2017-09-02 16:38:35 +01:00
|
|
|
{ stdenv, fetchFromGitHub, fetchpatch, pkgconfig, intltool, gperf, libcap, kmod
|
2014-08-30 22:30:31 +01:00
|
|
|
, zlib, xz, pam, acl, cryptsetup, libuuid, m4, utillinux, libffi
|
2018-02-11 22:43:24 +00:00
|
|
|
, glib, kbd, libxslt, coreutils, libgcrypt, libgpgerror, libidn2, libapparmor
|
|
|
|
, audit, lz4, bzip2, kexectools, libmicrohttpd
|
|
|
|
, linuxHeaders ? stdenv.cc.libc.linuxHeaders
|
|
|
|
, libseccomp, iptables, gnu-efi
|
2015-09-07 23:01:39 +01:00
|
|
|
, autoreconfHook, gettext, docbook_xsl, docbook_xml_dtd_42, docbook_xml_dtd_45
|
2018-02-11 22:43:24 +00:00
|
|
|
, ninja, meson, python3Packages, glibcLocales
|
|
|
|
, patchelf
|
2018-02-13 17:38:14 +00:00
|
|
|
, getent
|
2018-02-25 02:49:31 +00:00
|
|
|
, hostPlatform
|
2018-02-25 14:07:14 +00:00
|
|
|
, buildPackages
|
2018-03-27 00:24:46 +01:00
|
|
|
, withSelinux ? false, libselinux
|
2012-06-06 17:07:30 +01:00
|
|
|
}:
|
2012-05-21 21:48:19 +01:00
|
|
|
|
2018-02-13 02:20:14 +00:00
|
|
|
let
|
2018-02-25 14:07:14 +00:00
|
|
|
pythonLxmlEnv = buildPackages.python3Packages.python.withPackages ( ps: with ps; [ python3Packages.lxml ]);
|
2018-02-11 22:43:24 +00:00
|
|
|
|
2018-03-02 23:31:30 +00:00
|
|
|
in stdenv.mkDerivation rec {
|
2018-03-22 19:16:30 +00:00
|
|
|
version = "238";
|
2018-03-02 23:31:30 +00:00
|
|
|
name = "systemd-${version}";
|
|
|
|
|
2018-03-23 09:44:10 +00:00
|
|
|
# When updating, use https://github.com/systemd/systemd-stable tree, not the development one!
|
|
|
|
# Also fresh patches should be cherry-picked from that tree to our current one.
|
2018-03-02 23:31:30 +00:00
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "NixOS";
|
|
|
|
repo = "systemd";
|
2018-04-05 16:45:41 +01:00
|
|
|
rev = "02042d012c4d6c0a2854d8436dd6636d4327774f";
|
|
|
|
sha256 = "0iv6fygzac0z6dagbmw1nf8dx7rrr6d9cxp0fr304rn3ir58g5f0";
|
2018-03-02 23:31:30 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
outputs = [ "out" "lib" "man" "dev" ];
|
|
|
|
|
|
|
|
nativeBuildInputs =
|
|
|
|
[ pkgconfig intltool gperf libxslt gettext docbook_xsl docbook_xml_dtd_42 docbook_xml_dtd_45
|
|
|
|
ninja meson
|
|
|
|
coreutils # meson calls date, stat etc.
|
2018-03-10 14:41:34 +00:00
|
|
|
glibcLocales
|
|
|
|
patchelf getent m4
|
2018-03-02 23:31:30 +00:00
|
|
|
];
|
|
|
|
buildInputs =
|
|
|
|
[ linuxHeaders libcap kmod xz pam acl
|
2018-03-10 14:41:34 +00:00
|
|
|
/* cryptsetup */ libuuid glib libgcrypt libgpgerror libidn2
|
2018-03-25 22:52:20 +01:00
|
|
|
libmicrohttpd ] ++
|
|
|
|
stdenv.lib.meta.enableIfAvailable kexectools ++
|
|
|
|
stdenv.lib.meta.enableIfAvailable libseccomp ++
|
|
|
|
[ libffi audit lz4 bzip2 libapparmor
|
2018-03-02 23:31:30 +00:00
|
|
|
iptables gnu-efi
|
2018-03-10 14:41:34 +00:00
|
|
|
# This is actually native, but we already pull it from buildPackages
|
|
|
|
pythonLxmlEnv
|
2018-03-27 00:24:46 +01:00
|
|
|
] ++ stdenv.lib.optionals withSelinux [ libselinux ];
|
2018-03-02 23:31:30 +00:00
|
|
|
|
|
|
|
#dontAddPrefix = true;
|
|
|
|
|
|
|
|
mesonFlags = [
|
|
|
|
"-Dloadkeys-path=${kbd}/bin/loadkeys"
|
|
|
|
"-Dsetfont-path=${kbd}/bin/setfont"
|
|
|
|
"-Dtty-gid=3" # tty in NixOS has gid 3
|
|
|
|
# "-Dtests=" # TODO
|
|
|
|
"-Dlz4=true"
|
|
|
|
"-Dhostnamed=true"
|
|
|
|
"-Dnetworkd=true"
|
|
|
|
"-Dsysusers=false"
|
|
|
|
"-Dtimedated=true"
|
|
|
|
"-Dtimesyncd=true"
|
|
|
|
"-Dfirstboot=false"
|
|
|
|
"-Dlocaled=true"
|
|
|
|
"-Dresolve=true"
|
|
|
|
"-Dsplit-usr=false"
|
|
|
|
"-Dlibcurl=false"
|
|
|
|
"-Dlibidn=false"
|
|
|
|
"-Dlibidn2=true"
|
|
|
|
"-Dquotacheck=false"
|
|
|
|
"-Dldconfig=false"
|
|
|
|
"-Dsmack=true"
|
|
|
|
"-Dsystem-uid-max=499" #TODO: debug why awking around in /etc/login.defs doesn't work
|
|
|
|
"-Dsystem-gid-max=499"
|
|
|
|
# "-Dtime-epoch=1"
|
|
|
|
|
treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
2018-03-20 02:41:06 +00:00
|
|
|
(if stdenv.isAarch32 || stdenv.isAarch64 || !hostPlatform.isEfi then "-Dgnu-efi=false" else "-Dgnu-efi=true")
|
2018-03-02 23:31:30 +00:00
|
|
|
"-Defi-libdir=${toString gnu-efi}/lib"
|
|
|
|
"-Defi-includedir=${toString gnu-efi}/include/efi"
|
|
|
|
"-Defi-ldsdir=${toString gnu-efi}/lib"
|
|
|
|
|
|
|
|
"-Dsysvinit-path="
|
|
|
|
"-Dsysvrcnd-path="
|
2018-03-10 14:41:34 +00:00
|
|
|
|
|
|
|
"-Dkill-path=${coreutils}/bin/kill"
|
|
|
|
"-Dkmod-path=${kmod}/bin/kmod"
|
|
|
|
"-Dsulogin-path=${utillinux}/bin/sulogin"
|
|
|
|
"-Dmount-path=${utillinux}/bin/mount"
|
|
|
|
"-Dumount-path=${utillinux}/bin/umount"
|
2018-03-02 23:31:30 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
preConfigure = ''
|
|
|
|
mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")
|
|
|
|
mesonFlagsArray+=(-Ddbuspolicydir=$out/etc/dbus-1/system.d)
|
|
|
|
mesonFlagsArray+=(-Ddbussessionservicedir=$out/share/dbus-1/services)
|
|
|
|
mesonFlagsArray+=(-Ddbussystemservicedir=$out/share/dbus-1/system-services)
|
|
|
|
mesonFlagsArray+=(-Dpamconfdir=$out/etc/pam.d)
|
|
|
|
mesonFlagsArray+=(-Drootprefix=$out)
|
|
|
|
mesonFlagsArray+=(-Dlibdir=$lib/lib)
|
|
|
|
mesonFlagsArray+=(-Drootlibdir=$lib/lib)
|
|
|
|
mesonFlagsArray+=(-Dmandir=$man/lib)
|
|
|
|
mesonFlagsArray+=(-Dincludedir=$dev/include)
|
|
|
|
mesonFlagsArray+=(-Dpkgconfiglibdir=$dev/lib/pkgconfig)
|
|
|
|
mesonFlagsArray+=(-Dpkgconfigdatadir=$dev/share/pkgconfig)
|
|
|
|
|
|
|
|
# FIXME: Why aren't includedir and libdir picked up from mesonFlags while other options are?
|
|
|
|
substituteInPlace meson.build \
|
|
|
|
--replace "includedir = join_paths(prefixdir, get_option('includedir'))" \
|
|
|
|
"includedir = '$dev/include'" \
|
|
|
|
--replace "libdir = join_paths(prefixdir, get_option('libdir'))" \
|
|
|
|
"libdir = '$lib/lib'"
|
|
|
|
|
|
|
|
export LC_ALL="en_US.UTF-8";
|
|
|
|
# FIXME: patch this in systemd properly (and send upstream).
|
|
|
|
# already fixed in f00929ad622c978f8ad83590a15a765b4beecac9: (u)mount
|
|
|
|
for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.in src/journal/cat.c src/core/shutdown.c src/nspawn/nspawn.c src/shared/generator.c; do
|
|
|
|
test -e $i
|
|
|
|
substituteInPlace $i \
|
|
|
|
--replace /usr/bin/getent ${getent}/bin/getent \
|
|
|
|
--replace /sbin/swapon ${utillinux.bin}/sbin/swapon \
|
|
|
|
--replace /sbin/swapoff ${utillinux.bin}/sbin/swapoff \
|
|
|
|
--replace /sbin/fsck ${utillinux.bin}/sbin/fsck \
|
|
|
|
--replace /bin/echo ${coreutils}/bin/echo \
|
|
|
|
--replace /bin/cat ${coreutils}/bin/cat \
|
|
|
|
--replace /sbin/sulogin ${utillinux.bin}/sbin/sulogin \
|
|
|
|
--replace /usr/lib/systemd/systemd-fsck $out/lib/systemd/systemd-fsck \
|
|
|
|
--replace /bin/plymouth /run/current-system/sw/bin/plymouth # To avoid dependency
|
|
|
|
done
|
|
|
|
|
|
|
|
for i in tools/xml_helper.py tools/make-directive-index.py tools/make-man-index.py test/sys-script.py; do
|
|
|
|
substituteInPlace $i \
|
|
|
|
--replace "#!/usr/bin/env python" "#!${pythonLxmlEnv}/bin/python"
|
|
|
|
done
|
|
|
|
|
|
|
|
for i in src/basic/generate-gperfs.py src/resolve/generate-dns_type-gperf.py src/test/generate-sym-test.py ; do
|
|
|
|
substituteInPlace $i \
|
2018-03-10 14:41:34 +00:00
|
|
|
--replace "#!/usr/bin/env python" "#!${buildPackages.python3Packages.python}/bin/python"
|
2018-03-02 23:31:30 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
substituteInPlace src/journal/catalog.c \
|
|
|
|
--replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
|
|
|
|
'';
|
|
|
|
|
|
|
|
# These defines are overridden by CFLAGS and would trigger annoying
|
|
|
|
# warning messages
|
|
|
|
postConfigure = ''
|
|
|
|
substituteInPlace config.h \
|
|
|
|
--replace "POLKIT_AGENT_BINARY_PATH" "_POLKIT_AGENT_BINARY_PATH" \
|
|
|
|
--replace "SYSTEMD_BINARY_PATH" "_SYSTEMD_BINARY_PATH" \
|
|
|
|
--replace "SYSTEMD_CGROUP_AGENT_PATH" "_SYSTEMD_CGROUP_AGENT_PATH"
|
|
|
|
'';
|
|
|
|
|
|
|
|
hardeningDisable = [ "stackprotector" ];
|
|
|
|
|
|
|
|
NIX_CFLAGS_COMPILE =
|
|
|
|
[ # Can't say ${polkit.bin}/bin/pkttyagent here because that would
|
|
|
|
# lead to a cyclic dependency.
|
|
|
|
"-UPOLKIT_AGENT_BINARY_PATH" "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\""
|
|
|
|
|
|
|
|
# Set the release_agent on /sys/fs/cgroup/systemd to the
|
|
|
|
# currently running systemd (/run/current-system/systemd) so
|
|
|
|
# that we don't use an obsolete/garbage-collected release agent.
|
|
|
|
"-USYSTEMD_CGROUP_AGENT_PATH" "-DSYSTEMD_CGROUP_AGENT_PATH=\"/run/current-system/systemd/lib/systemd/systemd-cgroups-agent\""
|
|
|
|
|
|
|
|
"-USYSTEMD_BINARY_PATH" "-DSYSTEMD_BINARY_PATH=\"/run/current-system/systemd/lib/systemd/systemd\""
|
|
|
|
];
|
|
|
|
|
|
|
|
postInstall = ''
|
|
|
|
# sysinit.target: Don't depend on
|
|
|
|
# systemd-tmpfiles-setup.service. This interferes with NixOps's
|
|
|
|
# send-keys feature (since sshd.service depends indirectly on
|
|
|
|
# sysinit.target).
|
|
|
|
mv $out/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service $out/lib/systemd/system/multi-user.target.wants/
|
|
|
|
|
|
|
|
mkdir -p $out/example/systemd
|
|
|
|
mv $out/lib/{modules-load.d,binfmt.d,sysctl.d,tmpfiles.d} $out/example
|
|
|
|
mv $out/lib/systemd/{system,user} $out/example/systemd
|
|
|
|
|
|
|
|
rm -rf $out/etc/systemd/system
|
|
|
|
|
|
|
|
# Fix reference to /bin/false in the D-Bus services.
|
|
|
|
for i in $out/share/dbus-1/system-services/*.service; do
|
|
|
|
substituteInPlace $i --replace /bin/false ${coreutils}/bin/false
|
|
|
|
done
|
|
|
|
|
|
|
|
rm -rf $out/etc/rpm
|
|
|
|
|
|
|
|
# "kernel-install" shouldn't be used on NixOS.
|
|
|
|
find $out -name "*kernel-install*" -exec rm {} \;
|
|
|
|
|
|
|
|
# Keep only libudev and libsystemd in the lib output.
|
|
|
|
mkdir -p $out/lib
|
|
|
|
mv $lib/lib/security $lib/lib/libnss* $out/lib/
|
|
|
|
''; # */
|
|
|
|
|
|
|
|
enableParallelBuilding = true;
|
|
|
|
|
|
|
|
# The interface version prevents NixOS from switching to an
|
|
|
|
# incompatible systemd at runtime. (Switching across reboots is
|
|
|
|
# fine, of course.) It should be increased whenever systemd changes
|
|
|
|
# in a backwards-incompatible way. If the interface version of two
|
|
|
|
# systemd builds is the same, then we can switch between them at
|
|
|
|
# runtime; otherwise we can't and we need to reboot.
|
|
|
|
passthru.interfaceVersion = 2;
|
|
|
|
|
|
|
|
meta = {
|
|
|
|
homepage = http://www.freedesktop.org/wiki/Software/systemd;
|
|
|
|
description = "A system and service manager for Linux";
|
|
|
|
platforms = stdenv.lib.platforms.linux;
|
|
|
|
maintainers = [ stdenv.lib.maintainers.eelco ];
|
|
|
|
};
|
2012-05-21 21:48:19 +01:00
|
|
|
}
|