qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

systemd: 255.6 -> 256.2

Browse Source
This commit is contained in:
nikstur 2024-04-26 23:18:12 +02:00 committed by Will Fancher
parent 80be92660e
commit d4a80b6d0c
30 changed files with 192 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/lib/systemd-lib.nix
View File

@ -169,6 +169,10 @@ in rec {
optional (attr ? ${name} && !isInt attr.${name})
"Systemd ${group} field `${name}' is not an integer";
assertRemoved = name: see: group: attr:
optional (attr ? ${name})
"Systemd ${group} field `${name}' has been removed. See ${see}";
checkUnitConfig = group: checks: attrs: let
# We're applied at the top-level type (attrsOf unitOption), so the actual
# unit options might contain attributes from mkOverride and mkIf that we need to

11
nixos/modules/system/boot/networkd.nix
View File

@ -18,12 +18,16 @@ let
"ManageForeignRoutes"
"RouteTable"
"IPv6PrivacyExtensions"
"IPv4Forwarding"
"IPv6Forwarding"
])
(assertValueOneOf "SpeedMeter" boolValues)
(assertInt "SpeedMeterIntervalSec")
(assertValueOneOf "ManageForeignRoutingPolicyRules" boolValues)
(assertValueOneOf "ManageForeignRoutes" boolValues)
(assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
(assertValueOneOf "IPv4Forwarding" boolValues)
(assertValueOneOf "IPv6Forwarding" boolValues)
];
sectionDHCPv4 = checkUnitConfig "DHCPv4" [
@ -652,6 +656,8 @@ let
"DNSDefaultRoute"
"NTP"
"IPForward"
"IPv4Forwarding"
"IPv6Forwarding"
"IPMasquerade"
"IPv6PrivacyExtensions"
"IPv6AcceptRA"
@ -700,7 +706,9 @@ let
(assertValueOneOf "LLDP" (boolValues ++ ["routers-only"]))
(assertValueOneOf "EmitLLDP" (boolValues ++ ["nearest-bridge" "non-tpmr-bridge" "customer-bridge"]))
(assertValueOneOf "DNSDefaultRoute" boolValues)
(assertValueOneOf "IPForward" (boolValues ++ ["ipv4" "ipv6"]))
(assertRemoved "IPForward" "IPv4Forwarding and IPv6Forwarding in systemd.network(5) and networkd.conf(5)")
(assertValueOneOf "IPv4Forwarding" boolValues)
(assertValueOneOf "IPv6Forwarding" boolValues)
(assertValueOneOf "IPMasquerade" (boolValues ++ ["ipv4" "ipv6" "both"]))
(assertValueOneOf "IPv6PrivacyExtensions" (boolValues ++ ["prefer-public" "kernel"]))
(assertValueOneOf "IPv6AcceptRA" boolValues)
@ -2835,6 +2843,7 @@ let
"systemd-networkd-wait-online.service"
"systemd-networkd.service"
"systemd-networkd.socket"
"systemd-networkd-persistent-storage.service"
];
environment.etc."systemd/networkd.conf" = renderConfig cfg.config;

1
nixos/modules/system/boot/stage-1.nix
View File

@ -131,6 +131,7 @@ let
# Copy udev.
copy_bin_and_libs ${udev}/bin/udevadm
cp ${lib.getLib udev.kmod}/lib/libkmod.so* $out/lib
copy_bin_and_libs ${udev}/lib/systemd/systemd-sysctl
for BIN in ${udev}/lib/udev/*_id; do
copy_bin_and_libs $BIN

14
nixos/modules/system/boot/systemd.nix
View File

@ -37,6 +37,8 @@ let
"cryptsetup.target"
"cryptsetup-pre.target"
"remote-cryptsetup.target"
] ++ optionals cfg.package.withTpm2Tss [
"tpm2.target"
] ++ [
"sigpwr.target"
"timers.target"
@ -112,6 +114,7 @@ let
"sleep.target"
"hybrid-sleep.target"
"systemd-hibernate.service"
"systemd-hibernate-clear.service"
"systemd-hybrid-sleep.service"
"systemd-suspend.service"
"systemd-suspend-then-hibernate.service"
@ -136,6 +139,16 @@ let
"systemd-ask-password-wall.path"
"systemd-ask-password-wall.service"
# Varlink APIs
"systemd-bootctl@.service"
"systemd-bootctl.socket"
"systemd-creds@.service"
"systemd-creds.socket"
] ++ lib.optional cfg.package.withTpm2Tss [
"systemd-pcrlock@.service"
"systemd-pcrlock.socket"
] ++ [
# Slices / containers.
"slices.target"
] ++ optionals cfg.package.withImportd [
@ -158,6 +171,7 @@ let
] ++ optionals cfg.package.withHostnamed [
"dbus-org.freedesktop.hostname1.service"
"systemd-hostnamed.service"
"systemd-hostnamed.socket"
] ++ optionals cfg.package.withPortabled [
"dbus-org.freedesktop.portable1.service"
"systemd-portabled.service"

7
nixos/modules/system/boot/systemd/initrd.nix
View File

@ -70,6 +70,7 @@ let
"systemd-tmpfiles-setup-dev.service"
"systemd-tmpfiles-setup.service"
"timers.target"
"tpm2.target"
"umount.target"
"systemd-bsod.service"
] ++ cfg.additionalUpstreamUnits;
@ -344,7 +345,8 @@ in {
};
enableTpm2 = mkOption {
default = true;
default = cfg.package.withTpm2Tss;
defaultText = "boot.initrd.systemd.package.withTpm2Tss";
type = types.bool;
description = ''
Whether to enable TPM2 support in the initrd.
@ -460,6 +462,7 @@ in {
"${cfg.package}/lib/systemd/systemd-sulogin-shell"
"${cfg.package}/lib/systemd/systemd-sysctl"
"${cfg.package}/lib/systemd/systemd-bsod"
"${cfg.package}/lib/systemd/systemd-sysroot-fstab-check"
# generators
"${cfg.package}/lib/systemd/system-generators/systemd-debug-generator"
@ -486,6 +489,8 @@ in {
# fido2 support
"${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
"${pkgs.libfido2}/lib/libfido2.so.1"
] ++ optionals cfg.package.withKmod [
"${pkgs.kmod.lib}/lib/libkmod.so.2"
] ++ jobScripts;
targets.initrd.aliases = ["default.target"];

1
nixos/modules/system/boot/systemd/journald.nix
View File

@ -96,6 +96,7 @@ in {
"systemd-journald@.service"
"systemd-journal-flush.service"
"systemd-journal-catalog-update.service"
"systemd-journald-sync@.service"
] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [
"systemd-journald-dev-log.socket"
"syslog.socket"

3
nixos/tests/rosenpass.nix
View File

@ -44,7 +44,8 @@ in
enable = true;
networks."rosenpass" = {
matchConfig.Name = deviceName;
networkConfig.IPForward = true;
networkConfig.IPv4Forwarding = true;
networkConfig.IPv6Forwarding = true;
address = [ "${peer.ip}/64" ];
};

2
nixos/tests/systemd-networkd-dhcpserver-static-leases.nix
View File

@ -24,8 +24,6 @@ import ./make-test-python.nix ({ lib, ... }: {
"01-eth1" = {
name = "eth1";
networkConfig = {
# IPForward prevents dynamic address configuration
IPForward = true;
DHCPServer = true;
Address = "10.0.0.1/24";
};

3
nixos/tests/systemd-networkd-ipv6-prefix-delegation.nix
View File

@ -40,7 +40,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
address = [
"2001:DB8::1/64"
];
networkConfig.IPForward = true;
networkConfig.IPv4Forwarding = true;
networkConfig.IPv6Forwarding = true;
};
};
};

15
nixos/tests/systemd-networkd-vrf.nix
View File

@ -16,7 +16,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let
linkConfig.RequiredForOnline = "no";
networkConfig = {
Address = "192.168.${toString vlan}.${toString id}/24";
IPForward = "yes";
IPv4Forwarding = "yes";
IPv6Forwarding = "yes";
};
};
};
@ -57,14 +58,16 @@ in {
networks."10-vrf1" = {
matchConfig.Name = "vrf1";
networkConfig.IPForward = "yes";
networkConfig.IPv4Forwarding = "yes";
networkConfig.IPv6Forwarding = "yes";
routes = [
{ Destination = "192.168.1.2"; Metric = 100; }
];
};
networks."10-vrf2" = {
matchConfig.Name = "vrf2";
networkConfig.IPForward = "yes";
networkConfig.IPv4Forwarding = "yes";
networkConfig.IPv6Forwarding = "yes";
routes = [
{ Destination = "192.168.2.3"; Metric = 100; }
];
@ -76,7 +79,8 @@ in {
networkConfig = {
VRF = "vrf1";
Address = "192.168.1.1/24";
IPForward = "yes";
IPv4Forwarding = "yes";
IPv6Forwarding = "yes";
};
};
networks."10-eth2" = {
@ -85,7 +89,8 @@ in {
networkConfig = {
VRF = "vrf2";
Address = "192.168.2.1/24";
IPForward = "yes";
IPv4Forwarding = "yes";
IPv6Forwarding = "yes";
};
};
};

3
nixos/tests/systemd.nix
View File

@ -204,8 +204,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
assert "0B read, 0B written" not in output
with subtest("systemd per-unit accounting works"):
assert "IP traffic received: 84B" in output_ping
assert "IP traffic sent: 84B" in output_ping
assert "IP traffic received: 84B sent: 84B" in output_ping
with subtest("systemd environment is properly set"):
machine.systemctl("daemon-reexec") # Rewrites /proc/1/environ

14
pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch
View File

@ -13,17 +13,17 @@ unit. (However, this ignores the fsck unit, so it's not perfect...)
1 file changed, 4 deletions(-)
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index 0d68f31d36..6b52f7ed4b 100644
index ad0c7e2fb5..79f3086e78 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -22,10 +22,6 @@ SUBSYSTEM=="block", TAG+="systemd"
SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end"
SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
@@ -26,10 +26,6 @@ SUBSYSTEM=="block", ACTION=="add", KERNEL=="dm-*", ENV{DM_NAME}!="?*", ENV{SYSTE
# Import previous SYSTEMD_READY state.
SUBSYSTEM=="block", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}=="", IMPORT{db}="SYSTEMD_READY"
-# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it.
-SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-
# Explicitly set SYSTEMD_READY=1 for DM devices that don't have it set yet, so that we always have something to import above
SUBSYSTEM=="block", ENV{DM_UUID}=="?*", ENV{SYSTEMD_READY}=="", ENV{SYSTEMD_READY}="1"
# add symlink to GPT root disk
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"

4
pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch
View File

@ -14,7 +14,7 @@ Original-Author: Eelco Dolstra <eelco.dolstra@logicblox.com>
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c
index 55e76b6e16..015a608035 100644
index eac5bb8d3b..d8187bfa99 100644
--- a/src/shared/fstab-util.c
+++ b/src/shared/fstab-util.c
@@ -66,6 +66,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) {
@ -27,7 +27,7 @@ index 55e76b6e16..015a608035 100644
"/etc"))
return true;
diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
index 1a9b99d761..04ef9af1ea 100644
index ca6d36e054..0a9227c9a8 100644
--- a/src/shutdown/umount.c
+++ b/src/shutdown/umount.c
@@ -170,8 +170,10 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) {

6
pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch
View File

@ -10,10 +10,10 @@ container, so checking early whether it exists will fail.
1 file changed, 2 insertions(+)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 38196ef3d6..57d1750b00 100644
index 4fee8a693c..756ce11b1f 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -5602,6 +5602,7 @@ static int run(int argc, char *argv[]) {
@@ -6028,6 +6028,7 @@ static int run(int argc, char *argv[]) {
goto finish;
}
} else {
@ -21,7 +21,7 @@ index 38196ef3d6..57d1750b00 100644
_cleanup_free_ char *p = NULL;
if (arg_pivot_root_new)
@@ -5618,6 +5619,7 @@ static int run(int argc, char *argv[]) {
@@ -6044,6 +6045,7 @@ static int run(int argc, char *argv[]) {
"Directory %s doesn't look like it has an OS tree (/usr/ directory is missing). Refusing.", arg_directory);
goto finish;
}

14
pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch
View File

@ -16,10 +16,10 @@ Original-Author: Eelco Dolstra <eelco.dolstra@logicblox.com>
2 files changed, 6 insertions(+), 20 deletions(-)
diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
index 4e3d59fc56..0d18b9a2d0 100644
index 540256b73b..a115ec09a3 100644
--- a/src/basic/path-lookup.c
+++ b/src/basic/path-lookup.c
@@ -92,11 +92,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) {
@@ -123,11 +123,7 @@ int runtime_directory(char **ret, RuntimeScope scope, const char *suffix) {
}
static const char* const user_data_unit_paths[] = {
@ -31,7 +31,7 @@ index 4e3d59fc56..0d18b9a2d0 100644
NULL
};
@@ -613,16 +609,13 @@ int lookup_paths_init(
@@ -634,16 +630,13 @@ int lookup_paths_init(
persistent_config,
SYSTEM_CONFIG_UNIT_DIR,
"/etc/systemd/system",
@ -49,7 +49,7 @@ index 4e3d59fc56..0d18b9a2d0 100644
STRV_IFNOTNULL(generator_late));
break;
@@ -638,14 +631,11 @@ int lookup_paths_init(
@@ -659,14 +652,11 @@ int lookup_paths_init(
persistent_config,
USER_CONFIG_UNIT_DIR,
"/etc/systemd/user",
@ -65,7 +65,7 @@ index 4e3d59fc56..0d18b9a2d0 100644
STRV_IFNOTNULL(generator_late));
break;
@@ -805,7 +795,6 @@ char **generator_binary_paths(RuntimeScope scope) {
@@ -825,7 +815,6 @@ char **generator_binary_paths(RuntimeScope scope) {
case RUNTIME_SCOPE_SYSTEM:
add = strv_new("/run/systemd/system-generators",
"/etc/systemd/system-generators",
@ -73,7 +73,7 @@ index 4e3d59fc56..0d18b9a2d0 100644
SYSTEM_GENERATOR_DIR);
break;
@@ -813,7 +802,6 @@ char **generator_binary_paths(RuntimeScope scope) {
@@ -833,7 +822,6 @@ char **generator_binary_paths(RuntimeScope scope) {
case RUNTIME_SCOPE_USER:
add = strv_new("/run/systemd/user-generators",
"/etc/systemd/user-generators",
@ -81,7 +81,7 @@ index 4e3d59fc56..0d18b9a2d0 100644
USER_GENERATOR_DIR);
break;
@@ -852,14 +840,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) {
@@ -872,14 +860,12 @@ char **env_generator_binary_paths(RuntimeScope runtime_scope) {
case RUNTIME_SCOPE_SYSTEM:
add = strv_new("/run/systemd/system-environment-generators",
"/etc/systemd/system-environment-generators",

4
pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch
View File

@ -13,10 +13,10 @@ in containers.
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index e61ebee253..22cc5cc843 100644
index 04103e0fe9..e26c6c5cfd 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1562,7 +1562,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) {
@@ -1611,7 +1611,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) {
if (!unit_is_bound_by_inactive(u, &culprit))
continue;

22
pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch
View File

@ -11,10 +11,10 @@ Subject: [PATCH] hostnamed, localed, timedated: disable methods that change
3 files changed, 25 insertions(+)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index e1d53f2395..a224e6dadc 100644
index 82d08803fa..8e40b77eba 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -1053,6 +1053,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_
@@ -1116,6 +1116,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_
if (r < 0)
return r;
@ -24,7 +24,7 @@ index e1d53f2395..a224e6dadc 100644
name = empty_to_null(name);
context_read_etc_hostname(c);
@@ -1116,6 +1119,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
@@ -1178,6 +1181,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
if (r < 0)
return r;
@ -35,10 +35,10 @@ index e1d53f2395..a224e6dadc 100644
context_read_machine_info(c);
diff --git a/src/locale/localed.c b/src/locale/localed.c
index 5d96237fae..9af35cd29c 100644
index c0d104578d..51a714ee23 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -229,6 +229,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
@@ -226,6 +226,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
use_localegen = locale_gen_check_available();
@ -48,7 +48,7 @@ index 5d96237fae..9af35cd29c 100644
/* If single locale without variable name is provided, then we assume it is LANG=. */
if (strv_length(l) == 1 && !strchr(l[0], '=')) {
if (!locale_is_valid(l[0]))
@@ -347,6 +350,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro
@@ -343,6 +346,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro
if (r < 0)
return bus_log_parse_error(r);
@ -58,7 +58,7 @@ index 5d96237fae..9af35cd29c 100644
vc_context_empty_to_null(&in);
r = vc_context_verify_and_warn(&in, LOG_ERR, error);
@@ -465,6 +471,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err
@@ -460,6 +466,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err
if (r < 0)
return bus_log_parse_error(r);
@ -69,10 +69,10 @@ index 5d96237fae..9af35cd29c 100644
r = x11_context_verify_and_warn(&in, LOG_ERR, error);
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index c7be30f563..50f8aa8675 100644
index e3b4367ec0..448aa7e94d 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -659,6 +659,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error *
@@ -673,6 +673,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error *
if (r < 0)
return r;
@ -83,7 +83,7 @@ index c7be30f563..50f8aa8675 100644
if (!timezone_is_valid(z, LOG_DEBUG))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z);
@@ -737,6 +741,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error
@@ -750,6 +754,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error
if (r < 0)
return r;
@ -93,7 +93,7 @@ index c7be30f563..50f8aa8675 100644
if (lrtc == c->local_rtc && !fix_system)
return sd_bus_reply_method_return(m, NULL);
@@ -917,6 +924,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error
@@ -928,6 +935,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error
if (r < 0)
return r;

30
pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch
View File

@ -13,7 +13,7 @@ NixOS uses this path.
5 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/man/localtime.xml b/man/localtime.xml
index e486474c44..5f373d0723 100644
index 3a13e04a27..4fd58068a1 100644
--- a/man/localtime.xml
+++ b/man/localtime.xml
@@ -20,7 +20,7 @@
@ -35,7 +35,7 @@ index e486474c44..5f373d0723 100644
<literal>Etc/UTC</literal>. The resulting link should lead to the
corresponding binary
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index f9014dc560..3ee0363369 100644
index b94f37c31c..48f5a2526b 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1412,7 +1412,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) {
@ -65,20 +65,20 @@ index f9014dc560..3ee0363369 100644
fd = open(t, O_RDONLY|O_CLOEXEC);
if (fd < 0)
@@ -1625,7 +1625,7 @@ int get_timezone(char **ret) {
@@ -1617,7 +1617,7 @@ int get_timezone(char **ret) {
if (r < 0)
return r; /* returns EINVAL if not a symlink */
return r; /* Return EINVAL if not a symlink */
- e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/");
+ e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/");
- const char *e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/");
+ const char *e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/");
if (!e)
return -EINVAL;
if (!timezone_is_valid(e, LOG_DEBUG))
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index f77a5f6266..63bac85b29 100644
index 6afabef430..c1e3af77e1 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -632,7 +632,7 @@ static int process_timezone(int rfd) {
@@ -648,7 +648,7 @@ static int process_timezone(int rfd) {
if (isempty(arg_timezone))
return 0;
@ -88,10 +88,10 @@ index f77a5f6266..63bac85b29 100644
r = symlinkat_atomic_full(e, pfd, f, /* make_relative= */ false);
if (r < 0)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e48ebe8342..41796f3358 100644
index 756ce11b1f..436804b3bd 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1845,8 +1845,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid
@@ -1862,8 +1862,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid
static const char *timezone_from_path(const char *path) {
return PATH_STARTSWITH_SET(
path,
@ -103,10 +103,10 @@ index e48ebe8342..41796f3358 100644
static bool etc_writable(void) {
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index 50f8aa8675..aff156ab42 100644
index 448aa7e94d..2161e09579 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -276,7 +276,7 @@ static int context_read_data(Context *c) {
@@ -280,7 +280,7 @@ static int context_read_data(Context *c) {
r = get_timezone(&t);
if (r == -EINVAL)
@ -115,7 +115,7 @@ index 50f8aa8675..aff156ab42 100644
else if (r < 0)
log_warning_errno(r, "Failed to get target of /etc/localtime: %m");
@@ -300,7 +300,7 @@ static int context_write_data_timezone(Context *c) {
@@ -304,7 +304,7 @@ static int context_write_data_timezone(Context *c) {
if (isempty(c->zone) || streq(c->zone, "UTC")) {
@ -124,7 +124,7 @@ index 50f8aa8675..aff156ab42 100644
if (unlink("/etc/localtime") < 0 && errno != ENOENT)
return -errno;
@@ -308,9 +308,9 @@ static int context_write_data_timezone(Context *c) {
@@ -312,9 +312,9 @@ static int context_write_data_timezone(Context *c) {
return 0;
}

10
pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch
View File

@ -12,10 +12,10 @@ files that I might have missed.
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/basic/constants.h b/src/basic/constants.h
index 6bb5f3c281..678d13737d 100644
index e70817c51f..859e673a67 100644
--- a/src/basic/constants.h
+++ b/src/basic/constants.h
@@ -65,13 +65,15 @@
@@ -62,13 +62,15 @@
"/etc/" n "\0" \
"/run/" n "\0" \
"/usr/local/lib/" n "\0" \
@ -23,7 +23,7 @@ index 6bb5f3c281..678d13737d 100644
+ "/usr/lib/" n "\0" \
+ PREFIX "/lib/" n "\0"
#define CONF_PATHS_USR(n) \
#define CONF_PATHS(n) \
"/etc/" n, \
"/run/" n, \
"/usr/local/lib/" n, \
@ -31,5 +31,5 @@ index 6bb5f3c281..678d13737d 100644
+ "/usr/lib/" n, \
+ PREFIX "/lib/" n
#define CONF_PATHS(n) \
CONF_PATHS_USR(n)
#define CONF_PATHS_STRV(n) \
STRV_MAKE(CONF_PATHS(n))

4
pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch
View File

@ -10,10 +10,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable.
1 file changed, 1 insertion(+)
diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
index b976b7d8cf..b1c02df6fd 100644
index 67f44e16e9..dda6614561 100644
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@@ -336,6 +336,7 @@ static void init_watchdog(void) {
@@ -358,6 +358,7 @@ static void notify_supervisor(void) {
int main(int argc, char *argv[]) {
static const char* const dirs[] = {
SYSTEM_SHUTDOWN_PATH,

4
pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch
View File

@ -9,10 +9,10 @@ This is needed for NixOS to use such scripts as systemd directory is immutable.
1 file changed, 1 insertion(+)
diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
index 21af3e9e52..6d096e3c78 100644
index c96207428d..1e95eec7f1 100644
--- a/src/sleep/sleep.c
+++ b/src/sleep/sleep.c
@@ -215,6 +215,7 @@ static int execute(
@@ -217,6 +217,7 @@ static int execute(
};
static const char* const dirs[] = {
SYSTEM_SLEEP_PATH,

25
pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
View File

@ -10,19 +10,20 @@ systemd itself uses extensively.
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index 6d943e967f..d4380aa7e3 100644
index fcb3aa9399..b9e69cbf91 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -25,9 +25,9 @@
# define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x)
#endif
@@ -17,10 +17,10 @@
#define PATH_MERGED_BIN(x) x "bin"
#define PATH_MERGED_BIN_NULSTR(x) x "bin\0"
-#define DEFAULT_PATH PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
-#define DEFAULT_PATH_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/")
-#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/")
+#define DEFAULT_PATH "@defaultPathNormal@"
+#define DEFAULT_PATH_NULSTR "@defaultPathNormal@\0"
+#define DEFAULT_PATH_COMPAT DEFAULT_PATH
-#define DEFAULT_PATH_WITH_SBIN PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/")
-#define DEFAULT_PATH_WITHOUT_SBIN PATH_MERGED_BIN("/usr/local/") ":" PATH_MERGED_BIN("/usr/")
+#define DEFAULT_PATH_WITH_SBIN "@defaultPathNormal@"
+#define DEFAULT_PATH_WITHOUT_SBIN DEFAULT_PATH_WITH_SBIN
-#define DEFAULT_PATH_COMPAT PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/") ":" PATH_SPLIT_BIN("/")
+#define DEFAULT_PATH_COMPAT DEFAULT_PATH_WITH_SBIN
const char* default_PATH(void);
#ifndef DEFAULT_USER_PATH
# define DEFAULT_USER_PATH DEFAULT_PATH

4
pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch
View File

@ -16,10 +16,10 @@ executables that are being called from managers.
1 file changed, 8 insertions(+)
diff --git a/src/core/manager.c b/src/core/manager.c
index 22cc5cc843..5dc7d4504f 100644
index e26c6c5cfd..6cc1642684 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3914,9 +3914,17 @@ static int build_generator_environment(Manager *m, char ***ret) {
@@ -4035,9 +4035,17 @@ static int build_generator_environment(Manager *m, char ***ret) {
* adjust generated units to that. Let's pass down some bits of information that are easy for us to
* determine (but a bit harder for generator scripts to determine), as environment variables. */

31
pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch
View File

@ -13,20 +13,25 @@ so showing the taint isn't really helpful.
See also: https://github.com/systemd/systemd/issues/24191
---
src/core/manager.c | 3 ---
1 file changed, 3 deletions(-)
src/core/taint.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 5dc7d4504f..6208c9aa31 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -4800,9 +4800,6 @@ char* manager_taint_string(const Manager *m) {
const char* stage[12] = {};
size_t n = 0;
diff --git a/src/core/taint.c b/src/core/taint.c
index 969b37f209..de64e8f1f9 100644
--- a/src/core/taint.c
+++ b/src/core/taint.c
@@ -41,14 +41,6 @@ char* taint_string(void) {
- _cleanup_free_ char *usrbin = NULL;
- if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin"))
_cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL;
- if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
- stage[n++] = "unmerged-usr";
-
- /* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks
- * too. */
- if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin"))
- stage[n++] = "unmerged-bin";
-
if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run"))
stage[n++] = "var-run-bad";
if (access("/proc/cgroups", F_OK) < 0)
stage[n++] = "cgroups-missing";

4
pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch
View File

@ -27,10 +27,10 @@ filename_is_valid with path_is_valid.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 5e07b88a89..8dd7315009 100644
index 10a78adfaf..6493d5d270 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -654,7 +654,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
@@ -670,7 +670,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
fn = strjoina("libtss2-tcti-", driver, ".so.0");
/* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */

4
pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch
View File

@ -30,7 +30,7 @@ are written into `$XDG_CONFIG_HOME/systemd/user`.
1 file changed, 3 insertions(+)
diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c
index 367afa20f7..5777154d01 100644
index 15398f8364..8d440cee59 100644
--- a/src/systemctl/systemctl-edit.c
+++ b/src/systemctl/systemctl-edit.c
@@ -322,6 +322,9 @@ int verb_edit(int argc, char *argv[], void *userdata) {
@ -40,6 +40,6 @@ index 367afa20f7..5777154d01 100644
+ if (!arg_runtime && arg_runtime_scope == RUNTIME_SCOPE_SYSTEM)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "The unit-directory '/etc/systemd/system' is read-only on NixOS, so it's not possible to edit system-units directly. Use 'systemctl edit --runtime' instead.");
+
if (!on_tty())
if (!on_tty() && !arg_stdin)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit units if not on a tty.");

6
pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch
View File

@ -8,14 +8,14 @@ Subject: [PATCH] meson.build: do not create systemdstatedir
1 file changed, 1 deletion(-)
diff --git a/meson.build b/meson.build
index 7419e2b0b0..c82a527976 100644
index cecdbc3aa7..bd7f8ec580 100644
--- a/meson.build
+++ b/meson.build
@@ -2497,7 +2497,6 @@ install_data('LICENSE.GPL2',
@@ -2652,7 +2652,6 @@ install_data('LICENSE.GPL2',
install_subdir('LICENSES',
install_dir : docdir)
-install_emptydir(systemdstatedir)
############################################################
#####################################################################

9
pkgs/os-specific/linux/systemd/0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
View File

@ -1,4 +1,4 @@
From 7a27556920fe1feefd17096841c8f3ca1294a1b3 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yuri Nesterov <yuriy.nesterov@unikie.com>
Date: Wed, 21 Jun 2023 17:17:38 +0300
Subject: [PATCH] timesyncd: disable NSCD when DNSSEC validation is disabled
@ -13,7 +13,7 @@ directly.
1 file changed, 11 insertions(+)
diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index 1d8ebecc91..2b0ae361ff 100644
index 5c308a04bc..81aa3d3334 100644
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -21,6 +21,11 @@
@ -32,7 +32,7 @@ index 1d8ebecc91..2b0ae361ff 100644
if (r < 0)
return log_error_errno(r, "Failed to parse fallback server strings: %m");
+ r = getenv_bool_secure("SYSTEMD_NSS_RESOLVE_VALIDATE");
+ r = secure_getenv_bool("SYSTEMD_NSS_RESOLVE_VALIDATE");
+ if (r == 0) {
+ log_info("Disabling NSCD because DNSSEC validation is turned off");
+ __nss_disable_nscd(register_traced_file);
@ -41,6 +41,3 @@ index 1d8ebecc91..2b0ae361ff 100644
log_debug("systemd-timesyncd running as pid " PID_FMT, getpid_cached());
notify_message = notify_start("READY=1\n"
--
2.34.1

52
pkgs/os-specific/linux/systemd/default.nix
View File

@ -6,6 +6,7 @@
, pkgsCross
, fetchFromGitHub
, fetchzip
, fetchpatch
, buildPackages
, makeBinaryWrapper
, ninja
@ -67,6 +68,7 @@
, p11-kit
, libpwquality
, qrencode
, libarchive
# the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to
# be available during build time.
@ -153,6 +155,7 @@
# building disk images for non-NixOS systems. To save users from trying to use it
# on their live NixOS system, we disable it by default.
, withKernelInstall ? false
, withLibarchive ? true
# tests assume too much system access for them to be feasible for us right now
, withTests ? false
# build only libudev and libsystemd
@ -179,14 +182,14 @@ assert withBootloader -> withEfi;
let
wantCurl = withRemote || withImportd;
wantGcrypt = withResolved || withImportd;
version = "255.9";
version = "256.2";
# Use the command below to update `releaseTimestamp` on every (major) version
# change. More details in the commentary at mesonFlags.
# command:
# $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \
# jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime'
releaseTimestamp = "1701895110";
releaseTimestamp = "1720202583";
in
stdenv.mkDerivation (finalAttrs: {
inherit pname version;
@ -195,9 +198,9 @@ stdenv.mkDerivation (finalAttrs: {
# This has proven to be less error-prone than the previous systemd fork.
src = fetchFromGitHub {
owner = "systemd";
repo = "systemd-stable";
rev = "v${finalAttrs.version}";
hash = "sha256-fnMvBYyMRQrP2x//8ntGTSwoHOtFk2TQ4S5fwcsSLDU=";
repo = "systemd";
rev = "v${version}";
hash = "sha256-fyHzL+oe192YYuwyoTrov10IlrB0NSfY/XKVWzJrQEI=";
};
# On major changes, or when otherwise required, you *must* :
@ -226,6 +229,19 @@ stdenv.mkDerivation (finalAttrs: {
./0015-tpm2_context_init-fix-driver-name-checking.patch
./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch
./0017-meson.build-do-not-create-systemdstatedir.patch
# https://github.com/systemd/systemd/pull/33258
# Remove after 256.3
(fetchpatch {
url = "https://github.com/systemd/systemd/compare/b268a71069786a45460807967e669d505ba3c5a2..f26b2ec46118a4493608618da2253bb9dfc6b517.patch";
hash = "sha256-OmuPDm3NykrDeNTA3NcYt9iTXEUFwKJ5apPP4KqtABg=";
})
# https://github.com/systemd/systemd/pull/33400
(fetchpatch {
url = "https://github.com/systemd/systemd/compare/051d462b42fe6c27824046c15cd3c84fa5afe05b..5e2d802c018f0b6d5dd58745f64d6958fa261096.patch";
hash = "sha256-drGAnx+ECixOjIP0DUSbCG/emUgoVips9WQL5ny3NKQ=";
})
] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [
./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
] ++ lib.optional stdenv.hostPlatform.isMusl (
@ -355,7 +371,15 @@ stdenv.mkDerivation (finalAttrs: {
# Support for PKCS#11 in systemd-cryptsetup, systemd-cryptenroll and systemd-homed
{ name = "libp11-kit.so.0"; pkg = opt (withHomed || withCryptsetup) p11-kit; }
# Compression
{ name = "liblz4.so.1"; pkg = opt withCompression lz4; }
{ name = "liblzma.so.5"; pkg = opt withCompression xz; }
{ name = "libzstd.so.1"; pkg = opt withCompression zstd; }
{ name = "libip4tc.so.2"; pkg = opt withIptables iptables; }
{ name = "libarchive.so.13"; pkg = opt withLibarchive libarchive; }
{ name = "libkmod.so.2"; pkg = opt withKmod kmod; }
{ name = "libgcrypt.so.20"; pkg = opt wantGcrypt libgcrypt; }
];
patchDlOpen = dl:
@ -476,6 +500,7 @@ stdenv.mkDerivation (finalAttrs: {
++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ]))
++ lib.optionals withPasswordQuality [ libpwquality ]
++ lib.optionals withQrencode [ qrencode ]
++ lib.optionals withLibarchive [ libarchive ]
;
mesonBuildType = "release";
@ -492,13 +517,11 @@ stdenv.mkDerivation (finalAttrs: {
# https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266
(lib.mesonOption "time-epoch" releaseTimestamp)
(lib.mesonOption "version-tag" finalAttrs.version)
(lib.mesonOption "version-tag" version)
(lib.mesonOption "mode" "release")
(lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3
(lib.mesonOption "debug-shell" "${bashInteractive}/bin/bash")
(lib.mesonOption "pamconfdir" "${placeholder "out"}/etc/pam.d")
# Use cgroupsv2. This is already the upstream default, but better be explicit.
(lib.mesonOption "default-hierarchy" "unified")
(lib.mesonOption "kmod-path" "${kmod}/bin/kmod")
# Attempts to check /usr/sbin and that fails in macOS sandbox because
@ -524,8 +547,8 @@ stdenv.mkDerivation (finalAttrs: {
(lib.mesonOption "sbat-distro" "nixos")
(lib.mesonOption "sbat-distro-summary" "NixOS")
(lib.mesonOption "sbat-distro-url" "https://nixos.org/")
(lib.mesonOption "sbat-distro-pkgname" finalAttrs.pname)
(lib.mesonOption "sbat-distro-version" finalAttrs.version)
(lib.mesonOption "sbat-distro-pkgname" pname)
(lib.mesonOption "sbat-distro-version" version)
# Users
(lib.mesonOption "system-uid-max" "999")
@ -543,6 +566,11 @@ stdenv.mkDerivation (finalAttrs: {
(lib.mesonOption "mount-path" "${lib.getOutput "mount" util-linux}/bin/mount")
(lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount")
# SSH
# Disabled for now until someone makes this work.
(lib.mesonOption "sshconfdir" "no")
(lib.mesonOption "sshdconfdir" "no")
# Features
@ -606,6 +634,7 @@ stdenv.mkDerivation (finalAttrs: {
(lib.mesonEnable "kmod" withKmod)
(lib.mesonEnable "qrencode" withQrencode)
(lib.mesonEnable "vmspawn" withVmspawn)
(lib.mesonEnable "libarchive" withLibarchive)
(lib.mesonEnable "xenctrl" false)
(lib.mesonEnable "gnutls" false)
(lib.mesonEnable "xkbcommon" false)
@ -873,7 +902,8 @@ stdenv.mkDerivation (finalAttrs: {
interfaceVersion = 2;
inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod
withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd;
withLocaled withMachined withPortabled withTimedated withTpm2Tss withUtmp
util-linux kmod kbd;
tests = {
inherit (nixosTests)

1
pkgs/top-level/all-packages.nix
View File

@ -27573,6 +27573,7 @@ with pkgs;
withPasswordQuality = false;
withVmspawn = false;
withQrencode = false;
withLibarchive = false;
};
systemdLibs = systemdMinimal.override {
pname = "systemd-minimal-libs";