Merge pull request #101207 from NixOS/staging-next

Staging next

4 files changed, 84 insertions, 48 deletions

diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index 0e10add55613..64fa92be8658 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -14,7 +14,7 @@
 
 let
   apparmor-series = "2.13";
-  apparmor-patchver = "4";
+  apparmor-patchver = "5";
   apparmor-version = apparmor-series + "." + apparmor-patchver;
 
   apparmor-meta = component: with stdenv.lib; {
@@ -27,19 +27,10 @@ let
 
   apparmor-sources = fetchurl {
     url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
-    sha256 = "03nislxccnbxld89giak2s8xa4mdbwscfxbdwhmw5qpvgz08dgwh";
-  };
-
-  # See <https://gitlab.com/apparmor/apparmor/-/issues/74> This and the
-  # accompanying application in prePatchCommon should be removed in 2.13.5
-  gnumake43Patch = fetchpatch {
-    url = "https://gitlab.com/apparmor/apparmor/-/merge_requests/465.patch";
-    name = "2-23-fix-build-with-make-4.3.patch";
-    sha256 = "0xw028iqp69j9mxv0kbwraplgkj5i5djdlgf0anpkc5cdbsf96r9";
+    sha256 = "05x7r99k00r97v1cq2f711lv6yqzhbl8zp1i1c7kxra4v0a2lzk3";
   };
 
   prePatchCommon = ''
-    patch -p1 < ${gnumake43Patch}
     chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh
     patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh
     substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${buildPackages.perl}/bin/pod2man"
diff --git a/pkgs/os-specific/linux/iproute/default.nix b/pkgs/os-specific/linux/iproute/default.nix
index a9fcf455ee43..b3de7ceedaad 100644
--- a/pkgs/os-specific/linux/iproute/default.nix
+++ b/pkgs/os-specific/linux/iproute/default.nix
@@ -5,19 +5,19 @@
 
 stdenv.mkDerivation rec {
   pname = "iproute2";
-  version = "5.8.0";
+  version = "5.9.0";
 
   src = fetchurl {
     url = "mirror://kernel/linux/utils/net/${pname}/${pname}-${version}.tar.xz";
-    sha256 = "0vk4vickrpahdhl3zazr2qn2bf99v5549ncirjpwiy4h0a4izkfg";
+    sha256 = "1kys6dmhrl43iaq95n5sh02p39d7bq8i5y672qrzgwnwpjaaqpd2";
   };
 
   preConfigure = ''
     # Don't try to create /var/lib/arpd:
     sed -e '/ARPDDIR/d' -i Makefile
-    # TODO: Drop temporary version fix for 5.8 (53159d81) once 5.9 is out:
+    # TODO: Drop temporary version fix for 5.9 once 5.10 is out:
     substituteInPlace include/version.h \
-      --replace "v5.7.0-77-gb687d1067169" "5.8.0"
+      --replace "5.8.0" "${version}"
   '';
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/os-specific/linux/libcap/default.nix b/pkgs/os-specific/linux/libcap/default.nix
index 174f1be99dba..7931e35a8441 100644
--- a/pkgs/os-specific/linux/libcap/default.nix
+++ b/pkgs/os-specific/linux/libcap/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "libcap";
-  version = "2.27";
+  version = "2.44";
 
   src = fetchurl {
     url = "mirror://kernel/linux/libs/security/linux-privs/libcap2/${pname}-${version}.tar.xz";
-    sha256 = "0sj8kidl7qgf2qwxcbw1vadnlb30y4zvjzxswsmfdghq04npkhfs";
+    sha256 = "1qf80lifygbnxwvqjf8jz5j24n6fqqx4ixnkbf76xs2vrmcq664j";
   };
 
   outputs = [ "out" "dev" "lib" "man" "doc" "pam" ];
@@ -54,6 +54,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     description = "Library for working with POSIX capabilities";
+    homepage = "https://sites.google.com/site/fullycapable";
     platforms = stdenv.lib.platforms.linux;
     license = stdenv.lib.licenses.bsd3;
   };
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index cef9d96ae6e1..da99280f63b8 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,27 +1,61 @@
-{ stdenv, lib, fetchFromGitHub, pkgconfig, intltool, gperf, libcap
-, curl, kmod, gnupg, gnutar, xz, pam, acl, libuuid, m4, e2fsprogs, utillinux, libffi
-, glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
-, audit, lz4, bzip2, pcre2
-, linuxHeaders ? stdenv.cc.libc.linuxHeaders
-, iptables, gnu-efi, bashInteractive
-, gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45
-, ninja, meson, python3Packages, glibcLocales
-, patchelf
-, substituteAll
-, getent
-, cryptsetup, lvm2
+{ stdenv, lib, fetchFromGitHub
 , buildPackages
-, perl
+, ninja, meson, m4, pkgconfig, coreutils, gperf, getent
+, patchelf, perl, glibcLocales, glib, substituteAll
+, gettext, python3Packages
+
+# Mandatory dependencies
+, libcap
+, utillinux
+, kbd
+, kmod
+
+# Optional dependencies
+, pam, cryptsetup, lvm2, audit, acl
+, lz4, libgcrypt, libgpgerror, libidn2
+, curl, gnutar, gnupg, zlib
+, xz, libuuid, libffi
+, libapparmor, intltool
+, bzip2, pcre2, e2fsprogs
+, linuxHeaders ? stdenv.cc.libc.linuxHeaders
+, gnu-efi
+, iptables
 , withSelinux ? false, libselinux
 , withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp
 , withKexectools ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) kexectools.meta.platforms, kexectools
+, bashInteractive
+
+, withResolved ? true
+, withLogind ? true
+, withHostnamed ? true
+, withLocaled ? true
+, withNetworkd ? true
+, withTimedated ? true
+, withTimesyncd ? true
+, withHwdb ? true
+, withEfi ? stdenv.hostPlatform.isEfi
+, withImportd ? true
+, withCryptsetup ? true
+
+# name argument
+, pname ? "systemd"
+
+
+, libxslt, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45
 }:
 
+assert withResolved -> (libgcrypt != null && libgpgerror != null);
+assert withImportd ->
+  ( curl.dev != null && zlib != null && xz != null && libgcrypt != null
+  && gnutar != null && gnupg != null);
+
+assert withCryptsetup ->
+  ( cryptsetup != null );
+
 let
   version = "246.6";
 in stdenv.mkDerivation {
-  inherit version;
-  pname = "systemd";
+  inherit version pname;
 
   # We use systemd/systemd-stable for src, and ship NixOS-specific patches inside nixpkgs directly
   # This has proven to be less error-prone than the previous systemd fork.
@@ -71,13 +105,17 @@ in stdenv.mkDerivation {
   outputs = [ "out" "man" "dev" ];
 
   nativeBuildInputs =
-    [ pkgconfig intltool gperf libxslt gettext docbook_xsl docbook_xml_dtd_42 docbook_xml_dtd_45
+    [ pkgconfig gperf
       ninja meson
       coreutils # meson calls date, stat etc.
       glibcLocales
       patchelf getent m4
       perl # to patch the libsystemd.so and remove dependencies on aarch64
 
+      intltool
+      gettext
+
+      libxslt docbook_xsl docbook_xml_dtd_42 docbook_xml_dtd_45
       (buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]))
     ];
   buildInputs =
@@ -86,9 +124,10 @@ in stdenv.mkDerivation {
       pcre2 ] ++
       stdenv.lib.optional withKexectools kexectools ++
       stdenv.lib.optional withLibseccomp libseccomp ++
-    [ libffi audit lz4 bzip2 libapparmor
-      iptables gnu-efi
-    ] ++ stdenv.lib.optional withSelinux libselinux;
+      [ libffi audit lz4 bzip2 libapparmor iptables ] ++
+      stdenv.lib.optional withEfi gnu-efi ++
+      stdenv.lib.optional withSelinux libselinux ++
+      stdenv.lib.optional withCryptsetup cryptsetup.dev;
 
   #dontAddPrefix = true;
 
@@ -106,19 +145,23 @@ in stdenv.mkDerivation {
     "-Ddebug-shell=${bashInteractive}/bin/bash"
     # while we do not run tests we should also not build them. Removes about 600 targets
     "-Dtests=false"
-    "-Dimportd=true"
+    "-Dimportd=${stdenv.lib.boolToString withImportd}"
     "-Dlz4=true"
     "-Dhomed=false"
-    "-Dhostnamed=true"
-    "-Dnetworkd=true"
+    "-Dlogind=${stdenv.lib.boolToString withLogind}"
+    "-Dlocaled=${stdenv.lib.boolToString withLocaled}"
+    "-Dhostnamed=${stdenv.lib.boolToString withHostnamed}"
+    "-Dnetworkd=${stdenv.lib.boolToString withNetworkd}"
+    "-Dcryptsetup=${stdenv.lib.boolToString withCryptsetup}"
     "-Dportabled=false"
+    "-Dhwdb=${stdenv.lib.boolToString withHwdb}"
     "-Dremote=false"
     "-Dsysusers=false"
-    "-Dtimedated=true"
-    "-Dtimesyncd=true"
+    "-Dtimedated=${stdenv.lib.boolToString withTimedated}"
+    "-Dtimesyncd=${stdenv.lib.boolToString withTimesyncd}"
     "-Dfirstboot=false"
     "-Dlocaled=true"
-    "-Dresolve=true"
+    "-Dresolve=${stdenv.lib.boolToString withResolved}"
     "-Dsplit-usr=false"
     "-Dlibcurl=true"
     "-Dlibidn=false"
@@ -141,11 +184,6 @@ in stdenv.mkDerivation {
     "-Dsystem-gid-max=999"
     # "-Dtime-epoch=1"
 
-    (if !stdenv.hostPlatform.isEfi then "-Dgnu-efi=false" else "-Dgnu-efi=true")
-    "-Defi-libdir=${toString gnu-efi}/lib"
-    "-Defi-includedir=${toString gnu-efi}/include/efi"
-    "-Defi-ldsdir=${toString gnu-efi}/lib"
-
     "-Dsysvinit-path="
     "-Dsysvrcnd-path="
 
@@ -161,6 +199,12 @@ in stdenv.mkDerivation {
     # Upstream defaulted to disable manpages since they optimize for the much
     # more frequent development builds
     "-Dman=true"
+
+    "-Dgnu-efi=${stdenv.lib.boolToString (withEfi && gnu-efi != null)}"
+  ] ++ stdenv.lib.optionals (withEfi && gnu-efi != null) [
+    "-Defi-libdir=${toString gnu-efi}/lib"
+    "-Defi-includedir=${toString gnu-efi}/include/efi"
+    "-Defi-ldsdir=${toString gnu-efi}/lib"
   ];
 
   preConfigure = ''
@@ -284,6 +328,6 @@ in stdenv.mkDerivation {
     license = licenses.lgpl21Plus;
     platforms = platforms.linux;
     priority = 10;
-    maintainers = with maintainers; [ andir eelco flokli ];
+    maintainers = with maintainers; [ andir eelco flokli kloenk ];
   };
 }