Merge remote-tracking branch 'upstream/master' into staging

10 files changed, 93 insertions, 10 deletions

diff --git a/pkgs/os-specific/linux/akvcam/default.nix b/pkgs/os-specific/linux/akvcam/default.nix
new file mode 100644
index 000000000000..9e7450775147
--- /dev/null
+++ b/pkgs/os-specific/linux/akvcam/default.nix
@@ -0,0 +1,31 @@
+{ lib, stdenv, fetchFromGitHub, kernel, qmake }:
+
+stdenv.mkDerivation rec {
+  pname = "akvcam";
+  version = "1.1.1";
+
+  src = fetchFromGitHub {
+    owner = "webcamoid";
+    repo = "akvcam";
+    rev = version;
+    sha256 = "ULEhfF+uC/NcVUGAtmP1+BnrcgRgftNS97nLp81avQ8=";
+  };
+
+  nativeBuildInputs = [ qmake ];
+
+  qmakeFlags = [
+    "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
+  ];
+
+  installPhase = ''
+    install -m644 -b -D src/akvcam.ko $out/lib/modules/${kernel.modDirVersion}/akvcam.ko
+  '';
+
+  meta = with lib; {
+    description = "Virtual camera driver for Linux";
+    homepage = "https://github.com/webcamoid/akvcam";
+    maintainers = with maintainers; [ freezeboy ];
+    platforms = platforms.linux;
+    license = licenses.gpl2;
+  };
+}
diff --git a/pkgs/os-specific/linux/autofs/default.nix b/pkgs/os-specific/linux/autofs/default.nix
index baf3cc6ad55e..ab78c590017f 100644
--- a/pkgs/os-specific/linux/autofs/default.nix
+++ b/pkgs/os-specific/linux/autofs/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, flex, bison, linuxHeaders, libtirpc, mount, umount, nfs-utils, e2fsprogs
-, libxml2, kerberos, kmod, openldap, sssd, cyrus_sasl, openssl }:
+, libxml2, kerberos, kmod, openldap, sssd, cyrus_sasl, openssl, rpcsvc-proto }:
 
 let
   version = "5.1.6";
@@ -28,13 +28,16 @@ in stdenv.mkDerivation {
     unset STRIP # Makefile.rules defines a usable STRIP only without the env var.
   '';
 
+  # configure script is not finding the right path
+  NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ];
+
   installPhase = ''
     make install SUBDIRS="lib daemon modules man" # all but samples
     #make install SUBDIRS="samples" # impure!
   '';
 
   buildInputs = [ linuxHeaders libtirpc libxml2 kerberos kmod openldap sssd
-                  openssl cyrus_sasl ];
+                  openssl cyrus_sasl rpcsvc-proto ];
 
   nativeBuildInputs = [ flex bison ];
 
diff --git a/pkgs/os-specific/linux/bpftrace/default.nix b/pkgs/os-specific/linux/bpftrace/default.nix
index fc7c8ecba2da..9fbeda708e05 100644
--- a/pkgs/os-specific/linux/bpftrace/default.nix
+++ b/pkgs/os-specific/linux/bpftrace/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "bpftrace";
-  version = "0.11.0";
+  version = "0.11.4";
 
   src = fetchFromGitHub {
     owner  = "iovisor";
     repo   = "bpftrace";
     rev    = "refs/tags/v${version}";
-    sha256 = "02f2r731yj3fdc8341id1ksk4dma9rwm2765n2xgx2ldrrz5823y";
+    sha256 = "0y4qgm2cpccrsm20rnh92hqplddqsc5q5zhw9nqn2igm3h9i0z7h";
   };
 
   enableParallelBuilding = true;
diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix
index fadf5df7140a..a3be5484a047 100644
--- a/pkgs/os-specific/linux/firejail/default.nix
+++ b/pkgs/os-specific/linux/firejail/default.nix
@@ -20,6 +20,15 @@ stdenv.mkDerivation {
     name = "${s.name}.tar.bz2";
   };
 
+  patches = [
+    # Adds the /nix directory when using an overlay.
+    # Required to run any programs under this mode.
+    ./mount-nix-dir-on-overlay.patch
+    # By default fbuilder hardcodes the firejail binary to the install path.
+    # On NixOS the firejail binary is a setuid wrapper available in $PATH.
+    ./fbuilder-call-firejail-on-path.patch
+  ];
+
   prePatch = ''
     # Allow whitelisting ~/.nix-profile
     substituteInPlace etc/firejail.config --replace \
diff --git a/pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch b/pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch
new file mode 100644
index 000000000000..6016891655b1
--- /dev/null
+++ b/pkgs/os-specific/linux/firejail/fbuilder-call-firejail-on-path.patch
@@ -0,0 +1,11 @@
+--- a/src/fbuilder/build_profile.c
++++ b/src/fbuilder/build_profile.c
+@@ -67,7 +67,7 @@
+ 		errExit("asprintf");
+ 
+ 	char *cmdlist[] = {
+-	  BINDIR "/firejail",
++	  "firejail",
+ 	  "--quiet",
+ 	  "--noprofile",
+ 	  "--caps.drop=all",
diff --git a/pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch b/pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch
new file mode 100644
index 000000000000..685314f90758
--- /dev/null
+++ b/pkgs/os-specific/linux/firejail/mount-nix-dir-on-overlay.patch
@@ -0,0 +1,27 @@
+--- a/src/firejail/fs.c
++++ b/src/firejail/fs.c
+@@ -1143,6 +1143,16 @@
+ 		errExit("mounting /dev");
+ 	fs_logger("whitelist /dev");
+ 
++	// mount-bind /nix
++	if (arg_debug)
++		printf("Mounting /nix\n");
++	char *nix;
++	if (asprintf(&nix, "%s/nix", oroot) == -1)
++		errExit("asprintf");
++	if (mount("/nix", nix, NULL, MS_BIND|MS_REC, NULL) < 0)
++		errExit("mounting /nix");
++	fs_logger("whitelist /nix");
++
+ 	// mount-bind run directory
+ 	if (arg_debug)
+ 		printf("Mounting /run\n");
+@@ -1201,6 +1211,7 @@
+ 	free(odiff);
+ 	free(owork);
+ 	free(dev);
++	free(nix);
+ 	free(run);
+ 	free(tmp);
+ }
diff --git a/pkgs/os-specific/linux/hdparm/default.nix b/pkgs/os-specific/linux/hdparm/default.nix
index 8d3a967d6832..012cfb7e6032 100644
--- a/pkgs/os-specific/linux/hdparm/default.nix
+++ b/pkgs/os-specific/linux/hdparm/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "hdparm";
-  version = "9.58";
+  version = "9.60";
 
   src = fetchurl {
     url = "mirror://sourceforge/hdparm/hdparm-${version}.tar.gz";
-    sha256 = "03z1qm8zbgpxagk3994lvp24yqsshjibkwg05v9p3q1w7y48xrws";
+    sha256 = "1k1mcv7naiacw1y6bdd1adnjfiq1kkx2ivsadjwmlkg4fff775w3";
   };
 
   preBuild = ''
diff --git a/pkgs/os-specific/linux/ipset/default.nix b/pkgs/os-specific/linux/ipset/default.nix
index dada5c35f715..647e5e3597df 100644
--- a/pkgs/os-specific/linux/ipset/default.nix
+++ b/pkgs/os-specific/linux/ipset/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "ipset";
-  version = "7.7";
+  version = "7.9";
 
   src = fetchurl {
     url = "http://ipset.netfilter.org/${pname}-${version}.tar.bz2";
-    sha256 = "0ckc678l1431mb0q5ilfgy0ajjwi8n135c72h606imm43dc0v9a5";
+    sha256 = "02mkp7vmsh609dcp02xi290sxmsgq2fsch3875dxkwfxkrl16p5p";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 94558b890de1..47e49dbe01d7 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -775,6 +775,8 @@ let
       X86_CHECK_BIOS_CORRUPTION = yes;
       X86_MCE                   = yes;
 
+      RAS = yes; # Needed for EDAC support
+
       # Our initrd init uses shebang scripts, so can't be modular.
       BINFMT_SCRIPT = yes;
       # For systemd-binfmt
diff --git a/pkgs/os-specific/linux/mcelog/default.nix b/pkgs/os-specific/linux/mcelog/default.nix
index f0ef1126154a..2e97f9da1eae 100644
--- a/pkgs/os-specific/linux/mcelog/default.nix
+++ b/pkgs/os-specific/linux/mcelog/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "mcelog";
-  version = "169";
+  version = "173";
 
   src = fetchFromGitHub {
     owner  = "andikleen";
     repo   = "mcelog";
     rev    = "v${version}";
-    sha256 = "0ghkwfaky026qwj6hmcvz2w2hm8qqj3ysbkxxi603vslmwj56chv";
+    sha256 = "1ili11kqacn6jkjpk11vhycgygdl92mymgb1sx22lcwq2x0d248m";
   };
 
   postPatch = ''