Commit Graph

16337 Commits

Author SHA1 Message Date
github-actions[bot]
9905c2647a
Merge staging-next into staging 2021-09-16 18:01:40 +00:00
Maximilian Bosch
a3a462734a
Merge pull request #138149 from TredwellGit/linux
Kernels 2021-09-16
2021-09-16 18:13:59 +02:00
Bernardo Meurer
b173e70e4d
Merge pull request #138067 from Kranzes/update-xanmod
linux_xanmod: 5.14.3 -> 5.14.4
2021-09-16 15:43:00 +00:00
TredwellGit
00c500e9fc linux/hardened/patches/5.4: 5.4.144-hardened1 -> 5.4.146-hardened1 2021-09-16 14:06:36 +00:00
TredwellGit
60b7113164 linux/hardened/patches/5.14: 5.14.2-hardened1 -> 5.14.4-hardened1 2021-09-16 14:06:35 +00:00
TredwellGit
a8de1dcd2b linux/hardened/patches/5.13: 5.13.15-hardened1 -> 5.13.17-hardened1 2021-09-16 14:06:34 +00:00
TredwellGit
48e902a2ef linux/hardened/patches/5.10: 5.10.63-hardened1 -> 5.10.65-hardened1 2021-09-16 14:06:33 +00:00
TredwellGit
100f0569b5 linux: 5.4.145 -> 5.4.147 2021-09-16 14:05:57 +00:00
TredwellGit
4a05e7297c linux: 5.14.3 -> 5.14.5 2021-09-16 14:05:51 +00:00
TredwellGit
4954336e2b linux: 5.13.16 -> 5.13.18 2021-09-16 14:05:45 +00:00
TredwellGit
6c829ce083 linux: 5.10.64 -> 5.10.66 2021-09-16 14:05:32 +00:00
github-actions[bot]
85bd312fb6
Merge staging-next into staging 2021-09-16 12:02:04 +00:00
Bobby Rong
0b28945e2f
Merge pull request #135995 from r-ryantm/auto-update/sdparm
sdparm: 1.11 -> 1.12
2021-09-16 16:52:53 +08:00
Ilan Joselevich
fcbc01cd2c linux_xanmod: 5.14.3 -> 5.14.4 2021-09-16 01:21:56 +03:00
github-actions[bot]
df9a7e8f43
Merge staging-next into staging 2021-09-14 12:01:39 +00:00
github-actions[bot]
6f038e8b11
Merge master into staging-next 2021-09-14 12:01:03 +00:00
github-actions[bot]
697f3593aa
Merge staging-next into staging 2021-09-14 06:02:01 +00:00
github-actions[bot]
38520726fc
Merge master into staging-next 2021-09-14 06:01:28 +00:00
Emily
35a1ca8a0a darwin.trash: fix on aarch64-darwin
None of these clang options should be necessary with the nixpkgs stdenv
infrastructure, and the -arch was breaking Apple Silicon builds.
2021-09-14 03:31:31 +01:00
R. RyanTM
48d6922748 system76-firmware: 1.0.28 -> 1.0.29 2021-09-13 23:38:52 +00:00
Florian Klink
8019c95b55
Merge pull request #131618 from andir/systemdv249
systemd v249
2021-09-13 09:39:49 +02:00
github-actions[bot]
12eb8fbbba
Merge staging-next into staging 2021-09-13 06:02:09 +00:00
github-actions[bot]
d6f028d12d
Merge master into staging-next 2021-09-13 06:01:28 +00:00
Ryan Mulligan
43c65852d6
Merge pull request #135996 from r-ryantm/auto-update/smemstat
smemstat: 0.02.08 -> 0.02.10
2021-09-12 18:40:07 -07:00
github-actions[bot]
dfd1161f35
Merge staging-next into staging 2021-09-13 00:02:22 +00:00
github-actions[bot]
ac962ee61a
Merge master into staging-next 2021-09-13 00:01:41 +00:00
Andreas Rammhold
64556974b6
systemd: 247.6 -> 249.4
This updates systemd to version v249.4 from version v247.6.

Besides the many new features that can be found in the upstream
repository they also introduced a bunch of cleanup which ended up
requiring a few more patches on our side.

a) 0022-core-Handle-lookup-paths-being-symlinks.patch:
  The way symlinked units were handled was changed in such that the last
  name of a unit file within one of the unit directories
  (/run/systemd/system, /etc/systemd/system, ...) is used as the name
  for the unit. Unfortunately that code didn't take into account that
  the unit directories themselves could already be symlinks and thus
  caused all our units to be recognized slightly different.

  There is an upstream PR for this new patch:
    https://github.com/systemd/systemd/pull/20479

b) The way the APIVFS is setup has been changed in such a way that we
   now always have /run. This required a few changes to the
   confinement tests which did assert that they didn't exist. Instead of
   adding another patch we can just adopt the upstream behavior. An
   empty /run doesn't seem harmful.

   As part of this work I refactored the confinement test just a little
   bit to allow better debugging of test failures. Previously it would
   just fail at some point and it wasn't obvious which of the many
   commands failed or what the unexpected string was. This should now be
   more obvious.

c) Again related to the confinement tests the way a file was tested for
   being accessible was optimized. Previously systemd would in some
   situations open a file twice during that check. This was reduced to
   one operation but required the procfs to be mounted in a units
   namespace.

   An upstream bug was filed and fixed. We are now carrying the
   essential patch to fix that issue until it is backported to a new
   release (likely only version 250). The good part about this story is
   that upstream systemd now has a test case that looks very similar to
   one of our confinement tests. Hopefully that will lead to less
   friction in the long run.

   https://github.com/systemd/systemd/issues/20514
   https://github.com/systemd/systemd/pull/20515

d) Previously we could grep for dlopen( somewhat reliably but now
   upstream started using a wrapper around dlopen that is most of the
   time used with linebreaks. This makes using grep not ergonomic
   anymore.

   With this bump we are grepping for anything that looks like a
   dynamic library name (in contrast to a dlopen(3) call) and replace
   those instead. That seems more robust. Time will tell if this holds.

   I tried using coccinelle to patch all those call sites using its
   tooling but unfornately it does stumble upon the _cleanup_
   annotations that are very common in the systemd code.

e) We now have some machinery for libbpf support in our systemd build.
   That being said it doesn't actually work as generating some skeletons
   doesn't work just yet. It fails with the below error message and is
   disabled by default (in both minimal and the regular build).

   > FAILED: src/core/bpf/socket_bind/socket-bind.skel.h
   > /build/source/tools/build-bpf-skel.py --clang_exec /nix/store/x1bi2mkapk1m0zq2g02nr018qyjkdn7a-clang-wrapper-12.0.1/bin/clang --llvm_strip_exec /nix/store/zm0kqan9qc77x219yihmmisi9g3sg8ns-llvm-12.0.1/bin/llvm-strip --bpftool_exec /nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool --arch x86_64 ../src/core/bpf/socket_bind/socket-bind.bpf.c src/core/bpf/socket_bind/socket-bind.skel.h
   > libbpf: elf: socket_bind_bpf is not a valid eBPF object file
   > Error: failed to open BPF object file: BPF object format invalid
   > Traceback (most recent call last):
   >   File "/build/source/tools/build-bpf-skel.py", line 128, in <module>
   >     bpf_build(args)
   >   File "/build/source/tools/build-bpf-skel.py", line 92, in bpf_build
   >     gen_bpf_skeleton(bpftool_exec=args.bpftool_exec,
   >   File "/build/source/tools/build-bpf-skel.py", line 63, in gen_bpf_skeleton
   >     skel = subprocess.check_output(bpftool_args, universal_newlines=True)
   >   File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 424, in check_output
   >     return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
   >   File "/nix/store/81lwy2hfqj4c1943b1x8a0qsivjhdhw9-python3-3.9.6/lib/python3.9/subprocess.py", line 528, in run
   >     raise CalledProcessError(retcode, process.args,
   > subprocess.CalledProcessError: Command '['/nix/store/l6dg8jlbh8qnqa58mshh3d8r6999dk0p-bpftools-5.13.11/bin/bpftool', 'g', 's', '../src/core/bpf/socket_bind/socket-bind.bpf.o']' returned non-zero exit status 255.
   > [102/1457] Compiling C object src/journal/libjournal-core.a.p/journald-server.c.oapture output)put)ut)
   > ninja: build stopped: subcommand failed.

  f) We do now have support for TPM2 based disk encryption in our
     systemd build. The actual bits and pieces to make use of that are
     missing but there are various ongoing efforts in that direction.
     There is also the story about systemd in our initrd to enable this
     being used for root volumes. None of this will yet work out of the
     box but we can start improving on that front.

  g) FIDO2 support was added systemd and consequently we can now use
     that. Just with TPM2 there hasn't been any integration work with
     NixOS and instead this just adds that capability to work on that.

Co-Authored-By: Jörg Thalheim <joerg@thalheim.io>
2021-09-12 23:45:49 +02:00
Andreas Rammhold
1bfa488b1c
libbpf: 0.1.1 -> 0.4.0 2021-09-12 23:44:14 +02:00
Sandro
1cc2130093
Merge pull request #136503 from Kranzes/update-xanmod
linux_xanmod: 5.13.13 -> 5.14.3
2021-09-12 23:05:40 +02:00
Ilan Joselevich
4b0699e5d0 linux_xanmod: 5.13.13 -> 5.14.3 2021-09-12 22:22:51 +03:00
TredwellGit
5698fc0dfc linux-rt_5_4: 5.4.143-rt63 -> 5.4.143-rt64 2021-09-12 12:38:42 +00:00
TredwellGit
be590b86e2 linux: 5.4.144 -> 5.4.145 2021-09-12 12:38:02 +00:00
TredwellGit
b81ac24356 linux: 5.14.2 -> 5.14.3 2021-09-12 12:37:55 +00:00
TredwellGit
f0878c65eb linux: 5.13.15 -> 5.13.16 2021-09-12 12:37:47 +00:00
TredwellGit
71348196a0 linux: 5.10.63 -> 5.10.64 2021-09-12 12:37:36 +00:00
github-actions[bot]
7267016c66
Merge staging-next into staging 2021-09-12 12:01:42 +00:00
github-actions[bot]
acd45cb351
Merge master into staging-next 2021-09-12 12:01:10 +00:00
Jörg Thalheim
6fb71e46ca sysdig: fix linking against libabseil 2021-09-12 10:49:38 +02:00
github-actions[bot]
8bc930ca39
Merge staging-next into staging 2021-09-12 00:02:23 +00:00
github-actions[bot]
3f2255106a
Merge master into staging-next 2021-09-12 00:01:45 +00:00
ajs124
e8f9aa9302
Merge pull request #137281 from NeQuissimus/kernels
Kernels 2021-09-10
2021-09-11 22:30:04 +02:00
github-actions[bot]
ff5297bcd3
Merge staging-next into staging 2021-09-11 12:01:45 +00:00
Alyssa Ross
56314db098
Merge remote-tracking branch 'nixpkgs/master' into staging-next
Conflicts:
	pkgs/development/compilers/ghc/8.10.7.nix
	pkgs/development/compilers/ghc/8.8.4.nix

I've removed the isWindows check from useLdGold in ghc, since that should
be covered by the new hasGold check.
2021-09-11 10:49:13 +00:00
Bernardo Meurer
98018cce2c
linuxPackages.bbswitch: use kernel's make flags
We should be using whatever makeflags were used to build the kernel
itself, otherwise clang-built kernels cannot use the module.
2021-09-10 14:42:17 -07:00
github-actions[bot]
fa42e187e1
Merge staging-next into staging 2021-09-10 18:01:52 +00:00
Martin Weinelt
d9341eafa2
Merge branch 'master' into staging-next 2021-09-10 15:04:01 +02:00
Tim Steinbach
6a50498b6d linux: 5.14.1 -> 5.14.2 2021-09-10 08:01:01 -04:00
Tim Steinbach
332100e6e1 linux: 5.13.14 -> 5.13.15 2021-09-10 08:01:01 -04:00
Tim Steinbach
6c41ccc972 linux: 5.10.62 -> 5.10.63 2021-09-10 08:01:01 -04:00
Tim Steinbach
820d68d2dc
linux/hardened/patches/5.14: init at 5.14.2-hardened1 2021-09-10 05:20:10 -04:00