE);
+ /* We need a blocking fd here since we'd otherwise lose
+ messages way too early. However, let's not hang forever in the
+ unlikely case of a deadlock. */
+ timeval_store(&tv, 1*USEC_PER_MINUTE);
+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
+
return fd;
}
diff --git a/src/shared/polkit.c b/src/shared/polkit.c
index cea7074..1c5e9e3 100644
--- a/src/shared/polkit.c
+++ b/src/shared/polkit.c
@@ -38,12 +38,8 @@ int verify_polkit(
#ifdef ENABLE_POLKIT
DBusMessage *m = NULL, *reply = NULL;
- const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
+ const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
uint32_t flags = interactive ? 1 : 0;
- pid_t pid_raw;
- uint32_t pid_u32;
- unsigned long long starttime_raw;
- uint64_t starttime_u64;
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
@@ -68,14 +64,6 @@ int verify_polkit(
#ifdef ENABLE_POLKIT
- pid_raw = bus_get_unix_process_id(c, sender, error);
- if (pid_raw == 0)
- return -EINVAL;
-
- r = get_starttime_of_pid(pid_raw, &starttime_raw);
- if (r < 0)
- return r;
-
m = dbus_message_new_method_call(
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
@@ -86,22 +74,13 @@ int verify_polkit(
dbus_message_iter_init_append(m, &iter_msg);
- pid_u32 = (uint32_t) pid_raw;
- starttime_u64 = (uint64_t) starttime_raw;
-
if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
- !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
+ !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
!dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
!dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
- !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
- !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
- !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
- !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
- !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
- !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
+ !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
+ !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
+ !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
!dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
!dbus_message_iter_close_container(&iter_array, &iter_dict) ||
!dbus_message_iter_close_container(&iter_struct, &iter_array) ||
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 3cca861..f6052dd 100644 index 0887bc3..6b502ce 100644
--- a/src/systemctl/systemctl.c --- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c
@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me @@ -2561,7 +2561,7 @@ static int start_unit_one(
} else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) {
uint32_t id;
- const char *path, *result, *unit;
+ const char *path, *result, *unit, *r;
if (dbus_message_get_args(message, &error,
DBUS_TYPE_UINT32, &id,
@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
DBUS_TYPE_STRING, &result,
DBUS_TYPE_INVALID)) {
- free(set_remove(d->set, (char*) path));
+ r = set_remove(d->set, (char*) path);
+ if (!r)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+ free(r);
if (!isempty(result))
d->result = strdup(result);
@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
/* Compatibility with older systemd versions <
* 183 during upgrades. This should be dropped
* one day. */
- free(set_remove(d->set, (char*) path));
+ r = set_remove(d->set, (char*) path);
+ if (!r)
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+
+ free(r);
if (*result)
d->result = strdup(result);
@@ -1867,7 +1875,7 @@ static int start_unit_one(
return log_oom();
log_debug("Adding %s to the set", p);
r = set_consume(s, p); r = set_consume(s, p);
- if (r < 0) { - if (r < 0)
+ if (r < 0 && r != -EEXIST) { + if (r < 0 && r != -EEXIST)
log_error("Failed to add path to set."); return log_oom();
return r; }
}
diff --git a/units/console-getty.service.m4.in b/units/console-getty.service.m4.in
index 8ac51a4..cae9fb5 100644
--- a/units/console-getty.service.m4.in
+++ b/units/console-getty.service.m4.in
@@ -15,7 +15,6 @@ After=rc-local.service
Before=getty.target
[Service]
-ExecStart=-/sbin/agetty --noclear --keep-baud console 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in
index 4f7794b..bad2a9a 100644
--- a/units/container-getty@.service.m4.in
+++ b/units/container-getty@.service.m4.in
@@ -16,7 +16,6 @@ Before=getty.target
IgnoreOnIsolate=yes
[Service]
-ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/emergency.service.in b/units/emergency.service.in diff --git a/units/emergency.service.in b/units/emergency.service.in
index 442f0e0..6b7eafd 100644 index 94c090f..0d20640 100644
--- a/units/emergency.service.in --- a/units/emergency.service.in
+++ b/units/emergency.service.in +++ b/units/emergency.service.in
@@ -15,7 +15,6 @@ Before=shutdown.target @@ -15,7 +15,6 @@ Before=shutdown.target
@ -685,30 +162,61 @@ index 442f0e0..6b7eafd 100644
ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.' ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
ExecStart=-/sbin/sulogin ExecStart=-/sbin/sulogin
ExecStopPost=@SYSTEMCTL@ --fail --no-block default ExecStopPost=@SYSTEMCTL@ --fail --no-block default
diff --git a/units/getty@.service.m4 b/units/getty@.service.m4
index aa853b8..8bcc647 100644
--- a/units/getty@.service.m4
+++ b/units/getty@.service.m4
@@ -23,11 +23,12 @@ IgnoreOnIsolate=yes
# On systems without virtual consoles, don't start any getty. Note
# that serial gettys are covered by serial-getty@.service, not this
# unit.
-ConditionPathExists=/dev/tty0
+ConditionPathExists=|/dev/tty0
+ConditionVirtualization=|lxc
+ConditionVirtualization=|lxc-libvirt
[Service]
# the VT is cleared by TTYVTDisallocate
-ExecStart=-/sbin/agetty --noclear %I $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/kmod-static-nodes.service.in b/units/kmod-static-nodes.service.in
index 368f980..d0c1bd2 100644
--- a/units/kmod-static-nodes.service.in
+++ b/units/kmod-static-nodes.service.in
@@ -10,7 +10,6 @@ Description=Create list of required static device nodes for the current kernel
DefaultDependencies=no
Before=sysinit.target systemd-tmpfiles-setup-dev.service
ConditionCapability=CAP_MKNOD
-ConditionPathExists=/lib/modules/%v/modules.devname
[Service]
Type=oneshot
diff --git a/units/local-fs.target b/units/local-fs.target diff --git a/units/local-fs.target b/units/local-fs.target
index 18c3d74..a09054c 100644 index ae3cedc..0e36840 100644
--- a/units/local-fs.target --- a/units/local-fs.target
+++ b/units/local-fs.target +++ b/units/local-fs.target
@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7) @@ -13,3 +13,5 @@ DefaultDependencies=no
After=local-fs-pre.target Conflicts=shutdown.target
OnFailure=emergency.target OnFailure=emergency.target
OnFailureIsolate=no OnFailureJobMode=replace-irreversibly
+ +
+X-StopOnReconfiguration=yes +X-StopOnReconfiguration=yes
diff --git a/units/remote-fs.target b/units/remote-fs.target diff --git a/units/remote-fs.target b/units/remote-fs.target
index 09213e8..47b4cf5 100644 index 43ffa5c..156a681 100644
--- a/units/remote-fs.target --- a/units/remote-fs.target
+++ b/units/remote-fs.target +++ b/units/remote-fs.target
@@ -10,5 +10,7 @@ Description=Remote File Systems @@ -12,5 +12,7 @@ After=remote-fs-pre.target
Documentation=man:systemd.special(7) DefaultDependencies=no
After=remote-fs-pre.target Conflicts=shutdown.target
+X-StopOnReconfiguration=yes +X-StopOnReconfiguration=yes
+ +
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
index 269797a..2c640f4 100644 index 552ef89..af3915f 100644
--- a/units/rescue.service.m4.in --- a/units/rescue.service.m4.in
+++ b/units/rescue.service.m4.in +++ b/units/rescue.service.m4.in
@@ -16,7 +16,6 @@ Before=shutdown.target @@ -16,7 +16,6 @@ Before=shutdown.target
@ -719,6 +227,18 @@ index 269797a..2c640f4 100644
ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.' ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
ExecStart=-/sbin/sulogin ExecStart=-/sbin/sulogin
ExecStopPost=-@SYSTEMCTL@ --fail --no-block default ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
index 4ac51e7..86a3b59 100644
--- a/units/serial-getty@.service.m4
+++ b/units/serial-getty@.service.m4
@@ -22,7 +22,6 @@ Before=getty.target
IgnoreOnIsolate=yes
[Service]
-ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
Type=idle
Restart=always
RestartSec=0
diff --git a/units/sysinit.target b/units/sysinit.target diff --git a/units/sysinit.target b/units/sysinit.target
index 8f4fb8f..e0f0147 100644 index 8f4fb8f..e0f0147 100644
--- a/units/sysinit.target --- a/units/sysinit.target
@ -731,11 +251,20 @@ index 8f4fb8f..e0f0147 100644
-After=local-fs.target swap.target emergency.service emergency.target -After=local-fs.target swap.target emergency.service emergency.target
+After=emergency.service emergency.target +After=emergency.service emergency.target
RefuseManualStart=yes RefuseManualStart=yes
diff --git a/units/systemd-backlight@.service.in b/units/systemd-backlight@.service.in
index e945d87..77728f2 100644
--- a/units/systemd-backlight@.service.in
+++ b/units/systemd-backlight@.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-backlight load %i
ExecStop=@rootlibexecdir@/systemd-backlight save %i
+X-RestartIfChanged=false
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index ab2e50c..9563a7d 100644 index de93879..c9a49f3 100644
--- a/units/systemd-journald.service.in --- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in
@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C @@ -25,3 +25,8 @@ WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous # Increase the default a bit in order to allow many simultaneous
# services being run since we keep one fd open per service. # services being run since we keep one fd open per service.
LimitNOFILE=16384 LimitNOFILE=16384
@ -744,6 +273,33 @@ index ab2e50c..9563a7d 100644
+# journald to stop logging (see +# journald to stop logging (see
+# https://bugs.freedesktop.org/show_bug.cgi?id=56043). +# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
+X-RestartIfChanged=no +X-RestartIfChanged=no
diff --git a/units/systemd-random-seed.service.in b/units/systemd-random-seed.service.in
index 1879b2f..9b895b9 100644
--- a/units/systemd-random-seed.service.in
+++ b/units/systemd-random-seed.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-random-seed load
ExecStop=@rootlibexecdir@/systemd-random-seed save
+X-RestartIfChanged=false
diff --git a/units/systemd-rfkill@.service.in b/units/systemd-rfkill@.service.in
index 9d264a2..c505535 100644
--- a/units/systemd-rfkill@.service.in
+++ b/units/systemd-rfkill@.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-rfkill load %I
ExecStop=@rootlibexecdir@/systemd-rfkill save %I
+X-RestartIfChanged=false
diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in
index da7dda7..4cc550d 100644
--- a/units/systemd-update-utmp.service.in
+++ b/units/systemd-update-utmp.service.in
@@ -19,3 +19,4 @@ Type=oneshot
RemainAfterExit=yes
ExecStart=@rootlibexecdir@/systemd-update-utmp reboot
ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown
+X-RestartIfChanged=false
diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
index 0869e73..b6ed958 100644 index 0869e73..b6ed958 100644
--- a/units/systemd-user-sessions.service.in --- a/units/systemd-user-sessions.service.in

View File

@ -1,81 +0,0 @@
Based on a patch for udev in
nixpkgs(upstart)/pkgs/os-specific/linux/udev/pre-accept4-kernel.patch
It was taken from:
https://github.com/archlinuxarm/PKGBUILDs/blob/master/core/udev-oxnas/pre-accept4-kernel.patch
Basically, ARM implemented accept4() only in 2.6.36. Nixpkgs now uses
linux headers from 2.6.35. And the particular nixpkgs glibc version had a bug,
not checking about 2.6.36 for accept4 on arm.
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 7b88f74..a9f7b62 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -347,10 +347,12 @@ int stdout_stream_new(Server *s) {
int fd, r;
socklen_t len;
struct epoll_event ev;
+ int flgs;
assert(s);
- fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+ //fd = accept4(s->stdout_fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
+ fd = accept(s->stdout_fd, NULL, NULL);
if (fd < 0) {
if (errno == EAGAIN)
return 0;
@@ -359,6 +361,11 @@ int stdout_stream_new(Server *s) {
return -errno;
}
+ // Since we don't have accept4
+ flgs = fcntl(fd, F_GETFL, NULL);
+ if(flgs >= 0) fcntl(fd, F_SETFL, flgs | O_NONBLOCK);
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+
if (s->n_stdout_streams >= STDOUT_STREAMS_MAX) {
log_warning("Too many stdout streams, refusing connection.");
close_nointr_nofail(fd);
diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
index a235912..c05e4b4 100644
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -15,6 +15,7 @@
#include <stddef.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/poll.h>
#include <sys/socket.h>
@@ -181,6 +182,7 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
struct ucred ucred;
socklen_t slen;
const int on = 1;
+ int flgs;
conn = calloc(1, sizeof(struct udev_ctrl_connection));
if (conn == NULL)
@@ -188,13 +190,19 @@ struct udev_ctrl_connection *udev_ctrl_get_connection(struct udev_ctrl *uctrl)
conn->refcount = 1;
conn->uctrl = uctrl;
- conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
+ //conn->sock = accept4(uctrl->sock, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
+ conn->sock = accept(uctrl->sock, NULL, NULL);
if (conn->sock < 0) {
if (errno != EINTR)
log_error("unable to receive ctrl connection: %m\n");
goto err;
}
+ // Since we don't have accept4
+ flgs = fcntl(conn->sock, F_GETFL, NULL);
+ if(flgs >= 0) fcntl(conn->sock, F_SETFL, flgs | O_NONBLOCK);
+ fcntl(conn->sock, F_SETFD, FD_CLOEXEC);
+
/* check peer credential of connection */
slen = sizeof(ucred);
if (getsockopt(conn->sock, SOL_SOCKET, SO_PEERCRED, &ucred, &slen) < 0) {

View File

@ -1,13 +1,11 @@
{ stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }: { stdenv, fetchurl, zlib, ncurses ? null, perl ? null, pam }:
let
ver = "2.24";
in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "util-linux-${ver}"; name = "util-linux-2.24.1";
src = fetchurl { src = fetchurl {
url = "http://www.kernel.org/pub/linux/utils/util-linux/v${ver}/${name}.tar.bz2"; url = "http://www.kernel.org/pub/linux/utils/util-linux/v2.24/${name}.tar.xz";
sha256 = "1nfnymj03rdcxjb677a9qq1zirppr8csh32cb85qm23x5xndi6v3"; sha256 = "0444xhfm9525v3aagyfbp38mp7xsw2fn9zg4ya713c7s5hivcpl3";
}; };
crossAttrs = { crossAttrs = {
@ -19,8 +17,6 @@ stdenv.mkDerivation rec {
# (/sbin/mount.*) through an environment variable, but that's # (/sbin/mount.*) through an environment variable, but that's
# somewhat risky because we have to consider that mount can setuid # somewhat risky because we have to consider that mount can setuid
# root... # root...
# --enable-libmount-mount fixes the behaviour being /etc/mtab a symlink to /proc/monunts
# http://pl.digipedia.org/usenet/thread/19513/1924/
configureFlags = '' configureFlags = ''
--enable-write --enable-write
--enable-last --enable-last

View File

@ -1960,11 +1960,11 @@ let
})) // {inherit ;}; })) // {inherit ;};
xorgserver = (stdenv.mkDerivation ((if overrides ? xorgserver then overrides.xorgserver else x: x) { xorgserver = (stdenv.mkDerivation ((if overrides ? xorgserver then overrides.xorgserver else x: x) {
name = "xorg-server-1.14.5"; name = "xorg-server-1.14.6";
builder = ./builder.sh; builder = ./builder.sh;
src = fetchurl { src = fetchurl {
url = mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2; url = mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2;
sha256 = "1lb1fkscy7nwnabfj0d2shvxga16i047g11if18plj0n2jzhc3wd"; sha256 = "0c57vp1z0p38dj5gfipkmlw6bvbz1mrr0sb3sbghdxxdyq4kzcz8";
}; };
buildInputs = [pkgconfig renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ]; buildInputs = [pkgconfig renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ];
})) // {inherit renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ;}; })) // {inherit renderproto libdrm openssl libX11 libXau libXaw libXdmcp libXfixes libxkbfile libXmu libXpm libXrender libXres libXt libXv ;};

View File

@ -170,7 +170,7 @@ mirror://xorg/X11R7.7/src/everything/xlsatoms-1.1.1.tar.bz2
mirror://xorg/individual/app/xlsclients-1.1.3.tar.bz2 mirror://xorg/individual/app/xlsclients-1.1.3.tar.bz2
mirror://xorg/individual/app/xmodmap-1.0.8.tar.bz2 mirror://xorg/individual/app/xmodmap-1.0.8.tar.bz2
mirror://xorg/X11R7.7/src/everything/xorg-docs-1.7.tar.bz2 mirror://xorg/X11R7.7/src/everything/xorg-docs-1.7.tar.bz2
mirror://xorg/individual/xserver/xorg-server-1.14.5.tar.bz2 mirror://xorg/individual/xserver/xorg-server-1.14.6.tar.bz2
mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2 mirror://xorg/X11R7.7/src/everything/xorg-sgml-doctools-1.11.tar.bz2
mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2 mirror://xorg/X11R7.7/src/everything/xpr-1.0.4.tar.bz2
mirror://xorg/individual/app/xprop-1.2.2.tar.bz2 mirror://xorg/individual/app/xprop-1.2.2.tar.bz2

View File

@ -58,16 +58,14 @@ let
pos' = if pos != null then "" + pos.file + ":" + toString pos.line + "" else "«unknown-file»"; pos' = if pos != null then "" + pos.file + ":" + toString pos.line + "" else "«unknown-file»";
in in
if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then
throw ''package ${attrs.name} in ${pos'} has an unfree license, refusing to evaluate. throw ''
You can set Package ${attrs.name} in ${pos'} has an unfree license, refusing to evaluate. You can set
{ nixpkgs.config.allowUnfree = true; } { nixpkgs.config.allowUnfree = true; }
in configuration.nix to override this. in configuration.nix to override this. If you use Nix standalone, you can add
If you use Nix standalone, you can add { config.allowUnfree = true; }
{ config.allowUnfree = true; } to ~/.nixpkgs/config.nix or pass
to ~/.nixpkgs/config.nix or pass --arg config '{ allowUnfree = true; }'
--arg config '{ allowUnfree = true; }' on the command line.''
on the command line.
''
else if !allowBroken && attrs.meta.broken or false then else if !allowBroken && attrs.meta.broken or false then
throw "you can't use package ${attrs.name} in ${pos'} because it has been marked as broken" throw "you can't use package ${attrs.name} in ${pos'} because it has been marked as broken"
else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then

View File

@ -1,11 +1,11 @@
{ stdenv, fetchurl, pkgconfig, udev }: { stdenv, fetchurl, pkgconfig, udev }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "dhcpcd-6.2.1"; name = "dhcpcd-6.3.2";
src = fetchurl { src = fetchurl {
url = "http://roy.marples.name/downloads/dhcpcd/${name}.tar.bz2"; url = "http://roy.marples.name/downloads/dhcpcd/${name}.tar.bz2";
sha256 = "1gs23zwhzml2aam4j6rdncaqfv3z5n1ifx6lq4b8ccifqa87gbga"; sha256 = "1v2m5wdr6x5cz6i0n1y63am9dhj5j7ylrk717scjgwwjdbq1x75n";
}; };
patches = [ ./lxc_ro_promote_secondaries.patch ]; patches = [ ./lxc_ro_promote_secondaries.patch ];

View File

@ -829,8 +829,6 @@ let
dhcpcd = callPackage ../tools/networking/dhcpcd { }; dhcpcd = callPackage ../tools/networking/dhcpcd { };
dhcpcd_without_udev = callPackage ../tools/networking/dhcpcd { udev = null; };
diffstat = callPackage ../tools/text/diffstat { }; diffstat = callPackage ../tools/text/diffstat { };
diffutils = callPackage ../tools/text/diffutils { }; diffutils = callPackage ../tools/text/diffutils { };
@ -4192,10 +4190,11 @@ let
dbus_glib = callPackage ../development/libraries/dbus-glib { }; dbus_glib = callPackage ../development/libraries/dbus-glib { };
dbus_java = callPackage ../development/libraries/java/dbus-java { }; dbus_java = callPackage ../development/libraries/java/dbus-java { };
dbus_python = callPackage ../development/python-modules/dbus { }; dbus_python = callPackage ../development/python-modules/dbus { };
# Should we deprecate these? Currently there are many references. # Should we deprecate these? Currently there are many references.
dbus_tools = dbus.tools; dbus_tools = pkgs.dbus.tools;
dbus_libs = dbus.libs; dbus_libs = pkgs.dbus.libs;
dbus_daemon = dbus.daemon; dbus_daemon = pkgs.dbus.daemon;
dhex = callPackage ../applications/editors/dhex { }; dhex = callPackage ../applications/editors/dhex { };
@ -6869,23 +6868,23 @@ let
libnl = callPackage ../os-specific/linux/libnl { }; libnl = callPackage ../os-specific/linux/libnl { };
libnl_3_2_19 = callPackage ../os-specific/linux/libnl/3.2.19.nix { }; libnl_3_2_19 = callPackage ../os-specific/linux/libnl/3.2.19.nix { };
linuxHeaders = linuxHeaders37;
linuxConsoleTools = callPackage ../os-specific/linux/consoletools { }; linuxConsoleTools = callPackage ../os-specific/linux/consoletools { };
linuxHeaders26 = callPackage ../os-specific/linux/kernel-headers/2.6.32.nix { }; linuxHeaders = linuxHeaders_3_7;
linuxHeaders37 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { }; linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix {
inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem;
});
linuxHeaders26Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.6.32.nix { linuxHeaders26Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.6.32.nix {
inherit stdenv fetchurl perl; inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem; cross = assert crossSystem != null; crossSystem;
}); });
linuxHeaders24Cross = forceNativeDrv (import ../os-specific/linux/kernel-headers/2.4.nix { linuxHeaders_3_7 = callPackage ../os-specific/linux/kernel-headers/3.7.nix { };
inherit stdenv fetchurl perl;
cross = assert crossSystem != null; crossSystem; linuxHeaders_3_14 = callPackage ../os-specific/linux/kernel-headers/3.14.nix { };
});
# We can choose: # We can choose:
linuxHeadersCrossChooser = ver : if ver == "2.4" then linuxHeaders24Cross linuxHeadersCrossChooser = ver : if ver == "2.4" then linuxHeaders24Cross
@ -6895,8 +6894,6 @@ let
linuxHeadersCross = assert crossSystem != null; linuxHeadersCross = assert crossSystem != null;
linuxHeadersCrossChooser crossSystem.platform.kernelMajor; linuxHeadersCrossChooser crossSystem.platform.kernelMajor;
linuxHeaders_2_6_28 = callPackage ../os-specific/linux/kernel-headers/2.6.28.nix { };
kernelPatches = callPackage ../os-specific/linux/kernel/patches.nix { }; kernelPatches = callPackage ../os-specific/linux/kernel/patches.nix { };
linux_3_2 = makeOverridable (import ../os-specific/linux/kernel/linux-3.2.nix) { linux_3_2 = makeOverridable (import ../os-specific/linux/kernel/linux-3.2.nix) {
@ -7005,6 +7002,8 @@ let
cryptodev = callPackage ../os-specific/linux/cryptodev { }; cryptodev = callPackage ../os-specific/linux/cryptodev { };
cpupower = callPackage ../os-specific/linux/cpupower { };
e1000e = callPackage ../os-specific/linux/e1000e {}; e1000e = callPackage ../os-specific/linux/e1000e {};
v4l2loopback = callPackage ../os-specific/linux/v4l2loopback { }; v4l2loopback = callPackage ../os-specific/linux/v4l2loopback { };
@ -7262,7 +7261,9 @@ let
sysstat = callPackage ../os-specific/linux/sysstat { }; sysstat = callPackage ../os-specific/linux/sysstat { };
systemd = callPackage ../os-specific/linux/systemd { }; systemd = callPackage ../os-specific/linux/systemd {
linuxHeaders = linuxHeaders_3_14;
};
systemtap = callPackage ../development/tools/profiling/systemtap { systemtap = callPackage ../development/tools/profiling/systemtap {
inherit (gnome) libglademm; inherit (gnome) libglademm;