Merge remote-tracking branch 'origin/master' into glibc-2.18

Conflicts:
	pkgs/development/libraries/glibc/2.17/locales.nix

lib/maintainers.nix

@@ -55,6 +55,7 @@
   smironov = "Sergey Mironov <ierton@gmail.com>";
   thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
   the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
+  tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
   urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
   vcunat = "Vladimír Čunát <vcunat@gmail.com>";
   viric = "Lluís Batlle i Rossell <viric@viric.name>";
@@ -63,5 +64,6 @@
   winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
   z77z = "Marco Maggesi <maggesi@math.unifi.it>";
   zef = "Zef Hemel <zef@zef.me>";
+  zimbatm = "zimbatm <zimbatm@zimbatm.com>";
   zoomulator = "Kim Simmons <zoomulator@gmail.com>";
 }

nixos/doc/manual/development.xml

@@ -652,6 +652,37 @@ $ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/
     </listitem>
   </varlistentry>
 
+  <varlistentry>
+    <term><varname>systemd.units.<replaceable>unit-name</replaceable>.unit</varname></term>
+    <listitem>
+      <para>This builds the unit with the specified name.  Note that
+      since unit names contain dots
+      (e.g. <literal>httpd.service</literal>), you need to put them
+      between quotes, like this:
+
+<screen>
+$ nix-build -A 'config.systemd.units."httpd.service".unit'
+</screen>
+
+      You can also test individual units, without rebuilding the whole
+      system, by putting them in
+      <filename>/run/systemd/system</filename>:
+
+<screen>
+$ cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \
+    /run/systemd/system/tmp-httpd.service
+$ systemctl daemon-reload
+$ systemctl start tmp-httpd.service
+</screen>
+
+      Note that the unit must not have the same name as any unit in
+      <filename>/etc/systemd/system</filename> since those take
+      precedence over <filename>/run/systemd/system</filename>.
+      That’s why the unit is installed as
+      <filename>tmp-httpd.service</filename> here.</para>
+    </listitem>
+  </varlistentry>
+
 </variablelist>
 
 </para>

nixos/lib/build-vms.nix

@@ -68,8 +68,8 @@ rec {
                   # the first interface (i.e. the first network in its
                   # virtualisation.vlans option).
                   networking.extraHosts = flip concatMapStrings machines
-                    (m: let config = (getAttr m nodes).config; in
+                    (m': let config = (getAttr m' nodes).config; in
-                      optionalString (config.networking.primaryIPAddress != "")
+                      optionalString (m.first != m' && config.networking.primaryIPAddress != "")
                         ("${config.networking.primaryIPAddress} " +
                          "${config.networking.hostName}\n"));
 

nixos/lib/eval-config.nix

@@ -8,6 +8,7 @@
 , extraArgs ? {}
 , modules
 , check ? true
+, prefix ? []
 }:
 
 let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system; in
@@ -17,6 +18,7 @@ rec {
   # Merge the option definitions in all modules, forming the full
   # system configuration.
   inherit (pkgs.lib.evalModules {
+    inherit prefix;
     modules = modules ++ baseModules;
     args = extraArgs;
     check = check && options.environment.checkConfigurationOptions.value;
@@ -48,7 +50,7 @@ rec {
       let
         system = if nixpkgsOptions.system != "" then nixpkgsOptions.system else system_;
         nixpkgsOptions = (import ./eval-config.nix {
-          inherit system extraArgs modules;
+          inherit system extraArgs modules prefix;
           # For efficiency, leave out most NixOS modules; they don't
           # define nixpkgs.config, so it's pointless to evaluate them.
           baseModules = [ ../modules/misc/nixpkgs.nix ];

nixos/maintainers/scripts/ec2/create-ebs-amis.py

@@ -67,7 +67,7 @@ m.run_command("mkdir -p /mnt/etc/nixos")
 m.run_command("nix-channel --add http://nixos.org/channels/nixos-unstable")
 m.run_command("nix-channel --update")
 m.run_command("nixos-rebuild switch")
-version = m.run_command("nixos-version", capture_stdout=True).replace('"', '').rstrip()
+version = m.run_command("nixos-version", capture_stdout=True).split(' ')[0]
 print >> sys.stderr, "NixOS version is {0}".format(version)
 m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
 m.run_command("nixos-install")

nixos/modules/config/sysctl.nix

@@ -46,7 +46,10 @@ in
         before = [ "sysinit.target" "shutdown.target" ];
         wantedBy = [ "sysinit.target" "multi-user.target" ];
         restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
-        unitConfig.DefaultDependencies = false; # needed to prevent a cycle
+        unitConfig = {
+          DefaultDependencies = false; # needed to prevent a cycle
+          ConditionPathIsReadWrite = "/proc/sys/"; # prevent systemd-sysctl in containers
+        };
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;

nixos/modules/misc/ids.nix

@@ -107,6 +107,7 @@
       redis = 96;
       haproxy = 97;
       mongodb = 98;
+      openldap = 99;
 
       # When adding a uid, make sure it doesn't match an existing gid.
 
@@ -194,6 +195,7 @@
       amule = 90;
       minidlna = 91;
       haproxy = 92;
+      openldap = 93;
 
       # When adding a gid, make sure it doesn't match an existing uid.
 

nixos/modules/module-list.nix

@@ -91,6 +91,7 @@
   ./services/databases/virtuoso.nix
   ./services/games/ghost-one.nix
   ./services/hardware/acpid.nix
+  ./services/hardware/amd-hybrid-graphics.nix
   ./services/hardware/bluetooth.nix
   ./services/hardware/nvidia-optimus.nix
   ./services/hardware/pcscd.nix
@@ -246,11 +247,11 @@
   ./system/boot/kexec.nix
   ./system/boot/loader/efi.nix
   ./system/boot/loader/generations-dir/generations-dir.nix
-  ./system/boot/loader/gummiboot/gummiboot.nix
-  ./system/boot/loader/raspberrypi/raspberrypi.nix
   ./system/boot/loader/grub/grub.nix
   ./system/boot/loader/grub/memtest.nix
+  ./system/boot/loader/gummiboot/gummiboot.nix
   ./system/boot/loader/init-script/init-script.nix
+  ./system/boot/loader/raspberrypi/raspberrypi.nix
   ./system/boot/luksroot.nix
   ./system/boot/modprobe.nix
   ./system/boot/shutdown.nix
@@ -274,6 +275,8 @@
   ./tasks/network-interfaces.nix
   ./tasks/scsi-link-power-management.nix
   ./tasks/swraid.nix
+  ./testing/service-runner.nix
+  ./virtualisation/containers.nix
   ./virtualisation/libvirtd.nix
   #./virtualisation/nova.nix
   ./virtualisation/virtualbox-guest.nix

nixos/modules/security/polkit.nix

@@ -23,7 +23,15 @@ in
       default = "";
       example =
         ''
-          TODO
+          /* Log authorization checks. */
+          polkit.addRule(function(action, subject) {
+            polkit.log("user " +  subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
+          });
+
+          /* Allow any local user to do anything (dangerous!). */
+          polkit.addRule(function(action, subject) {
+            if (subject.local) return "yes";
+          });
         '';
       description =
         ''
@@ -33,9 +41,9 @@ in
     };
 
     security.polkit.adminIdentities = mkOption {
-      type = types.str;
+      type = types.listOf types.str;
-      default = "unix-user:0;unix-group:wheel";
+      default = [ "unix-user:0" "unix-group:wheel" ];
-      example = "";
+      example = [ "unix-user:alice" "unix-group:admin" ];
       description =
         ''
           Specifies which users are considered “administrators”, for those
@@ -58,18 +66,15 @@ in
     # The polkit daemon reads action/rule files
     environment.pathsToLink = [ "/share/polkit-1" ];
 
-    # PolKit rules for NixOS
+    # PolKit rules for NixOS.
-    environment.etc = [ {
+    environment.etc."polkit-1/rules.d/10-nixos.rules".text =
-      source = pkgs.writeText "10-nixos.conf"
+      ''
-        ''
+        polkit.addAdminRule(function(action, subject) {
-          polkit.addAdminRule(function(action, subject) {
+          return [${concatStringsSep ", " (map (i: "\"${i}\"") cfg.adminIdentities)}];
-            return ["${cfg.adminIdentities}"];
+        });
-          });
 
-          ${cfg.extraConfig}
+        ${cfg.extraConfig}
-        ''; #TODO: validation on compilation (at least against typos)
+      ''; #TODO: validation on compilation (at least against typos)
-      target = "polkit-1/rules.d/10-nixos.conf";
-    } ];
 
     services.dbus.packages = [ pkgs.polkit ];
 

nixos/modules/services/audio/alsa.nix

@@ -55,6 +55,7 @@ in
       { description = "Store Sound Card State";
         wantedBy = [ "multi-user.target" ];
         unitConfig.RequiresMountsFor = "/var/lib/alsa";
+        unitConfig.ConditionVirtualization = "!systemd-nspawn";
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;

nixos/modules/services/databases/openldap.nix

@@ -26,6 +26,16 @@ in
         ";
       };
 
+      user = mkOption {
+        default = "openldap";
+        description = "User account under which slapd runs.";
+      };
+
+      group = mkOption {
+        default = "openldap";
+        description = "Group account under which slapd runs.";
+      };
+
       extraConfig = mkOption {
         default = "";
         description = "
@@ -49,10 +59,23 @@ in
       after = [ "network.target" ];
       preStart = ''
         mkdir -p /var/run/slapd
+        chown -R ${cfg.user}:${cfg.group} /var/run/slapd
+        mkdir -p /var/db/openldap
+        chown -R ${cfg.user}:${cfg.group} /var/db/openldap
       '';
-      serviceConfig.ExecStart = "${openldap}/libexec/slapd -d 0 -f ${configFile}";
+      serviceConfig.ExecStart = "${openldap}/libexec/slapd -u openldap -g openldap -d 0 -f ${configFile}";
     };
 
-  };
+    users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton
+      { name = "openldap";
+        group = "openldap";
+        uid = config.ids.uids.openldap;
+      });
 
+    users.extraGroups = optionalAttrs (cfg.group == "openldap") (singleton
+      { name = "openldap";
+        gid = config.ids.gids.openldap;
+     });
+
+  };
 }

nixos/modules/services/databases/postgresql.nix

@@ -30,6 +30,7 @@ let
       hba_file = '${pkgs.writeText "pg_hba.conf" cfg.authentication}'
       ident_file = '${pkgs.writeText "pg_ident.conf" cfg.identMap}'
       log_destination = 'stderr'
+      port = ${toString cfg.port}
       ${cfg.extraConfig}
     '';
 
@@ -63,9 +64,9 @@ in
 
       port = mkOption {
         type = types.int;
-        default = "5432";
+        default = 5432;
         description = ''
-          Port for PostgreSQL.
+          The port on which PostgreSQL listens.
         '';
       };
 
@@ -105,7 +106,9 @@ in
         type = types.bool;
         default = false;
         description = ''
-          Whether to run PostgreSQL with -i flag to enable TCP/IP connections.
+          Whether PostgreSQL should listen on all network interfaces.
+          If disabled, the database can only be accessed via its Unix
+          domain socket or via TCP connections to localhost.
         '';
       };
 
@@ -181,8 +184,13 @@ in
             # Initialise the database.
             if ! test -e ${cfg.dataDir}; then
                 mkdir -m 0700 -p ${cfg.dataDir}
-                chown -R postgres ${cfg.dataDir}
+                if [ "$(id -u)" = 0 ]; then
-                su -s ${pkgs.stdenv.shell} postgres -c 'initdb -U root'
+                  chown -R postgres ${cfg.dataDir}
+                  su -s ${pkgs.stdenv.shell} postgres -c 'initdb -U root'
+                else
+                  # For non-root operation.
+                  initdb
+                fi
                 rm -f ${cfg.dataDir}/*.conf
                 touch "${cfg.dataDir}/.first_startup"
             fi

nixos/modules/services/hardware/acpid.nix

@@ -110,6 +110,7 @@ in
 
         exec = "acpid --confdir ${acpiConfDir}";
 
+        unitConfig.ConditionVirtualization = "!systemd-nspawn";
         unitConfig.ConditionPathExists = [ "/proc/acpi" ];
       };
 

nixos/modules/services/hardware/amd-hybrid-graphics.nix

@@ -0,0 +1,39 @@
+{ config, pkgs, ... }:
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.amdHybridGraphics.disable = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Completely disable the AMD graphics card and use the
+        integrated graphics processor instead.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.hardware.amdHybridGraphics.disable {
+    systemd.services."amd-hybrid-graphics" = {
+      path = [ pkgs.bash ];
+      description = "Disable AMD Card";
+      after = [ "sys-kernel-debug.mount" ];
+      requires = [ "sys-kernel-debug.mount" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        ExecStart = "${pkgs.bash}/bin/sh -c 'echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; exit 0'";
+        ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch; exit 0'";
+      };
+    };
+  };
+
+}

nixos/modules/services/hardware/udev.nix

@@ -209,7 +209,7 @@ in
 
   ###### implementation
 
-  config = {
+  config = mkIf (!config.boot.isContainer) {
 
     services.udev.extraRules = nixosRules;
 
@@ -231,9 +231,16 @@ in
 
     boot.extraModprobeConfig = "options firmware_class path=${config.hardware.firmware}";
 
-    system.activationScripts.clearHotplug =
+    system.activationScripts.udevd =
       ''
         echo "" > /proc/sys/kernel/hotplug
+
+        # Regenerate the hardware database /var/lib/udev/hwdb.bin
+        # whenever systemd changes.
+        if [ ! -e /var/lib/udev/prev-systemd -o "$(readlink /var/lib/udev/prev-systemd)" != ${config.systemd.package} ]; then
+          echo "regenerating udev hardware database..."
+          ${config.systemd.package}/bin/udevadm hwdb --update && ln -sfn ${config.systemd.package} /var/lib/udev/prev-systemd
+        fi
       '';
 
   };

nixos/modules/services/logging/klogd.nix

@@ -32,6 +32,8 @@ with pkgs.lib;
 
         path = [ pkgs.sysklogd ];
 
+        unitConfig.ConditionVirtualization = "!systemd-nspawn";
+
         exec =
           "klogd -c 1 -2 -n " +
           "-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";

nixos/modules/services/misc/nix-daemon.nix

@@ -279,6 +279,7 @@ in
       { description = "Nix Daemon Socket";
         wantedBy = [ "sockets.target" ];
         before = [ "multi-user.target" ];
+        unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
         socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
       };
 
@@ -290,6 +291,8 @@ in
 
         environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
 
+        unitConfig.ConditionPathIsReadWrite = "/nix/var/nix/daemon-socket/";
+
         serviceConfig =
           { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon";
             KillMode = "process";
@@ -331,10 +334,8 @@ in
       ''
         # Set up secure multi-user builds: non-root users build through the
         # Nix daemon.
-        if test "$USER" != root; then
+        if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then
             export NIX_REMOTE=daemon
-        else
-            export NIX_REMOTE=
         fi
       '';
 

nixos/modules/services/monitoring/dd-agent.nix

@@ -62,6 +62,8 @@ in {
         ExecStart = "${pkgs.dd-agent}/bin/dd-agent foreground";
         User = "dd-agent";
         Group = "dd-agent";
+        Restart = "always";
+        RestartSec = 2;
       };
       restartTriggers = [ pkgs.dd-agent datadog_conf ];
     };
@@ -76,6 +78,8 @@ in {
         Group = "dd-agent";
         Type = "forking";
         PIDFile = "/tmp/dogstatsd.pid";
+        Restart = "always";
+        RestartSec = 2;
       };
       restartTriggers = [ pkgs.dd-agent datadog_conf ];
     };

nixos/modules/services/networking/dhcpcd.nix

@@ -114,6 +114,8 @@ in
 
         path = [ dhcpcd pkgs.nettools pkgs.openresolv ];
 
+        unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+
         serviceConfig =
           { Type = "forking";
             PIDFile = "/run/dhcpcd.pid";

nixos/modules/services/printing/cupsd.nix

@@ -149,7 +149,7 @@ in
       ''
         LogLevel info
 
-        SystemGroup root
+        SystemGroup root wheel
 
         Listen localhost:631
         Listen /var/run/cups/cups.sock

nixos/modules/services/web-servers/apache-httpd/default.nix

@@ -628,10 +628,10 @@ in
         preStart =
           ''
             mkdir -m 0750 -p ${mainCfg.stateDir}
-            chown root.${mainCfg.group} ${mainCfg.stateDir}
+            [ $(id -u) != 0 ] || chown root.${mainCfg.group} ${mainCfg.stateDir}
             ${optionalString version24 ''
               mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
-              chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
+              [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
             ''}
             mkdir -m 0700 -p ${mainCfg.logDir}
 
@@ -659,6 +659,7 @@ in
         serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}";
         serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop";
         serviceConfig.Type = "forking";
+        serviceConfig.PIDFile = "${mainCfg.stateDir}/httpd.pid";
         serviceConfig.Restart = "always";
       };
 

nixos/modules/services/x11/desktop-managers/xfce.nix

@@ -72,6 +72,7 @@ in
         pkgs.xfce.thunar_volman
         pkgs.xfce.gvfs
         pkgs.xfce.xfce4_appfinder
+        pkgs.xfce.tumbler
       ]
       ++ optional config.powerManagement.enable pkgs.xfce.xfce4_power_manager;
 

nixos/modules/system/activation/top-level.nix

@@ -34,16 +34,24 @@ let
     in ''
       mkdir $out
 
-      if [ ! -f ${kernelPath} ]; then
+      # Containers don't have their own kernel or initrd.  They boot
-        echo "The bootloader cannot find the proper kernel image."
+      # directly into stage 2.
-        echo "(Expecting ${kernelPath})"
+      ${optionalString (!config.boot.isContainer) ''
-        false
+        if [ ! -f ${kernelPath} ]; then
-      fi
+          echo "The bootloader cannot find the proper kernel image."
+          echo "(Expecting ${kernelPath})"
+          false
+        fi
 
-      ln -s ${kernelPath} $out/kernel
+        ln -s ${kernelPath} $out/kernel
-      ln -s ${config.system.modulesTree} $out/kernel-modules
+        ln -s ${config.system.modulesTree} $out/kernel-modules
 
-      ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd
+        echo -n "$kernelParams" > $out/kernel-params
+
+        ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd
+
+        ln -s ${config.hardware.firmware} $out/firmware
+      ''}
 
       echo "$activationScript" > $out/activate
       substituteInPlace $out/activate --subst-var out
@@ -56,9 +64,7 @@ let
       ln -s ${config.system.build.etc}/etc $out/etc
       ln -s ${config.system.path} $out/sw
       ln -s "$systemd" $out/systemd
-      ln -s ${config.hardware.firmware} $out/firmware
 
-      echo -n "$kernelParams" > $out/kernel-params
       echo -n "$configurationName" > $out/configuration-name
       echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
       echo -n "$nixosVersion" > $out/nixos-version

nixos/modules/system/boot/kernel.nix

@@ -145,7 +145,7 @@ in
 
   ###### implementation
 
-  config = {
+  config = mkIf (!config.boot.isContainer) {
 
     system.build = { inherit kernel; };
 
@@ -230,9 +230,10 @@ in
       { description = "Load Kernel Modules";
         wantedBy = [ "sysinit.target" "multi-user.target" ];
         before = [ "sysinit.target" "shutdown.target" ];
+        conflicts = [ "shutdown.target" ];
         unitConfig =
-          { DefaultDependencies = "no";
+          { DefaultDependencies = false;
-            Conflicts = "shutdown.target";
+            ConditionCapability = "CAP_SYS_MODULE";
           };
         serviceConfig =
           { Type = "oneshot";

nixos/modules/system/boot/loader/grub/grub.nix

@@ -44,7 +44,7 @@ in
     boot.loader.grub = {
 
       enable = mkOption {
-        default = true;
+        default = !config.boot.isContainer;
         type = types.bool;
         description = ''
           Whether to enable the GNU GRUB boot loader.

nixos/modules/system/boot/modprobe.nix

@@ -66,7 +66,7 @@ with pkgs.lib;
 
   ###### implementation
 
-  config = {
+  config = mkIf (!config.boot.isContainer) {
 
     environment.etc = singleton
       { source = pkgs.writeText "modprobe.conf"

nixos/modules/system/boot/shutdown.nix

@@ -6,20 +6,20 @@ with pkgs.lib;
 
   # This unit saves the value of the system clock to the hardware
   # clock on shutdown.
-  systemd.units."save-hwclock.service" =
+  systemd.services.save-hwclock =
-    { wantedBy = [ "shutdown.target" ];
+    { description = "Save Hardware Clock";
 
-      text =
+      wantedBy = [ "shutdown.target" ];
-        ''
-          [Unit]
-          Description=Save Hardware Clock
-          DefaultDependencies=no
-          Before=shutdown.target
 
-          [Service]
+      unitConfig = {
-          Type=oneshot
+        DefaultDependencies = false;
-          ExecStart=${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}
+        ConditionVirtualization = "!systemd-nspawn";
-        '';
+      };
+
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}";
+      };
     };
 
   boot.kernel.sysctl."kernel.poweroff_cmd" = "${config.systemd.package}/sbin/poweroff";

nixos/modules/system/boot/stage-1.nix

@@ -328,7 +328,12 @@ in
 
   };
 
-  config = {
+  config = mkIf (!config.boot.isContainer) {
+
+    assertions = singleton
+      { assertion = any (fs: fs.mountPoint == "/") (attrValues config.fileSystems);
+        message = "The ‘fileSystems’ option does not specify your root file system.";
+      };
 
     system.build.bootStage1 = bootStage1;
     system.build.initialRamdisk = initialRamdisk;

nixos/modules/system/boot/systemd-unit-options.nix

@@ -14,6 +14,18 @@ let
     in if errors == [] then true
        else builtins.trace (concatStringsSep "\n" errors) false;
 
+  unitOption = mkOptionType {
+    name = "systemd option";
+    merge = loc: defs:
+      let
+        defs' = filterOverrides defs;
+        defs'' = getValues defs';
+      in
+        if isList (head defs'')
+        then concatLists defs''
+        else mergeOneOption loc defs';
+  };
+
 in rec {
 
   unitOptions = {
@@ -37,7 +49,7 @@ in rec {
 
     requires = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         Start the specified units when this unit is started, and stop
         this unit when the specified units are stopped or fail.
@@ -46,7 +58,7 @@ in rec {
 
     wants = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         Start the specified units when this unit is started.
       '';
@@ -54,7 +66,7 @@ in rec {
 
     after = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         If the specified units are started at the same time as
         this unit, delay this unit until they have started.
@@ -63,7 +75,7 @@ in rec {
 
     before = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         If the specified units are started at the same time as
         this unit, delay them until this unit has started.
@@ -72,7 +84,7 @@ in rec {
 
     bindsTo = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         Like ‘requires’, but in addition, if the specified units
         unexpectedly disappear, this unit will be stopped as well.
@@ -81,7 +93,7 @@ in rec {
 
     partOf = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         If the specified units are stopped or restarted, then this
         unit is stopped or restarted as well.
@@ -90,7 +102,7 @@ in rec {
 
     conflicts = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = ''
         If the specified units are started, then this unit is stopped
         and vice versa.
@@ -99,20 +111,20 @@ in rec {
 
     requiredBy = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = "Units that require (i.e. depend on and need to go down with) this unit.";
     };
 
     wantedBy = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       description = "Units that want (i.e. depend on) this unit.";
     };
 
     unitConfig = mkOption {
       default = {};
       example = { RequiresMountsFor = "/data"; };
-      type = types.attrs;
+      type = types.attrsOf unitOption;
       description = ''
         Each attribute in this set specifies an option in the
         <literal>[Unit]</literal> section of the unit.  See
@@ -137,7 +149,7 @@ in rec {
 
     environment = mkOption {
       default = {};
-      type = types.attrs;
+      type = types.attrs; # FIXME
       example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
       description = "Environment variables passed to the service's processes.";
     };
@@ -159,7 +171,7 @@ in rec {
         { StartLimitInterval = 10;
           RestartSec = 5;
         };
-      type = types.addCheck types.attrs checkService;
+      type = types.addCheck (types.attrsOf unitOption) checkService;
       description = ''
         Each attribute in this set specifies an option in the
         <literal>[Service]</literal> section of the unit.  See
@@ -169,7 +181,7 @@ in rec {
     };
 
     script = mkOption {
-      type = types.str;
+      type = types.lines;
       default = "";
       description = "Shell commands executed as the service's main process.";
     };
@@ -181,7 +193,7 @@ in rec {
     };
 
     preStart = mkOption {
-      type = types.string;
+      type = types.lines;
       default = "";
       description = ''
         Shell commands executed before the service's main process
@@ -190,7 +202,7 @@ in rec {
     };
 
     postStart = mkOption {
-      type = types.string;
+      type = types.lines;
       default = "";
       description = ''
         Shell commands executed after the service's main process
@@ -198,8 +210,16 @@ in rec {
       '';
     };
 
+    preStop = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Shell commands executed to stop the service.
+      '';
+    };
+
     postStop = mkOption {
-      type = types.string;
+      type = types.lines;
       default = "";
       description = ''
         Shell commands executed after the service's main process
@@ -252,7 +272,7 @@ in rec {
 
     listenStreams = mkOption {
       default = [];
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       example = [ "0.0.0.0:993" "/run/my-socket" ];
       description = ''
         For each item in this list, a <literal>ListenStream</literal>
@@ -263,7 +283,7 @@ in rec {
     socketConfig = mkOption {
       default = {};
       example = { ListenStream = "/run/my-socket"; };
-      type = types.attrs;
+      type = types.attrsOf unitOption;
       description = ''
         Each attribute in this set specifies an option in the
         <literal>[Socket]</literal> section of the unit.  See
@@ -280,7 +300,7 @@ in rec {
     timerConfig = mkOption {
       default = {};
       example = { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; };
-      type = types.attrs;
+      type = types.attrsOf unitOption;
       description = ''
         Each attribute in this set specifies an option in the
         <literal>[Timer]</literal> section of the unit.  See
@@ -328,7 +348,7 @@ in rec {
     mountConfig = mkOption {
       default = {};
       example = { DirectoryMode = "0775"; };
-      type = types.attrs;
+      type = types.attrsOf unitOption;
       description = ''
         Each attribute in this set specifies an option in the
         <literal>[Mount]</literal> section of the unit.  See
@@ -352,7 +372,7 @@ in rec {
     automountConfig = mkOption {
       default = {};
       example = { DirectoryMode = "0775"; };
-      type = types.attrs;
+      type = types.attrsOf unitOption;
       description = ''
         Each attribute in this set specifies an option in the
         <literal>[Automount]</literal> section of the unit.  See

nixos/modules/system/boot/systemd.nix

@@ -160,16 +160,48 @@ let
   };
 
   serviceConfig = { name, config, ... }: {
-    config = {
+    config = mkMerge
-      # Default path for systemd services.  Should be quite minimal.
+      [ { # Default path for systemd services.  Should be quite minimal.
-      path =
+          path =
-        [ pkgs.coreutils
+            [ pkgs.coreutils
-          pkgs.findutils
+              pkgs.findutils
-          pkgs.gnugrep
+              pkgs.gnugrep
-          pkgs.gnused
+              pkgs.gnused
-          systemd
+              systemd
-        ];
+            ];
-    };
+          environment.PATH = config.path;
+        }
+        (mkIf (config.preStart != "")
+          { serviceConfig.ExecStartPre = makeJobScript "${name}-pre-start" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${config.preStart}
+            '';
+          })
+        (mkIf (config.script != "")
+          { serviceConfig.ExecStart = makeJobScript "${name}-start" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${config.script}
+            '' + " " + config.scriptArgs;
+          })
+        (mkIf (config.postStart != "")
+          { serviceConfig.ExecStartPost = makeJobScript "${name}-post-start" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${config.postStart}
+            '';
+          })
+        (mkIf (config.preStop != "")
+          { serviceConfig.ExecStop = makeJobScript "${name}-pre-stop" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${config.preStop}
+            '';
+          })
+        (mkIf (config.postStop != "")
+          { serviceConfig.ExecStopPost = makeJobScript "${name}-post-stop" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${config.postStop}
+            '';
+          })
+      ];
   };
 
   mountConfig = { name, config, ... }: {
@@ -223,41 +255,10 @@ let
           ${attrsToSection def.unitConfig}
 
           [Service]
-          Environment=PATH=${def.path}
-          Environment=LD_LIBRARY_PATH=
           ${let env = cfg.globalEnvironment // def.environment;
             in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)}
           ${optionalString (!def.restartIfChanged) "X-RestartIfChanged=false"}
           ${optionalString (!def.stopIfChanged) "X-StopIfChanged=false"}
-
-          ${optionalString (def.preStart != "") ''
-            ExecStartPre=${makeJobScript "${name}-pre-start" ''
-              #! ${pkgs.stdenv.shell} -e
-              ${def.preStart}
-            ''}
-          ''}
-
-          ${optionalString (def.script != "") ''
-            ExecStart=${makeJobScript "${name}-start" ''
-              #! ${pkgs.stdenv.shell} -e
-              ${def.script}
-            ''} ${def.scriptArgs}
-          ''}
-
-          ${optionalString (def.postStart != "") ''
-            ExecStartPost=${makeJobScript "${name}-post-start" ''
-              #! ${pkgs.stdenv.shell} -e
-              ${def.postStart}
-            ''}
-          ''}
-
-          ${optionalString (def.postStop != "") ''
-            ExecStopPost=${makeJobScript "${name}-post-stop" ''
-              #! ${pkgs.stdenv.shell} -e
-              ${def.postStop}
-            ''}
-          ''}
-
           ${attrsToSection def.serviceConfig}
         '';
     };
@@ -311,8 +312,6 @@ let
         '';
     };
 
-  nixosUnits = mapAttrsToList makeUnit cfg.units;
-
   units = pkgs.runCommand "units" { preferLocalBuild = true; }
     ''
       mkdir -p $out
@@ -338,7 +337,7 @@ let
         done
       done
 
-      for i in ${toString nixosUnits}; do
+      for i in ${toString (mapAttrsToList (n: v: v.unit) cfg.units)}; do
         ln -s $i/* $out/
       done
 
@@ -387,32 +386,41 @@ in
       description = "Definition of systemd units.";
       default = {};
       type = types.attrsOf types.optionSet;
-      options = {
+      options = { name, config, ... }:
-        text = mkOption {
+        { options = {
-          type = types.str;
+            text = mkOption {
-          description = "Text of this systemd unit.";
+              type = types.str;
+              description = "Text of this systemd unit.";
+            };
+            enable = mkOption {
+              default = true;
+              type = types.bool;
+              description = ''
+                If set to false, this unit will be a symlink to
+                /dev/null. This is primarily useful to prevent specific
+                template instances (e.g. <literal>serial-getty@ttyS0</literal>)
+                from being started.
+              '';
+            };
+            requiredBy = mkOption {
+              default = [];
+              type = types.listOf types.string;
+              description = "Units that require (i.e. depend on and need to go down with) this unit.";
+            };
+            wantedBy = mkOption {
+              default = [];
+              type = types.listOf types.string;
+              description = "Units that want (i.e. depend on) this unit.";
+            };
+            unit = mkOption {
+              internal = true;
+              description = "The generated unit.";
+            };
+          };
+          config = {
+            unit = makeUnit name config;
+          };
         };
-        enable = mkOption {
-          default = true;
-          type = types.bool;
-          description = ''
-            If set to false, this unit will be a symlink to
-            /dev/null. This is primarily useful to prevent specific
-            template instances (e.g. <literal>serial-getty@ttyS0</literal>)
-            from being started.
-          '';
-        };
-        requiredBy = mkOption {
-          default = [];
-          type = types.listOf types.string;
-          description = "Units that require (i.e. depend on and need to go down with) this unit.";
-        };
-        wantedBy = mkOption {
-          default = [];
-          type = types.listOf types.string;
-          description = "Units that want (i.e. depend on) this unit.";
-        };
-      };
     };
 
     systemd.packages = mkOption {
@@ -486,6 +494,16 @@ in
       '';
     };
 
+    systemd.extraConfig = mkOption {
+      default = "";
+      type = types.lines;
+      example = "DefaultLimitCORE=infinity";
+      description = ''
+        Extra config options for systemd. See man systemd-system.conf for
+        available options.
+      '';
+    };
+
     services.journald.console = mkOption {
       default = "";
       type = types.str;
@@ -516,9 +534,19 @@ in
       '';
     };
 
+    services.journald.extraConfig = mkOption {
+      default = "";
+      type = types.lines;
+      example = "Storage=volatile";
+      description = ''
+        Extra config options for systemd-journald. See man journald.conf
+        for available options.
+      '';
+    };
+
     services.logind.extraConfig = mkOption {
       default = "";
-      type = types.str;
+      type = types.lines;
       example = "HandleLidSwitch=ignore";
       description = ''
         Extra config options for systemd-logind. See man logind.conf for
@@ -555,6 +583,7 @@ in
     environment.etc."systemd/system.conf".text =
       ''
         [Manager]
+        ${config.systemd.extraConfig}
       '';
 
     environment.etc."systemd/journald.conf".text =
@@ -566,6 +595,7 @@ in
           ForwardToConsole=yes
           TTYPath=${config.services.journald.console}
         ''}
+        ${config.services.journald.extraConfig}
       '';
 
     environment.etc."systemd/logind.conf".text =
@@ -585,13 +615,6 @@ in
         mkdir -p /var/log/journal
         chmod 0755 /var/log/journal
 
-        # Regenerate the hardware database /var/lib/udev/hwdb.bin
-        # whenever systemd changes.
-        if [ ! -e /var/lib/udev/prev-systemd -o "$(readlink /var/lib/udev/prev-systemd)" != ${systemd} ]; then
-          echo "regenerating udev hardware database..."
-          ${systemd}/bin/udevadm hwdb --update && ln -sfn ${systemd} /var/lib/udev/prev-systemd
-        fi
-
         # Make all journals readable to users in the wheel and adm
         # groups, in addition to those in the systemd-journal group.
         # Users can always read their own journals.

nixos/modules/tasks/cpu-freq.nix

@@ -33,6 +33,8 @@ with pkgs.lib;
         after = [ "systemd-modules-load.service" ];
         wantedBy = [ "multi-user.target" ];
 
+        unitConfig.ConditionPathIsReadWrite = "/sys/devices/";
+
         path = [ pkgs.cpufrequtils ];
 
         preStart = ''

nixos/modules/tasks/filesystems.nix

@@ -81,6 +81,7 @@ in
   options = {
 
     fileSystems = mkOption {
+      default = {};
       example = {
         "/".device = "/dev/hda1";
         "/data" = {

nixos/modules/tasks/kbd.nix

@@ -55,9 +55,9 @@ in
       { description = "Setup Virtual Console";
         wantedBy = [ "sysinit.target" "multi-user.target" ];
         before = [ "sysinit.target" "shutdown.target" ];
+        conflicts = [ "shutdown.target" ];
         unitConfig =
           { DefaultDependencies = "no";
-            Conflicts = "shutdown.target";
             ConditionPathExists = "/dev/tty1";
           };
         serviceConfig =

nixos/modules/tasks/network-interfaces.nix

@@ -270,6 +270,8 @@ in
             before = [ "network.target" ];
             wantedBy = [ "network.target" ];
 
+            unitConfig.ConditionCapability = "CAP_NET_ADMIN";
+
             path = [ pkgs.iproute ];
 
             serviceConfig.Type = "oneshot";

nixos/modules/tasks/scsi-link-power-management.nix

@@ -31,6 +31,8 @@ with pkgs.lib;
 
         task = true;
 
+        unitConfig.ConditionPathIsReadWrite = "/sys/class/scsi_host";
+
         script = ''
           shopt -s nullglob
           for x in /sys/class/scsi_host/host*/link_power_management_policy; do

nixos/modules/testing/service-runner.nix

@@ -0,0 +1,114 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  makeScript = name: service: pkgs.writeScript "${name}-runner"
+    ''
+      #! ${pkgs.perl}/bin/perl -w -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl
+
+      use File::Slurp;
+
+      sub run {
+          my ($cmd) = @_;
+          my @args = split " ", $cmd;
+          my $prog;
+          if (substr($args[0], 0, 1) eq "@") {
+              $prog = substr($args[0], 1);
+              shift @args;
+          } else {
+              $prog = $args[0];
+          }
+          my $pid = fork;
+          if ($pid == 0) {
+              setpgrp; # don't receive SIGINT etc. from terminal
+              exec { $prog } @args;
+              die "failed to exec $prog\n";
+          } elsif (!defined $pid) {
+              die "failed to fork: $!\n";
+          }
+          return $pid;
+      };
+
+      sub run_wait {
+          my ($cmd) = @_;
+          my $pid = run $cmd;
+          die if waitpid($pid, 0) != $pid;
+          return $?;
+      };
+
+      # Set the environment.  FIXME: escaping.
+      foreach my $key (keys %ENV) {
+          next if $key eq 'LOCALE_ARCHIVE';
+          delete $ENV{$key};
+      }
+      ${concatStrings (mapAttrsToList (n: v: ''
+        $ENV{'${n}'} = '${v}';
+      '') service.environment)}
+
+      # Run the ExecStartPre program.  FIXME: this could be a list.
+      my $preStart = '${service.serviceConfig.ExecStartPre or ""}';
+      if ($preStart ne "") {
+          print STDERR "running ExecStartPre: $preStart\n";
+          my $res = run_wait $preStart;
+          die "$0: ExecStartPre failed with status $res\n" if $res;
+      };
+
+      # Run the ExecStart program.
+      my $cmd = '${service.serviceConfig.ExecStart}';
+      print STDERR "running ExecStart: $cmd\n";
+      my $mainPid = run $cmd;
+      $ENV{'MAINPID'} = $mainPid;
+
+      # Catch SIGINT, propagate to the main program.
+      sub intHandler {
+          print STDERR "got SIGINT, stopping service...\n";
+          kill 'INT', $mainPid;
+      };
+      $SIG{'INT'} = \&intHandler;
+      $SIG{'QUIT'} = \&intHandler;
+
+      # Run the ExecStartPost program.
+      my $postStart = '${service.serviceConfig.ExecStartPost or ""}';
+      if ($postStart ne "") {
+          print STDERR "running ExecStartPost: $postStart\n";
+          my $res = run_wait $postStart;
+          die "$0: ExecStartPost failed with status $res\n" if $res;
+      }
+
+      # Wait for the main program to exit.
+      die if waitpid($mainPid, 0) != $mainPid;
+      my $mainRes = $?;
+
+      # Run the ExecStopPost program.
+      my $postStop = '${service.serviceConfig.ExecStopPost or ""}';
+      if ($postStop ne "") {
+          print STDERR "running ExecStopPost: $postStop\n";
+          my $res = run_wait $postStop;
+          die "$0: ExecStopPost failed with status $res\n" if $res;
+      }
+
+      exit($mainRes & 127 ? 255 : $mainRes << 8);
+    '';
+
+in
+
+{
+  options = {
+    systemd.services = mkOption {
+      options =
+        { config, name, ... }:
+        { options.runner = mkOption {
+            internal = true;
+            description = ''
+              A script that runs the service outside of systemd,
+              useful for testing or for using NixOS services outside
+              of NixOS.
+            '';
+          };
+          config.runner = makeScript name config;
+        };
+    };
+  };
+}

nixos/modules/virtualisation/containers.nix

@@ -0,0 +1,137 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+
+    boot.isContainer = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether this NixOS machine is a lightweight container running
+        in another NixOS system.
+      '';
+    };
+
+    systemd.containers = mkOption {
+      type = types.attrsOf (types.submodule (
+        { config, options, name, ... }:
+        {
+          options = {
+
+            root = mkOption {
+              type = types.path;
+              description = ''
+                The root directory of the container.
+              '';
+            };
+
+            config = mkOption {
+              description = ''
+                A specification of the desired configuration of this
+                container, as a NixOS module.
+              '';
+            };
+
+            path = mkOption {
+              type = types.path;
+              example = "/nix/var/nix/profiles/containers/webserver";
+              description = ''
+                As an alternative to specifying
+                <option>config</option>, you can specify the path to
+                the evaluated NixOS system configuration, typically a
+                symlink to a system profile.
+              '';
+            };
+
+          };
+
+          config = mkMerge
+            [ { root = mkDefault "/var/lib/containers/${name}";
+              }
+              (mkIf options.config.isDefined {
+                path = (import ../../lib/eval-config.nix {
+                  modules =
+                    let extraConfig =
+                      { boot.isContainer = true;
+                        security.initialRootPassword = "!";
+                        networking.hostName = mkDefault name;
+                      };
+                    in [ extraConfig config.config ];
+                  prefix = [ "systemd" "containers" name ];
+                }).config.system.build.toplevel;
+              })
+            ];
+        }));
+
+      default = {};
+      example = literalExample
+        ''
+          { webserver =
+              { root = "/containers/webserver";
+                path = "/nix/var/nix/profiles/webserver";
+              };
+            database =
+              { root = "/containers/database";
+                config =
+                  { config, pkgs, ... }:
+                  { services.postgresql.enable = true;
+                    services.postgresql.package = pkgs.postgresql92;
+                  };
+              };
+          }
+        '';
+      description = ''
+        A set of NixOS system configurations to be run as lightweight
+        containers.  Each container appears as a service
+        <literal>container-<replaceable>name</replaceable></literal>
+        on the host system, allowing it to be started and stopped via
+        <command>systemctl</command> .
+      '';
+    };
+
+  };
+
+
+  config = {
+
+    systemd.services = mapAttrs' (name: container: nameValuePair "container-${name}"
+      { description = "Container '${name}'";
+
+        wantedBy = [ "multi-user.target" ];
+
+        unitConfig.RequiresMountsFor = [ container.root ];
+
+        preStart =
+          ''
+            mkdir -p -m 0755 ${container.root}/etc
+            if ! [ -e ${container.root}/etc/os-release ]; then
+              touch ${container.root}/etc/os-release
+            fi
+          '';
+
+        serviceConfig.ExecStart =
+          "${config.systemd.package}/bin/systemd-nspawn -M ${name} -D ${container.root} --bind-ro=/nix ${container.path}/init";
+
+        preStop =
+          ''
+            pid="$(cat /sys/fs/cgroup/systemd/machine/${name}.nspawn/system/tasks 2> /dev/null)"
+            if [ -n "$pid" ]; then
+              # Send the RTMIN+3 signal, which causes the container
+              # systemd to start halt.target.
+              echo "killing container systemd, PID = $pid"
+              kill -RTMIN+3 $pid
+              # Wait for the container to exit.  We can't let systemd
+              # do this because it will send a signal to the entire
+              # cgroup.
+              for ((n = 0; n < 180; n++)); do
+                if ! kill -0 $pid 2> /dev/null; then break; fi
+                sleep 1
+              done
+            fi
+          '';
+      }) config.systemd.containers;
+
+  };
+}

nixos/modules/virtualisation/libvirtd.nix

@@ -101,6 +101,19 @@ in
                 mkdir -p /etc/$(dirname $i) -m 755
                 cp -fpd ${pkgs.libvirt}/etc/$i /etc/$i
             done
+
+            # libvirtd puts the full path of the emulator binary in the machine
+            # config file. But this path can unfortunately be garbage collected
+            # while still being used by the virtual machine. So update the
+            # emulator path on each startup to something valid (re-scan $PATH).
+            for file in /etc/libvirt/qemu/*.xml; do
+                # get (old) emulator path from config file
+                emulator=$(grep "^[[:space:]]*<emulator>" "$file" | sed 's,^[[:space:]]*<emulator>\(.*\)</emulator>.*,\1,')
+                # get a (definitely) working emulator path by re-scanning $PATH
+                new_emulator=$(command -v $(basename "$emulator"))
+                # write back
+                sed -i "s,^[[:space:]]*<emulator>.*,    <emulator>$new_emulator</emulator> <!-- WARNING: emulator dirname is auto-updated by the nixos libvirtd module -->," "$file"
+            done
           ''; # */
 
         serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';

nixos/tests/misc.nix

@@ -59,6 +59,12 @@
       subtest "override-env-var", sub {
           $machine->succeed('[ "$EDITOR" = emacs ]');
       };
+
+      # Test whether hostname (and by extension nss_myhostname) works.
+      subtest "hostname", sub {
+          $machine->succeed('[ "`hostname`" = machine ]');
+          $machine->succeed('[ "`hostname -s`" = machine ]');
+      };
     '';
 
 }

pkgs/applications/audio/qmmp/default.nix

@@ -28,11 +28,11 @@
 # handle that.
 
 stdenv.mkDerivation rec {
-  name = "qmmp-0.7.0";
+  name = "qmmp-0.7.3";
 
   src = fetchurl {
     url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
-    sha256 = "0g8qcs82y3dy06lsgam2w6gh2ccx0frlw9fp4xg947vi3a16g6ig";
+    sha256 = "0qjmnyq3qmrm510g3lsa6vd80nmbz0859pwhnaaa19ah0jhf3r2p";
   };
 
   buildInputs =
@@ -55,5 +55,6 @@ stdenv.mkDerivation rec {
     license = licenses.gpl2;
     platforms = platforms.linux;
     maintainers = [maintainers.bjornfor];
+    repositories.svn = http://qmmp.googlecode.com/svn/;
   };
 }

pkgs/applications/editors/emacs-modes/ess/default.nix

@@ -1,11 +1,11 @@
 { stdenv, fetchurl, emacs, texinfo }:
 
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
-  name = "ess-13.05";
+  name = "ess-13.09";
 
   src = fetchurl {
-    url = "http://ess.r-project.org/downloads/ess/ess-13.05.tgz";
+    url = "http://ess.r-project.org/downloads/ess/${name}.tgz";
-    sha256 = "007rd8hg1aclr2i8178ym5c4bi7vgmwkp802v1mkgr85h50zlfdk";
+    sha256 = "1lki3vb6p7cw98zqq0gaia68flpqrjkd6dcl85fs0cc8qf55yqnh";
   };
 
   buildInputs = [ emacs texinfo ];

pkgs/applications/graphics/grafx2/default.nix

@@ -0,0 +1,28 @@
+{ stdenv, fetchurl, SDL, SDL_image, SDL_ttf, zlib, libpng, pkgconfig, lua5 }:
+
+stdenv.mkDerivation rec {
+
+  version = "2.4.2035";
+  name = "grafx2-${version}";
+
+  src = fetchurl {
+    url = "https://grafx2.googlecode.com/files/${name}-src.tgz";
+    sha256 = "0svsy6rqmdj11b400c242i2ixihyz0hds0dgicqz6g6dcgmcl62q";
+  };
+
+  buildInputs = [ SDL SDL_image SDL_ttf libpng zlib lua5 pkgconfig ];
+
+  preBuild = "cd src";
+
+  preInstall = '' mkdir -p "$out" '';
+
+  installPhase = ''make install prefix="$out"'';
+
+  meta = {
+    description = "GrafX2 is a bitmap paint program inspired by the Amiga programs Deluxe Paint and Brilliance.";
+    homepage = http://code.google.co/p/grafx2/;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = [ "x86_64-linux" "i686-linux" ];
+    maintainers = [ stdenv.lib.maintainers.zoomulator ];
+  };
+}

pkgs/applications/graphics/mypaint/default.nix

@@ -1,5 +1,6 @@
-{ stdenv, fetchurl, gettext, glib, gtk, json_c, lcms2, libpng
+{ stdenv, fetchurl, gettext, glib, gtk, hicolor_icon_theme, json_c
-, makeWrapper, pkgconfig, pygtk, python, pythonPackages, scons, swig
+, lcms2, libpng , makeWrapper, pkgconfig, pygtk, python, pythonPackages
+, scons, swig
 }:
 
 stdenv.mkDerivation rec {
@@ -11,18 +12,21 @@ stdenv.mkDerivation rec {
     sha256 = "0f7848hr65h909c0jkcx616flc0r4qh53g3kd1cgs2nr1pjmf3bq";
   };
 
-  buildInputs = [ 
+  buildInputs = [
     gettext glib gtk json_c lcms2 libpng makeWrapper pkgconfig pygtk
     python scons swig
   ];
- 
+
-  propagatedBuildInputs = [ pythonPackages.numpy ];
+  propagatedBuildInputs = [ hicolor_icon_theme pythonPackages.numpy ];
 
   buildPhase = "scons prefix=$out";
 
   installPhase = ''
     scons prefix=$out install
-    wrapProgram $out/bin/mypaint --prefix PYTHONPATH : $PYTHONPATH
+    sed -i -e 's|/usr/bin/env python2.7|${python}/bin/python|' $out/bin/mypaint
+    wrapProgram $out/bin/mypaint \
+      --prefix PYTHONPATH : $PYTHONPATH \
+      --prefix XDG_DATA_DIRS ":" "${hicolor_icon_theme}/share"
   '';
 
   meta = with stdenv.lib; {

pkgs/applications/graphics/pencil/default.nix

@@ -0,0 +1,33 @@
+{ stdenv, fetchurl, xulrunner }:
+
+stdenv.mkDerivation rec {
+  name = "pencil-2.0.5";
+
+  src = fetchurl {
+    url = "http://evoluspencil.googlecode.com/files/${name}.tar.gz";
+    sha256 = "0rn5nb08p8wph5s5gajkil6y06zgrm86p4gnjdgv76czx1fqazm0";
+  };
+
+  # Pre-built package
+  buildPhase = "true";
+
+  installPhase = ''
+    mkdir -p "$out"
+    cp -r usr/* "$out"
+    cp COPYING "$out/share/pencil"
+    sed -e "s|/usr/bin/xulrunner|${xulrunner}/bin/xulrunner|" \
+        -e "s|/usr/share/pencil|$out/share/pencil|" \
+        -i "$out/bin/pencil"
+    sed -e "s|/usr/bin/pencil|$out/bin/pencil|" \
+        -e "s|Icon=.*|Icon=$out/share/pencil/skin/classic/icon.svg|" \
+        -i "$out/share/applications/pencil.desktop"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "GUI prototyping/mockup tool";
+    homepage = http://pencil.evolus.vn/;
+    license = licenses.gpl2; # Commercial license is also available
+    maintainers = [ maintainers.bjornfor ];
+    platforms = platforms.linux;
+  };
+}

pkgs/applications/misc/calibre/default.nix

@@ -4,11 +4,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "calibre-1.8.0";
+  name = "calibre-1.13.0";
 
   src = fetchurl {
     url = "mirror://sourceforge/calibre/${name}.tar.xz";
-    sha256 = "0awh24n5bvypmiylngmz0w0126yz1jxlrjfy9b4w5aflg7vgr0qq";
+    sha256 = "0j0l81jkjzd8n3ciqwxh8zxz945y594xjfsizp3cxjjfhj90aagj";
   };
 
   inherit python;

pkgs/applications/misc/girara/default.nix

@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, gtk, gettext }:
 
 stdenv.mkDerivation rec {
-  name = "girara-0.1.5";
+  name = "girara-0.1.9";
 
   src = fetchurl {
     url = "http://pwmt.org/projects/girara/download/${name}.tar.gz";
-    sha256 = "1hfi3jmx8ydvrqm3h6p6py2csavh7xx0223vxyca51kjl9mfnbld";
+    sha256 = "1kd20dalnpy07hajv0rkmkbsym4bpfxh0gby7j2mvkvl5qr3vx70";
   };
 
   buildInputs = [ pkgconfig gtk gettext ];

pkgs/applications/misc/rxvt_unicode/default.nix

@@ -38,13 +38,6 @@ stdenv.mkDerivation (rec {
       ln -s $out/{lib/urxvt,lib/perl5/site_perl}
     '';
 
-  # we link the separate terminfo output to the main output
-  # as I don't think there's a usecase for wanting urxvt without its terminfo files
-  # and we don't want users to install them separately
-  postInstall = ''
-    ln -s $terminfo/share/terminfo $out/share
-  '';
-
   meta = {
     description = "A clone of the well-known terminal emulator rxvt";
     homepage = "http://software.schmorp.de/pkg/rxvt-unicode.html";

pkgs/applications/misc/vifm/default.nix

@@ -2,14 +2,14 @@
 
 let
   name = "vifm-${version}";
-  version = "0.7.5";
+  version = "0.7.6";
 
 in stdenv.mkDerivation {
   inherit name;
 
   src = fetchurl {
     url="mirror://sourceforge/project/vifm/vifm/${name}.tar.bz2";
-    sha256 ="1r1d92zrff94rfx011dw2qsgdwd2ksqlz15la74d6h7sfcsnyd01";
+    sha256 ="03v50hmgfvrci5fz31zmklmp6ix7qpqnhvm6639wbk3g5mcrh5w6";
   };
 
   #phaseNames = ["doConfigure" "doMakeInstall"];

pkgs/applications/misc/vue/default.nix

@@ -11,10 +11,10 @@ let
     (builtins.attrNames (builtins.removeAttrs x helperArgNames));
   sourceInfo = rec {
     baseName="vue";
-    version="3.1.2";
+    version="3.2.2";
     name="${baseName}-${version}";
-    url="http://releases.atech.tufts.edu/vue/v${version}/VUE_3_1_2.zip";
+    url="releases.atech.tufts.edu/jenkins/job/VUE/64/deployedArtifacts/download/artifact.2";
-    hash="0ga98gnp4qhcrb31cb8j0mwbrh6ym6hr4k5y4blxvyfff9c0vq47";
+    hash="0sb1kgan8fvph2cqfxk3906cwx5wy83zni2vlz4zzi6yg4zvfxld";
   };
 in
 rec {
@@ -30,9 +30,8 @@ rec {
   phaseNames = ["doDeploy"];
 
   doDeploy = a.fullDepEntry ''
-    unzip ${src}
     mkdir -p "$out"/{share/vue,bin}
-    cp VUE.jar "$out/share/vue/vue.jar"
+    cp ${src} "$out/share/vue/vue.jar"
     echo '#!${a.stdenv.shell}' >> "$out/bin/vue" 
     echo '${a.jre}/bin/java -jar "'"$out/share/vue/vue.jar"'" "$@"' >> "$out/bin/vue" 
     chmod a+x "$out/bin/vue"

pkgs/applications/misc/xmobar/default.nix

@@ -1,5 +1,5 @@
 { cabal, filepath, libXrandr, mtl, parsec, regexCompat, stm, time
-, utf8String, X11, X11Xft
+, utf8String, wirelesstools, X11, X11Xft
 }:
 
 cabal.mkDerivation (self: {
@@ -11,8 +11,8 @@ cabal.mkDerivation (self: {
   buildDepends = [
     filepath mtl parsec regexCompat stm time utf8String X11 X11Xft
   ];
-  extraLibraries = [ libXrandr ];
+  extraLibraries = [ libXrandr wirelesstools ];
-  configureFlags = "-fwith_xft";
+  configureFlags = "-fwith_xft -fwith_iwlib";
   meta = {
     homepage = "http://projects.haskell.org/xmobar/";
     description = "A Minimalistic Text Based Status Bar";

pkgs/applications/misc/zathura/core/default.nix

@@ -1,17 +1,15 @@
 { stdenv, fetchurl, pkgconfig, gtk, girara, gettext, docutils, file, makeWrapper }:
 
 stdenv.mkDerivation rec {
-
+  version = "0.2.5";
-  version = "0.2.2";
-
   name = "zathura-core-${version}";
 
   src = fetchurl {
     url = "http://pwmt.org/projects/zathura/download/zathura-${version}.tar.gz";
-    sha256 = "1ja2j9ygymr259fxf02j1vkvalypac48gpadq8fn3qbclxxj61k5";
+    sha256 = "1lw9q0x4b7x6z86hwgs93f8srimd0sj8fwg91185f63yz9g800fr";
   };
 
-  buildInputs = [ pkgconfig gtk girara gettext makeWrapper ];
+  buildInputs = [ pkgconfig file gtk girara gettext makeWrapper ];
 
   # Bug in zathura build system: we should remove empty manfiles in order them
   # to be compiled properly

pkgs/applications/misc/zathura/default.nix

@@ -3,13 +3,19 @@
 rec {
   inherit (pkgs) stdenv;
 
-  zathura_core = callPackage ./core { };
+  zathura_core = callPackage ./core {
+    gtk = pkgs.gtk3;
+  };
 
   zathura_pdf_poppler = callPackage ./pdf-poppler { };
 
-  zathura_djvu = callPackage ./djvu { };
+  zathura_djvu = callPackage ./djvu {
+    gtk = pkgs.gtk3;
+  };
 
-  zathura_ps = callPackage ./ps { };
+  zathura_ps = callPackage ./ps {
+    gtk = pkgs.gtk3;
+  };
 
   zathuraWrapper = stdenv.mkDerivation {
 

pkgs/applications/misc/zathura/djvu/default.nix

@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, gtk, zathura_core, girara, djvulibre, gettext }:
 
 stdenv.mkDerivation rec {
-  name = "zathura-djvu-0.2.1";
+  name = "zathura-djvu-0.2.3";
 
   src = fetchurl {
     url = "http://pwmt.org/projects/zathura/plugins/download/${name}.tar.gz";
-    sha256 = "d8bb3c9e30244a0733e49740ee2dd099ce39fa16f2c320af27a0c09d9a25bcc3";
+    sha256 = "12gd8kb0al5mknh4rlvxzgzwz3vhjggqjh8ws27phaq14paq4vn1";
   };
 
   buildInputs = [ pkgconfig djvulibre gettext zathura_core gtk girara ];

pkgs/applications/misc/zathura/pdf-poppler/default.nix

@@ -1,12 +1,12 @@
 { stdenv, fetchurl, pkgconfig, zathura_core, girara, poppler, gettext }:
 
 stdenv.mkDerivation rec {
-  version = "0.2.2";
+  version = "0.2.4";
   name = "zathura-pdf-poppler-${version}";
 
   src = fetchurl {
     url = "http://pwmt.org/projects/zathura/plugins/download/${name}.tar.gz";
-    sha256 = "0px59f0bnmb9992n3c9iyzcwd6w7vg8ga069vc8qj4726ljml4c7";
+    sha256 = "1x1n21naixb87g1knznjfjfibazzwbn1cv7d42kxgwlnf1p1wbzm";
   };
 
   buildInputs = [ pkgconfig poppler gettext zathura_core girara ];

pkgs/applications/misc/zathura/ps/default.nix

@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, gtk, zathura_core, girara, libspectre, gettext }:
 
 stdenv.mkDerivation rec {
-  name = "zathura-ps-0.2.0";
+  name = "zathura-ps-0.2.2";
 
   src = fetchurl {
     url = "http://pwmt.org/projects/zathura/plugins/download/${name}.tar.gz";
-    sha256 = "717eda01213b162421b6b52f29d6b981edc302fddf351ccb2c093b6842751414";
+    sha256 = "1a6ps5v1wk18qvslbkjln6w8wfzzr6fi13ls96vbdc03vdhn4m76";
   };
 
   buildInputs = [ pkgconfig libspectre gettext zathura_core gtk girara ];

pkgs/applications/networking/bittorrentsync/default.nix

@@ -14,9 +14,9 @@ let
     else if stdenv.system == "i686-linux" then "ld-linux.so.2"
     else throw "Bittorrent Sync for: ${stdenv.system} not supported!";
 
-  version = "1.1.70";
+  version = "1.2.82";
-  sha256 = if stdenv.system == "x86_64-linux" then "1hnyncq5439fxn1q8dkzcg2alxjkanr4q4pgqqf3nngz4cdar5vi"
+  sha256 = if stdenv.system == "x86_64-linux" then "0cqrscav57xwz7rag6wy06xw6z7ca97xailprgg6jdjv4pnc91ra"
-    else if stdenv.system == "i686-linux" then "1ijdmzl8bnb4k99vrjn5gd31hy64p9wiyxw5wc5gbpgap191h5i5"
+    else if stdenv.system == "i686-linux" then "1b9rnfk0wkhj1zybvfqwgd9dcqnxwdnp7m0vf6lhrgi75cydj7is"
     else throw "Bittorrent Sync for: ${stdenv.system} not supported!";
 
 in stdenv.mkDerivation {

pkgs/applications/networking/browsers/chromium/default.nix

@@ -46,16 +46,17 @@ let
 
     prePatch = "patchShebangs .";
 
-    patches = singleton (
+    patches = singleton ./sandbox_userns_31.patch;
-      if versionOlder version "31.0.0.0"
-      then ./sandbox_userns_30.patch
-      else ./sandbox_userns_31.patch
-    );
 
     postPatch = ''
       sed -i -r -e 's/-f(stack-protector)(-all)?/-fno-\1/' build/common.gypi
+    '' + (if versionOlder version "32.0.0.0" then ''
       sed -i -e 's|/usr/bin/gcc|gcc|' third_party/WebKit/Source/core/core.gypi
-    '' + optionalString useOpenSSL ''
+    '' else ''
+      sed -i -e 's|/usr/bin/gcc|gcc|' \
+        third_party/WebKit/Source/build/scripts/scripts.gypi \
+        third_party/WebKit/Source/build/scripts/preprocessor.pm
+    '') + optionalString useOpenSSL ''
       cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
     '';
 

pkgs/applications/networking/browsers/chromium/sandbox_userns_30.patch

@@ -1,293 +0,0 @@
-commit 41510de6ae32e6161073992bd1243f7f33148a06
-Author: aszlig <aszlig@redmoonstudios.org>
-Date:   Thu May 16 14:17:56 2013 +0200
-
-    zygote: Add support for user namespaces on Linux.
-    
-    The implementation is done by patching the Zygote host to execute the sandbox
-    binary with CLONE_NEWUSER and setting the uid and gid mapping so that the child
-    process is using uid 0 and gid 0 which map to the current user of the parent.
-    Afterwards, the sandbox will continue as if it was called as a setuid binary.
-    
-    In addition, this adds new_user_namespace as an option in process_util in order
-    to set the UID and GID mapping correctly. The reason for this is that just
-    passing CLONE_NEWUSER to clone_flags doesn't help in LaunchProcess(), because
-    without setting the mappings exec*() will clear the process's capability sets.
-    
-    If the kernel doesn't support unprivileged user namespaces and the sandbox
-    binary doesn't have the setuid flag, the Zygote main process will run without a
-    sandbox. This is to mimic the behaviour if no SUID sandbox binary path is set.
-    
-    Signed-off-by: aszlig <aszlig@redmoonstudios.org>
-
-diff --git a/base/process/launch.h b/base/process/launch.h
-index 45b1053..ce71418 100644
---- a/base/process/launch.h
-+++ b/base/process/launch.h
-@@ -51,6 +51,7 @@ struct LaunchOptions {
-         new_process_group(false)
- #if defined(OS_LINUX)
-         , clone_flags(0)
-+        , new_user_namespace(false)
- #endif  // OS_LINUX
- #if defined(OS_CHROMEOS)
-         , ctrl_terminal_fd(-1)
-@@ -125,6 +126,9 @@ struct LaunchOptions {
- #if defined(OS_LINUX)
-   // If non-zero, start the process using clone(), using flags as provided.
-   int clone_flags;
-+
-+  // If true, start the process in a new user namespace.
-+  bool new_user_namespace;
- #endif  // defined(OS_LINUX)
- 
- #if defined(OS_CHROMEOS)
-diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc
-index 52e149c..312f835 100644
---- a/base/process/launch_posix.cc
-+++ b/base/process/launch_posix.cc
-@@ -37,6 +37,13 @@
- #include "base/threading/platform_thread.h"
- #include "base/threading/thread_restrictions.h"
- 
-+#if defined(OS_LINUX)
-+#include <sched.h>
-+#if !defined(CLONE_NEWUSER)
-+#define CLONE_NEWUSER 0x10000000
-+#endif
-+#endif
-+
- #if defined(OS_CHROMEOS)
- #include <sys/ioctl.h>
- #endif
-@@ -416,13 +423,23 @@ bool LaunchProcess(const std::vector<std::string>& argv,
- 
-   pid_t pid;
- #if defined(OS_LINUX)
--  if (options.clone_flags) {
-+  int map_pipe_fd[2];
-+  int flags = options.clone_flags;
-+
-+  if (options.new_user_namespace) {
-+    flags |= CLONE_NEWUSER;
-+    if (pipe(map_pipe_fd) < 0) {
-+      DPLOG(ERROR) << "user namespace pipe";
-+      return false;
-+    }
-+  }
-+
-+  if (options.clone_flags || options.new_user_namespace) {
-     // Signal handling in this function assumes the creation of a new
-     // process, so we check that a thread is not being created by mistake
-     // and that signal handling follows the process-creation rules.
--    RAW_CHECK(
--        !(options.clone_flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM)));
--    pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0);
-+    RAW_CHECK(!(flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM)));
-+    pid = syscall(__NR_clone, flags, 0, 0, 0);
-   } else
- #endif
-   {
-@@ -440,6 +457,21 @@ bool LaunchProcess(const std::vector<std::string>& argv,
-   } else if (pid == 0) {
-     // Child process
- 
-+#if defined(OS_LINUX)
-+    if (options.new_user_namespace) {
-+      // Close the write end of the pipe so we get an EOF when the parent closes
-+      // the FD. This is to avoid race conditions when the UID/GID mappings are
-+      // written _after_ execvp().
-+      close(map_pipe_fd[1]);
-+
-+      char dummy;
-+      if (HANDLE_EINTR(read(map_pipe_fd[0], &dummy, 1)) != 0) {
-+        RAW_LOG(ERROR, "Unexpected input in uid/gid mapping pipe.");
-+        _exit(127);
-+      }
-+    }
-+#endif
-+
-     // DANGER: fork() rule: in the child, if you don't end up doing exec*(),
-     // you call _exit() instead of exit(). This is because _exit() does not
-     // call any previously-registered (in the parent) exit handlers, which
-@@ -555,6 +587,40 @@ bool LaunchProcess(const std::vector<std::string>& argv,
-     _exit(127);
-   } else {
-     // Parent process
-+#if defined(OS_LINUX)
-+    if (options.new_user_namespace) {
-+      // We need to write UID/GID mapping here to map the current user outside
-+      // the namespace to the root user inside the namespace in order to
-+      // correctly "fool" the child process.
-+      char buf[256];
-+      int map_fd, map_len;
-+
-+      snprintf(buf, sizeof(buf), "/proc/%d/uid_map", pid);
-+      map_fd = open(buf, O_RDWR);
-+      DPCHECK(map_fd >= 0);
-+      snprintf(buf, sizeof(buf), "0 %d 1", geteuid());
-+      map_len = strlen(buf);
-+      if (write(map_fd, buf, map_len) != map_len) {
-+        RAW_LOG(WARNING, "Can't write to uid_map.");
-+      }
-+      close(map_fd);
-+
-+      snprintf(buf, sizeof(buf), "/proc/%d/gid_map", pid);
-+      map_fd = open(buf, O_RDWR);
-+      DPCHECK(map_fd >= 0);
-+      snprintf(buf, sizeof(buf), "0 %d 1", getegid());
-+      map_len = strlen(buf);
-+      if (write(map_fd, buf, map_len) != map_len) {
-+        RAW_LOG(WARNING, "Can't write to gid_map.");
-+      }
-+      close(map_fd);
-+
-+      // Close the pipe on the parent, so the child can continue doing the
-+      // execvp() call.
-+      close(map_pipe_fd[1]);
-+    }
-+#endif
-+
-     if (options.wait) {
-       // While this isn't strictly disk IO, waiting for another process to
-       // finish is the sort of thing ThreadRestrictions is trying to prevent.
-diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc
-index bb84e62..bce0d18 100644
---- a/content/browser/zygote_host/zygote_host_impl_linux.cc
-+++ b/content/browser/zygote_host/zygote_host_impl_linux.cc
-@@ -119,25 +119,31 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
- 
-   sandbox_binary_ = sandbox_cmd.c_str();
- 
--  // A non empty sandbox_cmd means we want a SUID sandbox.
--  using_suid_sandbox_ = !sandbox_cmd.empty();
-+  bool userns_sandbox = false;
-+  const std::vector<std::string> cmd_line_unwrapped(cmd_line.argv());
- 
--  if (using_suid_sandbox_) {
-+  if (!sandbox_cmd.empty()) {
-     struct stat st;
-     if (stat(sandbox_binary_.c_str(), &st) != 0) {
-       LOG(FATAL) << "The SUID sandbox helper binary is missing: "
-                  << sandbox_binary_ << " Aborting now.";
-     }
- 
--    if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
--        (st.st_uid == 0) &&
--        (st.st_mode & S_ISUID) &&
--        (st.st_mode & S_IXOTH)) {
-+    if (access(sandbox_binary_.c_str(), X_OK) == 0) {
-+      using_suid_sandbox_ = true;
-+
-       cmd_line.PrependWrapper(sandbox_binary_);
- 
-       scoped_ptr<sandbox::SetuidSandboxClient>
-           sandbox_client(sandbox::SetuidSandboxClient::Create());
-       sandbox_client->SetupLaunchEnvironment();
-+
-+      if (!((st.st_uid == 0) &&
-+            (st.st_mode & S_ISUID) &&
-+            (st.st_mode & S_IXOTH))) {
-+        userns_sandbox = true;
-+        sandbox_client->SetNoSuid();
-+      }
-     } else {
-       LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
-                     "configured correctly. Rather than run without sandboxing "
-@@ -161,7 +167,19 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
-   base::ProcessHandle process = -1;
-   base::LaunchOptions options;
-   options.fds_to_remap = &fds_to_map;
-+  if (userns_sandbox)
-+    options.new_user_namespace = true;
-   base::LaunchProcess(cmd_line.argv(), options, &process);
-+
-+  if (process == -1 && userns_sandbox) {
-+    LOG(ERROR) << "User namespace sandbox failed to start, running without "
-+               << "sandbox! You need at least kernel 3.8.0 with CONFIG_USER_NS "
-+               << "enabled in order to use the sandbox without setuid bit.";
-+    using_suid_sandbox_ = false;
-+    options.new_user_namespace = false;
-+    base::LaunchProcess(cmd_line_unwrapped, options, &process);
-+  }
-+
-   CHECK(process != -1) << "Failed to launch zygote process";
- 
-   if (using_suid_sandbox_) {
-diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
-index 1f0e9f5..ade5aab 100644
---- a/content/zygote/zygote_main_linux.cc
-+++ b/content/zygote/zygote_main_linux.cc
-@@ -420,6 +420,13 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
-       *has_started_new_init = true;
-     }
- 
-+    // Don't set non-dumpable, as it causes trouble when the host tries to find
-+    // the zygote process (XXX: Not quite sure why this happens with user
-+    // namespaces). Fortunately, we also have the seccomp filter sandbox which
-+    // should disallow the use of ptrace.
-+    if (setuid_sandbox->IsNoSuid())
-+      return true;
-+
- #if !defined(OS_OPENBSD)
-     // Previously, we required that the binary be non-readable. This causes the
-     // kernel to mark the process as non-dumpable at startup. The thinking was
-diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.cc b/sandbox/linux/suid/client/setuid_sandbox_client.cc
-index 34231d4..36e3201 100644
---- a/sandbox/linux/suid/client/setuid_sandbox_client.cc
-+++ b/sandbox/linux/suid/client/setuid_sandbox_client.cc
-@@ -166,6 +166,10 @@ bool SetuidSandboxClient::IsInNewNETNamespace() const {
-   return env_->HasVar(kSandboxNETNSEnvironmentVarName);
- }
- 
-+bool SetuidSandboxClient::IsNoSuid() const {
-+  return env_->HasVar(kSandboxNoSuidVarName);
-+}
-+
- bool SetuidSandboxClient::IsSandboxed() const {
-   return sandboxed_;
- }
-@@ -175,5 +179,9 @@ void SetuidSandboxClient::SetupLaunchEnvironment() {
-   SetSandboxAPIEnvironmentVariable(env_);
- }
- 
-+void SetuidSandboxClient::SetNoSuid() {
-+  env_->SetVar(kSandboxNoSuidVarName, "1");
-+}
-+
- }  // namespace sandbox
- 
-diff --git a/sandbox/linux/suid/client/setuid_sandbox_client.h b/sandbox/linux/suid/client/setuid_sandbox_client.h
-index a9f6536..2e8113a 100644
---- a/sandbox/linux/suid/client/setuid_sandbox_client.h
-+++ b/sandbox/linux/suid/client/setuid_sandbox_client.h
-@@ -39,6 +39,8 @@ class SetuidSandboxClient {
-   bool IsInNewPIDNamespace() const;
-   // Did the setuid helper create a new network namespace ?
-   bool IsInNewNETNamespace() const;
-+  // Is sandboxed without SUID binary ?
-+  bool IsNoSuid() const;
-   // Are we done and fully sandboxed ?
-   bool IsSandboxed() const;
- 
-@@ -46,6 +48,8 @@ class SetuidSandboxClient {
-   // helper.
-   void SetupLaunchEnvironment();
- 
-+  void SetNoSuid();
-+
-  private:
-   // Holds the environment. Will never be NULL.
-   base::Environment* env_;
-diff --git a/sandbox/linux/suid/common/sandbox.h b/sandbox/linux/suid/common/sandbox.h
-index aad4ff8..bd710d5 100644
---- a/sandbox/linux/suid/common/sandbox.h
-+++ b/sandbox/linux/suid/common/sandbox.h
-@@ -18,6 +18,7 @@ static const char kAdjustLowMemMarginSwitch[] = "--adjust-low-mem";
- 
- static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";
- static const char kSandboxHelperPidEnvironmentVarName[] = "SBX_HELPER_PID";
-+static const char kSandboxNoSuidVarName[] = "SBX_NO_SUID";
- 
- static const long kSUIDSandboxApiNumber = 1;
- static const char kSandboxEnvironmentApiRequest[] = "SBX_CHROME_API_RQ";

pkgs/applications/networking/browsers/chromium/sources.nix

@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   dev = {
-    version = "32.0.1671.3";
+    version = "33.0.1712.4";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-32.0.1671.3.tar.xz";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-33.0.1712.4.tar.xz";
-    sha256 = "0bv86ig3mrd95zh78880bcyh9b8w46s7slxq3mwwmrmqp0s8qaq0";
+    sha256 = "1c1m0y3nnz2lclqi21j6hgqmb46p1hv7c22zz9fn7dax7jkimydk";
   };
   beta = {
-    version = "31.0.1650.34";
+    version = "32.0.1700.19";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-31.0.1650.34.tar.xz";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-32.0.1700.19.tar.xz";
-    sha256 = "0c73kvp09cmq4x42rcf45v0mnbyb8rcyi5i4pj0pvfn451vbngdq";
+    sha256 = "0d0kgy160pyg472ka43gxk7n09pqhhs9nd93jyxrp9qsyllfc425";
   };
   stable = {
-    version = "30.0.1599.114";
+    version = "31.0.1650.57";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.114.tar.xz";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-31.0.1650.57.tar.xz";
-    sha256 = "0q5pq8bj4y0c7hd121db1fa9g3apkpkhb6cf14ag7abgrda2pzw2";
+    sha256 = "1xv7frf47hhvqm6f3n2l308yfrs4d8ri70q6pndx7hslhyiixzl9";
   };
 }

pkgs/applications/networking/browsers/firefox/default.nix

@@ -15,12 +15,11 @@
 
 assert stdenv.gcc ? libc && stdenv.gcc.libc != null;
 
-let optional = stdenv.lib.optional;
+rec {
-in rec {
 
-  firefoxVersion = "25.0";
+  firefoxVersion = "25.0.1";
 
-  xulVersion = "25.0"; # this attribute is used by other packages
+  xulVersion = "25.0.1"; # this attribute is used by other packages
 
 
   src = fetchurl {
@@ -30,7 +29,7 @@ in rec {
         # Fall back to this url for versions not available at releases.mozilla.org.
         "http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${firefoxVersion}/source/firefox-${firefoxVersion}.source.tar.bz2"
     ];
-    sha1 = "854722e283659d2b6b2eacd38f757b3c5b63a448";
+    sha1 = "592ebd242c4839ef0e18707a7e959d8bed2a98f3";
   };
 
   commonConfigureFlags =

pkgs/applications/networking/dropbox/default.nix

@@ -25,9 +25,9 @@ let
     else if stdenv.system == "i686-linux" then "ld-linux.so.2"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
 
-  version = "2.4.3";
+  version = "2.4.7";
-  sha256 = if stdenv.system == "x86_64-linux" then "0g8iqgc18qbw8fvdjf0fhbal34rvwr5izrf5acfzqjg99dgih81r"
+  sha256 = if stdenv.system == "x86_64-linux" then "08fh0zx9q83dvivnbx5zr1cwb69ihhlx9mkbd3ikynk1wd8df8n8"
-    else if stdenv.system == "i686-linux" then "1nhmk319whj6cil6wg9hrfln9bxin3fnf6sxb0zg2ycfpnnqi0la"
+    else if stdenv.system == "i686-linux" then "0rhblpahg2axglpi8iavsglffw83rj71qy113wj2dh6q72124j2h"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
 
   # relative location where the dropbox libraries are stored

pkgs/applications/networking/feedreaders/newsbeuter/default.nix

@@ -2,11 +2,11 @@
 , gettext, libiconvOrEmpty, makeWrapper, perl }:
 
 stdenv.mkDerivation rec {
-  name = "newsbeuter-2.6";
+  name = "newsbeuter-2.7";
 
   src = fetchurl {
     url = "http://www.newsbeuter.org/downloads/${name}.tar.gz";
-    sha256 = "1hywz5206k0ykjklkjvnfy9fm4jfv9phz8dkzzwhfcjvqv9zv29i";
+    sha256 = "0flhzzlbdirjmrq738gmcxqqnifg3kb7plcwqcxshpizmjkhswp6";
   };
 
   buildInputs

pkgs/applications/networking/feedreaders/newsbeuter/dev.nix

@@ -0,0 +1,45 @@
+{ stdenv, fetchgit, sqlite, curl, pkgconfig, libxml2, stfl, json-c-0-11, ncurses
+, gettext, libiconvOrEmpty, makeWrapper, perl }:
+
+stdenv.mkDerivation rec {
+  name = "newsbeuter-dev-20131118";
+
+  src = fetchgit {
+    url = "https://github.com/akrennmair/newsbeuter.git";
+    rev = "18b73f7d44a99a698d4878fe7d226f55842132c2";
+  };
+
+  buildInputs
+    # use gettext instead of libintlOrEmpty so we have access to the msgfmt
+    # command
+    = [ pkgconfig sqlite curl libxml2 stfl json-c-0-11 ncurses gettext perl ]
+      ++ libiconvOrEmpty
+      ++ stdenv.lib.optional stdenv.isDarwin makeWrapper;
+
+  preBuild = ''
+    sed -i -e 104,108d config.sh
+    sed -i "1 s%^.*$%#!${perl}/bin/perl%" txt2h.pl
+    export LDFLAGS=-lncursesw
+  '';
+
+  NIX_CFLAGS_COMPILE =
+    "-I${libxml2}/include/libxml2 -I${json-c-0-11}/include/json-c";
+
+  NIX_LDFLAGS = "-lsqlite3 -lcurl -lxml2 -lstfl -ljson";
+
+  installPhase = ''
+    DESTDIR=$out prefix=\"\" make install
+  '' + stdenv.lib.optionalString stdenv.isDarwin ''
+    for prog in $out/bin/*; do
+      wrapProgram "$prog" --prefix DYLD_LIBRARY_PATH : "${stfl}/lib"
+    done
+  '';
+
+  meta = with stdenv.lib; {
+    homepage    = http://www.newsbeuter.org;
+    description = "An open-source RSS/Atom feed reader for text terminals";
+    maintainers = with maintainers; [ lovek323 ];
+    license     = licenses.mit;
+    platforms   = platforms.unix;
+  };
+}

pkgs/applications/networking/instant-messengers/fuze/default.nix

@@ -0,0 +1,53 @@
+{ stdenv, fetchurl, dpkg, openssl, alsaLib, libXext, libXfixes, libXrandr
+, libjpeg, curl, libX11, libXmu, libXv, libXtst, qt4, mesa, zlib
+, gnome, libidn, rtmpdump, c-ares, openldap, makeWrapper, cacert
+}:
+assert stdenv.system == "x86_64-linux";
+let
+  curl_custom =
+    stdenv.lib.overrideDerivation curl (args: { 
+      configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/etc/ca-bundle.crt"] ; 
+    } );
+in
+stdenv.mkDerivation {
+  name = "fuze-1.0.5";
+  src = fetchurl {
+    url = http://apt.fuzebox.com/apt/pool/lucid/main/f/fuzelinuxclient/fuzelinuxclient_1.0.5.lucid_amd64.deb;
+    sha256 = "0gvxc8qj526cigr1lif8vdn1aawj621camkc8kvps23r7zijhnqv";
+  };
+  buildInputs = [ dpkg makeWrapper ];
+  libPath =
+    stdenv.lib.makeLibraryPath [
+      openssl alsaLib libXext libXfixes libXrandr libjpeg curl_custom
+      libX11 libXmu libXv qt4 libXtst mesa stdenv.gcc.gcc zlib
+      gnome.GConf libidn rtmpdump c-ares openldap
+    ];
+  buildCommand = ''
+    dpkg-deb -x $src .
+    mkdir -p $out/lib $out/bin
+    cp -R usr/lib/fuzebox $out/lib
+
+    patchelf \
+      --set-interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+      --set-rpath $out/lib/fuzebox:$libPath \
+      $out/lib/fuzebox/FuzeLinuxApp
+
+    wrapProgram $out/lib/fuzebox/FuzeLinuxApp --prefix LD_LIBRARY_PATH : $libPath
+    for f in $out/lib/fuzebox/*.so.*; do
+      patchelf \
+        --set-rpath $out/lib/fuzebox:$libPath \
+        $f
+    done
+
+    ln -s ${openssl}/lib/libssl.so.1.0.0 $out/lib/fuzebox/libssl.so.0.9.8
+    ln -s ${openssl}/lib/libcrypto.so.1.0.0 $out/lib/fuzebox/libcrypto.so.0.9.8
+
+    ln -s $out/lib/fuzebox/FuzeLinuxApp $out/bin/fuze
+  '';
+
+  meta = {
+    description = "Fuze for Linux";
+    homepage = http://www.fuzebox.com;
+    license = "unknown";
+  };
+}

pkgs/applications/networking/instant-messengers/teamspeak/client.nix

@@ -1,23 +1,34 @@
-{ stdenv, fetchurl, zlib, glib, libpng, freetype, xorg, fontconfig, alsaLib }:
+{ stdenv, fetchurl, zlib, glib, libpng, freetype, xorg, fontconfig, alsaLib,
+  qt4, pulseaudio ? null }:
 
 let
 
+  version = "3.0.13.1";
+
+  arch = if stdenv.is64bit then "amd64" else "x86";
+ 
   libDir = if stdenv.is64bit then "lib64" else "lib";
 
   deps =
     [ zlib glib libpng freetype xorg.libSM xorg.libICE xorg.libXrender
       xorg.libXrandr xorg.libXfixes xorg.libXcursor xorg.libXinerama
-      fontconfig xorg.libXext xorg.libX11 alsaLib
+      fontconfig xorg.libXext xorg.libX11 alsaLib qt4 pulseaudio
     ];
 
 in
 
 stdenv.mkDerivation {
-  name = "teamspeak-client-3.0.0-beta35";
+  name = "teamspeak-client-${version}";
 
   src = fetchurl {
-    url = http://ftp.4players.de/pub/hosted/ts3/releases/beta-35/TeamSpeak3-Client-linux_amd64-3.0.0-beta35.run;
+    urls = [
-    sha256 = "0vygsvjs11lr5lv4x7awv7hvkycvmm9qs2vklfjs91w3f434cmrx";
+       "http://dl.4players.de/ts/releases/${version}/TeamSpeak3-Client-linux_${arch}-${version}.run"
+      "http://teamspeak.gameserver.gamed.de/ts3/releases/${version}/TeamSpeak3-Client-linux_${arch}-${version}.run"
+      "http://files.teamspeak-services.com/releases/${version}/TeamSpeak3-Client-linux_${arch}-${version}.run"
+    ];
+    sha256 = if stdenv.is64bit 
+		then "0mj8vpsnv906n3wgjwhiby5gk26jr5jbd94swmsf0s9kqwhsj6i1"
+                else "1hlw7lc0nl1mrsyd052s6ws64q5aabnw6qpv8mrdxb3hyp7g2qh1";
   };
 
   unpackPhase =
@@ -28,22 +39,27 @@ stdenv.mkDerivation {
 
   buildPhase =
     ''
-      ls -l
+      mv ts3client_linux_${arch} ts3client
-      for i in ts3client_linux_*; do
+      echo "patching ts3client..."
-        echo "patching $i..."
+      patchelf \
-        patchelf \
+        --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
-          --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+        --set-rpath ${stdenv.lib.makeLibraryPath deps}:$(cat $NIX_GCC/nix-support/orig-gcc)/${libDir} \
-          --set-rpath ${stdenv.lib.makeLibraryPath deps}:$(cat $NIX_GCC/nix-support/orig-gcc)/${libDir} \
+        --force-rpath \
-          --force-rpath \
+        ts3client
-          $i
-      done
     '';
-    
 
   installPhase =
     ''
+      # Delete unecessary libraries - these are provided by nixos.
+      rm *.so.*
+
+      # Install files.
       mkdir -p $out/lib/teamspeak
       mv * $out/lib/teamspeak/
+
+      # Make a symlink to the binary from bin.
+      mkdir -p $out/bin/
+      ln -s $out/lib/teamspeak/ts3client $out/bin/ts3client
     '';
 
   dontStrip = true;
@@ -53,6 +69,7 @@ stdenv.mkDerivation {
     description = "The TeamSpeak voice communication tool";
     homepage = http://teamspeak.com/;
     license = "http://www.teamspeak.com/?page=downloads&type=ts3_linux_client_latest";
+    platforms = stdenv.lib.platforms.linux;
   };
 }
 

pkgs/applications/networking/jmeter/default.nix

@@ -1,10 +1,10 @@
 { fetchurl, stdenv, ant }:
 
 stdenv.mkDerivation rec {
-  name = "jmeter-2.9";
+  name = "jmeter-2.10";
   src = fetchurl {
-    url = "http://ftp.unicamp.br/pub/apache//jmeter/binaries/apache-jmeter-2.9.tgz";
+    url = "http://ftp.unicamp.br/pub/apache//jmeter/binaries/apache-${name}.tgz";
-    sha256 = "14r3zn910m97jqrf6k5c4lwy214snaap2242qg76h65zk9qr20ni";
+    sha256 = "1ygm0h02sllh4mfl5imj46v80wnbs1x7n88gfjm523ixmgsa0fvy";
   };
 
   installPhase = ''

pkgs/applications/networking/mailreaders/mutt/default.nix

@@ -15,22 +15,16 @@ assert sslSupport -> openssl != null;
 assert saslSupport -> cyrus_sasl != null;
 
 let
-  gpgmePatch = fetchurl {
+  version = "1.5.22";
-    # Solution for gpgme >= 1.2: http://dev.mutt.org/trac/ticket/3300
-    url = "http://dev.mutt.org/trac/raw-attachment/ticket/3300/mutt-1.5.21-gpgme-init.patch";
-    sha256 = "1qa1c8gns4q3as1h2lk3x4di2k3hr804ar7xlc6xh9r0zjhzmlk4";
-  };
 in
 stdenv.mkDerivation rec {
-  name = "mutt-1.5.21";
+  name = "mutt-${version}";
   
   src = fetchurl {
     url = "ftp://ftp.mutt.org/mutt/devel/${name}.tar.gz";
-    sha256 = "1864cwz240gh0zy56fb47qqzwyf6ghg01037rb4p2kqgimpg6h91";
+    sha256 = "19zk81spnb0gc8y5mwmcfn33g77wv1xz5bmgic8aan07xn8fislg";
   };
 
-  patches = [ (if gpgmeSupport then gpgmePatch else null) ];
-
   buildInputs = [
     ncurses which perl
     (if headerCache then gdbm else null)
@@ -58,8 +52,12 @@ stdenv.mkDerivation rec {
     (if gpgmeSupport then "--enable-gpgme" else "--disable-gpgme")
   ];
 
-  meta = {
+  meta = with stdenv.lib; {
+    description = "A small but very powerful text-based mail client";
     homepage = http://www.mutt.org;
+    license = "GPLv2+";
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ the-kenny ];
   };
 }
 

pkgs/applications/networking/mailreaders/notmuch/default.nix

@@ -3,11 +3,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "notmuch-0.15.2";
+  name = "notmuch-0.16";
 
   src = fetchurl {
     url = "http://notmuchmail.org/releases/${name}.tar.gz";
-    sha256 = "03cwylm0y9xld0hn753v0hn62f96nagdmzxv8jlz8vdbh9iszs56";
+    sha256 = "0i7k85lfp9l0grmq7cvai2f3pw15jcrhcp96mmamr15y2pn2syg7";
   };
 
   buildInputs = [ bash emacs gdb glib gmime gnupg pkgconfig talloc xapian ];

pkgs/applications/networking/newsreaders/liferea/default.nix

@@ -18,6 +18,9 @@ stdenv.mkDerivation rec {
     libnotify
   ];
 
+  preFixup = ''
+    rm $out/share/icons/hicolor/icon-theme.cache'';
+
   meta = {
     description = "A GTK-based news feed agregator";
     homepage = http://lzone.de/liferea/;

pkgs/applications/networking/remote/teamviewer/8.nix

@@ -1,26 +1,20 @@
-{ stdenv, fetchurl, libX11, libXtst, libXext, libXdamage, libXfixes, wine, makeWrapper
+{ stdenv, fetchurl, libX11, libXtst, libXext, libXdamage, libXfixes, wineUnstable, makeWrapper, libXau
-, bash }:
+, bash, patchelf }:
 
-# Work in progress.
-
-# It doesn't want to start unless teamviewerd is running as root.
-# I haven't tried to make the daemon run.
-
-assert stdenv.system == "i686-linux";
 let
-  topath = "${wine}/bin";
+  topath = "${wineUnstable}/bin";
 
   toldpath = stdenv.lib.concatStringsSep ":" (map (x: "${x}/lib") 
-    [ stdenv.gcc.gcc libX11 libXtst libXext libXdamage libXfixes wine ]);
+    [ stdenv.gcc.gcc libX11 libXtst libXext libXdamage libXfixes wineUnstable ]);
 in
 stdenv.mkDerivation {
   name = "teamviewer-8.0.17147";
   src = fetchurl {
     url = "http://download.teamviewer.com/download/teamviewer_linux_x64.deb";
-    sha256 = "01iynk954pphl5mq4avs843xyzvdfzng1lpsy7skgwvw0k9cx5ab";
+    sha256 = "0s5m15f99rdmspzwx3gb9mqd6jx1bgfm0d6rfd01k9rf7gi7qk0k";
   };
 
-  buildInputs = [ makeWrapper ];
+  buildInputs = [ makeWrapper patchelf ];
 
   unpackPhase = ''
     ar x $src
@@ -36,9 +30,13 @@ stdenv.mkDerivation {
     #!${bash}/bin/sh
     export LD_LIBRARY_PATH=${toldpath}\''${LD_LIBRARY_PATH:+:\$LD_LIBRARY_PATH}
     export PATH=${topath}\''${PATH:+:\$PATH}
-    $out/share/teamviewer8/tv_bin/script/teamviewer
+    $out/share/teamviewer8/tv_bin/script/teamviewer "\$@"
     EOF
     chmod +x $out/bin/teamviewer
+
+    patchelf --set-rpath "${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib:${libX11}/lib:${libXext}/lib:${libXau}/lib:${libXdamage}/lib:${libXfixes}/lib" $out/share/teamviewer8/tv_bin/teamviewerd
+    patchelf --set-interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" $out/share/teamviewer8/tv_bin/teamviewerd
+    ln -s $out/share/teamviewer8/tv_bin/teamviewerd $out/bin/
   '';
 
   meta = {

pkgs/applications/networking/sniffers/wireshark/default.nix

@@ -4,14 +4,14 @@
 , makeDesktopItem
 }:
 
-let version = "1.8.7"; in
+let version = "1.8.11"; in
 
 stdenv.mkDerivation {
   name = "wireshark-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/wireshark/wireshark-${version}.tar.bz2";
-    sha256 = "0hm8zisy5dg7sfhh7rvgnpffq2qcw0syd8k5kns8j0j13sf44zjw";
+    sha256 = "1nwgizs9z1dalicpp2fd9pqafidy49j0v3d1rml0spfqrkbjpfpw";
   };
 
   buildInputs =

pkgs/applications/office/gnucash/default.nix

@@ -1,7 +1,7 @@
 { fetchurl, stdenv, pkgconfig, libxml2, gconf, glib, gtk, libgnomeui, libofx
 , libgtkhtml, gtkhtml, libgnomeprint, goffice, enchant, gettext, libbonoboui
 , intltool, perl, guile, slibGuile, swig, isocodes, bzip2, makeWrapper, libglade
-, libgsf, libart_lgpl
+, libgsf, libart_lgpl, perlPackages
 }:
 
 /* If you experience GConf errors when running GnuCash on NixOS, see
@@ -21,23 +21,31 @@ stdenv.mkDerivation rec {
     pkgconfig libxml2 gconf glib gtk libgnomeui libgtkhtml gtkhtml
     libgnomeprint goffice enchant gettext intltool perl guile slibGuile
     swig isocodes bzip2 makeWrapper libofx libglade libgsf libart_lgpl
+    perlPackages.DateManip perlPackages.FinanceQuote
   ];
 
   configureFlags = "CFLAGS=-O3 CXXFLAGS=-O3 --disable-dbi --enable-ofx";
 
   postInstall = ''
-    sed -i $out/bin/update-gnucash-gconf                                \
+    # Auto-updaters don't make sense in Nix.
+    rm $out/bin/gnc-fq-update
+
+    sed -i $out/bin/update-gnucash-gconf \
        -e 's|--config-source=[^ ]* --install-schema-file|--makefile-install-rule|'
-    for prog in "$out/bin/"*
+
+    for prog in $(echo "$out/bin/"*)
     do
+      # Don't wrap the gnc-fq-* scripts, since gnucash calls them as
+      # "perl <script>', i.e. they must be Perl scripts.
+      if [[ $prog =~ gnc-fq ]]; then continue; fi
       wrapProgram "$prog"                                               \
         --set SCHEME_LIBRARY_PATH "$SCHEME_LIBRARY_PATH"                \
         --prefix GUILE_LOAD_PATH ":" "$GUILE_LOAD_PATH"                 \
         --prefix LD_LIBRARY_PATH ":" "${libgnomeui}/lib/libglade/2.0"   \
         --prefix LD_LIBRARY_PATH ":" "${libbonoboui}/lib/libglade/2.0"  \
+        --prefix PERL5LIB ":" "$PERL5LIB"                               \
         --set GCONF_CONFIG_SOURCE 'xml::~/.gconf'                       \
-        --prefix PATH ":" "${gconf}/bin"                                \
+        --prefix PATH ":" "$out/bin:${perl}/bin:${gconf}/bin"
-        --suffix PATH ":" "$out/bin"
     done
   '';
 

pkgs/applications/office/ledger/3.0.nix

@@ -1,15 +1,15 @@
 { stdenv, fetchgit, cmake, boost, gmp, mpfr, libedit, python, texinfo }:
 
 let
-  rev = "0ec4291";
+  rev = "0e5867bc5c";
 in
 stdenv.mkDerivation {
-  name = "ledger3-2013.08.${rev}";
+  name = "ledger3-2013.11.${rev}";
 
   src = fetchgit {
     url = "https://github.com/ledger/ledger.git";
     inherit rev;
-    sha256 = "1y4rcbx8y2fxkdc7i06n1i5jf3cq05bvzpb8498mis2gwfmkw470";
+    sha256 = "16aa63z24rp5vin7al8b6nzdi4kqpawbzvh148wfr2wj60vdb1n5";
   };
 
   buildInputs = [ cmake boost gmp mpfr libedit python texinfo ];

pkgs/applications/science/logic/ekrhyper/default.nix

@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="ekrhyper";
-    version="1_4_30072013";
+    version="1_4_20112013";
     name="${baseName}-${version}";
-    hash="0ashsblm477r7dmq9f33wajkbr29rbyyc919mifdgrrdy6zlc663";
+    hash="08qrsahlgqq29zyrcc8435bymj3jvxaailbgjy47jzj1ki2i0vgm";
-    url="http://userpages.uni-koblenz.de/~bpelzer/ekrhyper/ekrh_1_4_30072013.tar.gz";
+    url="http://userpages.uni-koblenz.de/~bpelzer/ekrhyper/ekrh_1_4_20112013.tar.gz";
-    sha256="0ashsblm477r7dmq9f33wajkbr29rbyyc919mifdgrrdy6zlc663";
+    sha256="08qrsahlgqq29zyrcc8435bymj3jvxaailbgjy47jzj1ki2i0vgm";
   };
   buildInputs = [
     ocaml perl

pkgs/applications/science/logic/hol/default.nix

@@ -46,11 +46,11 @@ stdenv.mkDerivation {
     #sed -ie "/compute/,999 d" tools/build-sequence # for testing
 
     poly < tools/smart-configure.sml
-
+    
     bin/build ${kernelFlag} -symlink
 
     mkdir -p "$out/bin"
-    ln -st $out/bin  "$out/src/${holsubdir}/bin/"*
+    ln -st $out/bin  $out/src/${holsubdir}/bin/*
     # ln -s $out/src/hol4.${version}/bin $out/bin
   '';
 

pkgs/applications/science/spyder/default.nix

@@ -8,12 +8,12 @@
 }:
 
 buildPythonPackage rec {
-  name = "spyder-2.1.13.1";
+  name = "spyder-2.2.5";
   namePrefix = "";
 
   src = fetchurl {
     url = "https://spyderlib.googlecode.com/files/${name}.zip";
-    sha256 = "1sg88shvw6k2v5428k13mah4pyqng43856rzr6ypz5qgwn0677ya";
+    sha256 = "1bxc5qs2bqc21s6kxljsfxnmwgrgnyjfr9mkwzg9njpqsran3bp2";
   };
 
   buildInputs = [ unzip ];

pkgs/applications/version-management/git-and-tools/git-annex/default.nix

@@ -2,32 +2,33 @@
 , caseInsensitive, clientsession, cryptoApi, cryptohash, curl
 , dataDefault, dataenc, DAV, dbus, dlist, dns, editDistance
 , extensibleExceptions, feed, filepath, git, gnupg1, gnutls, hamlet
-, hinotify, hS3, hslogger, HTTP, httpConduit, httpTypes, HUnit
+, hinotify, hS3, hslogger, HTTP, httpConduit, httpTypes, IfElse
-, IfElse, json, lsof, MissingH, MonadCatchIOTransformers
+, json, lsof, MissingH, MonadCatchIOTransformers, monadControl, mtl
-, monadControl, mtl, network, networkInfo, networkMulticast
+, network, networkInfo, networkMulticast, networkProtocolXmpp
-, networkProtocolXmpp, openssh, perl, QuickCheck, random, regexTdfa
+, openssh, perl, QuickCheck, random, regexTdfa, rsync
-, rsync, SafeSemaphore, SHA, stm, text, time, transformers
+, SafeSemaphore, SHA, stm, tasty, tastyHunit, tastyQuickcheck, text
-, unixCompat, utf8String, uuid, wai, waiLogger, warp, which
+, time, transformers, unixCompat, utf8String, uuid, wai, waiLogger
-, xmlConduit, xmlTypes, yesod, yesodCore, yesodDefault, yesodForm
+, warp, which, xmlConduit, xmlTypes, yesod, yesodCore, yesodDefault
-, yesodStatic
+, yesodForm, yesodStatic
 }:
 
 cabal.mkDerivation (self: {
   pname = "git-annex";
-  version = "4.20131106";
+  version = "5.20131130";
-  sha256 = "019k3zhbc3wjg8isndw6hkgrr3h3qxrbfydv7m6zpgv2khjyhfh0";
+  sha256 = "0px918wzv9zqxz7wc6rx2ay8rizbckw79yinhisjvp3y5lldyjj1";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
     aeson async blazeBuilder bloomfilter caseInsensitive clientsession
     cryptoApi cryptohash dataDefault dataenc DAV dbus dlist dns
     editDistance extensibleExceptions feed filepath gnutls hamlet
-    hinotify hS3 hslogger HTTP httpConduit httpTypes HUnit IfElse json
+    hinotify hS3 hslogger HTTP httpConduit httpTypes IfElse json
     MissingH MonadCatchIOTransformers monadControl mtl network
     networkInfo networkMulticast networkProtocolXmpp QuickCheck random
-    regexTdfa SafeSemaphore SHA stm text time transformers unixCompat
+    regexTdfa SafeSemaphore SHA stm tasty tastyHunit tastyQuickcheck
-    utf8String uuid wai waiLogger warp xmlConduit xmlTypes yesod
+    text time transformers unixCompat utf8String uuid wai waiLogger
-    yesodCore yesodDefault yesodForm yesodStatic
+    warp xmlConduit xmlTypes yesod yesodCore yesodDefault yesodForm
+    yesodStatic
   ];
   buildTools = [ bup curl git gnupg1 lsof openssh perl rsync which ];
   configureFlags = "-fS3

pkgs/applications/virtualization/bochs/default.nix

@@ -0,0 +1,62 @@
+{ stdenv, fetchurl
+, libX11 , mesa
+, sdlSupport ? true, SDL ? null
+, termSupport ? true , ncurses ? null, readline ? null
+, wxSupport ? true , gtk ? null , wxGTK ? null , pkgconfig ? null
+, wgetSupport ? false, wget ? null
+, curlSupport ? false, curl ? null
+}:
+
+
+assert sdlSupport -> (SDL != null);
+assert termSupport -> (ncurses != null&& readline != null);
+assert wxSupport -> (gtk != null && wxGTK != null && pkgconfig != null);
+assert wgetSupport -> (wget != null);
+assert curlSupport -> (curl != null);
+
+stdenv.mkDerivation rec {
+
+  name = "bochs-${version}";
+  version = "2.6.2";
+
+  src = fetchurl {
+    url = "http://downloads.sourceforge.net/project/bochs/bochs/${version}/${name}.tar.gz";
+    sha256 = "042blm1xb9ig4fh2bv8nrrfpgkcxy4hq8yrkx7mrdpm5g4mvfwyr";
+  };
+  
+  buildInputs = with stdenv.lib;
+  [ libX11 mesa ]
+  ++ optionals sdlSupport [ SDL ]
+  ++ optionals termSupport [ readline ncurses ]
+  ++ optionals wxSupport [ gtk wxGTK pkgconfig ]
+  ++ optionals wgetSupport [ wget ]
+  ++ optionals curlSupport [ curl ];
+
+  configureFlags = ''
+    --with-x11 
+    --with-term=${if termSupport then "yes" else "no"}
+    --with-sdl=${if sdlSupport then "yes" else "no"}
+    --with-svga=no
+    --with-wx=${if wxSupport then "yes" else "no"}
+    --enable-readline
+    --enable-plugins=no
+    --enable-disasm
+    --enable-debugger
+    --enable-ne2000 
+    --enable-e1000 
+    --enable-sb16 
+    --enable-voodoo 
+    --enable-usb 
+    --enable-pnic
+'';
+
+  meta = {
+    description = "An open-source IA-32 (x86) PC emulator";
+    longDescription = ''
+    Bochs is an open-source (LGPL), highly portable IA-32 PC emulator, written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS.
+    '';
+    homepage = http://bochs.sourceforge.net/;
+    license = "LGPL";
+    platforms = stdenv.lib.platforms.linux;
+  };
+}

pkgs/applications/window-managers/awesome/3.4.nix

@@ -0,0 +1,50 @@
+{ stdenv, fetchurl, cmake, gperf, imagemagick, pkgconfig, lua
+, glib, cairo, pango, imlib2, libxcb, libxdg_basedir, xcbutil
+, xcbutilimage, xcbutilkeysyms, xcbutilwm, libpthreadstubs, libXau
+, libXdmcp, pixman, doxygen
+, libstartup_notification, libev, asciidoc, xmlto, dbus, docbook_xsl
+, docbook_xml_dtd_45, libxslt, coreutils, which }:
+
+let
+  version = "3.4.13";
+in
+
+stdenv.mkDerivation rec {
+  name = "awesome-${version}";
+ 
+  src = fetchurl {
+    url = "http://awesome.naquadah.org/download/awesome-${version}.tar.xz";
+    sha256 = "0jhsgb8wdzpfmdyl9fxp2w6app7l6zl8b513z3ff513nvdlxj5hr";
+  };
+ 
+  buildInputs = [ cmake gperf imagemagick pkgconfig lua glib cairo pango
+    imlib2 libxcb libxdg_basedir xcbutil xcbutilimage xcbutilkeysyms xcbutilwm
+    libstartup_notification libev libpthreadstubs libXau libXdmcp pixman doxygen
+    asciidoc xmlto dbus docbook_xsl docbook_xml_dtd_45 libxslt which ];
+
+  # We use coreutils for 'env', that will allow then finding 'bash' or 'zsh' in
+  # the awesome lua code. I prefered that instead of adding 'bash' or 'zsh' as
+  # dependencies.
+  prePatch = ''
+    # Fix the tab completion (supporting bash or zsh)
+    sed s,/usr/bin/env,${coreutils}/bin/env, -i lib/awful/completion.lua.in
+    # Remove the 'root' PATH override (I don't know why they have that)
+    sed /WHOAMI/d -i utils/awsetbg
+    # Russian manpages fail to be generated:
+    #  [ 56%] Generating manpages/ru/man1/awesome.1.xml
+    #  asciidoc: ERROR: <stdin>: line 3: name section expected
+    #  asciidoc: FAILED: <stdin>: line 3: section title expected
+    #  make[2]: *** [manpages/ru/man1/awesome.1.xml] Error 1
+    substituteInPlace CMakeLists.txt \
+      --replace "set(AWE_MAN_LANGS it es fr de ru)" \
+                "set(AWE_MAN_LANGS it es fr de)"
+  '';
+ 
+  meta = {
+    homepage = http://awesome.naquadah.org/;
+    description = "Highly configurable, dynamic window manager for X";
+    license = "GPLv2+";
+    maintainers = with stdenv.lib.maintainers; [viric];
+    platforms = with stdenv.lib.platforms; linux;
+  };
+}

pkgs/applications/window-managers/awesome/default.nix

@@ -1,51 +1,72 @@
-{stdenv, fetchurl, cmake, gperf, imagemagick, pkgconfig, lua
+{ stdenv, fetchurl, lua, cairo, cmake, imagemagick, pkgconfig, gdk_pixbuf
-, glib, cairo, pango, imlib2, libxcb, libxdg_basedir, xcbutil
+, xlibs, libstartup_notification, libxdg_basedir, libpthreadstubs
-, xcbutilimage, xcbutilkeysyms, xcbutilwm, libpthreadstubs, libXau
+, xcb-util-cursor, lgi, makeWrapper, pango, gobjectIntrospection, unclutter
-, libXdmcp, pixman, doxygen
+, compton, procps, iproute, coreutils, curl, alsaUtils, findutils, rxvt_unicode
-, libstartup_notification, libev, asciidoc, xmlto, dbus, docbook_xsl
+, which, dbus, nettools, git, asciidoc, doxygen }:
-, docbook_xml_dtd_45, libxslt, coreutils}:
 
 let
-  version = "3.4.13";
+  version = "3.5.2";
 in
 
 stdenv.mkDerivation rec {
   name = "awesome-${version}";
  
   src = fetchurl {
-    url = "http://awesome.naquadah.org/download/awesome-${version}.tar.xz";
+    url    = "http://awesome.naquadah.org/download/awesome-${version}.tar.xz";
-    sha256 = "0jhsgb8wdzpfmdyl9fxp2w6app7l6zl8b513z3ff513nvdlxj5hr";
+    sha256 = "11iya03yzr8sa3snmywlw22ayg0d3dcy49pi8fz0bycf5aq6b38q";
   };
- 
-  buildInputs = [ cmake gperf imagemagick pkgconfig lua glib cairo pango
-    imlib2 libxcb libxdg_basedir xcbutil xcbutilimage xcbutilkeysyms xcbutilwm
-    libstartup_notification libev libpthreadstubs libXau libXdmcp pixman doxygen
-    asciidoc xmlto dbus docbook_xsl docbook_xml_dtd_45 libxslt ];
 
-  # We use coreutils for 'env', that will allow then finding 'bash' or 'zsh' in
+  meta = with stdenv.lib; {
-  # the awesome lua code. I prefered that instead of adding 'bash' or 'zsh' as
-  # dependencies.
-  prePatch = ''
-    # Fix the tab completion (supporting bash or zsh)
-    sed s,/usr/bin/env,${coreutils}/bin/env, -i lib/awful/completion.lua.in
-    # Remove the 'root' PATH override (I don't know why they have that)
-    sed /WHOAMI/d -i utils/awsetbg
-    # Russian manpages fail to be generated:
-    #  [ 56%] Generating manpages/ru/man1/awesome.1.xml
-    #  asciidoc: ERROR: <stdin>: line 3: name section expected
-    #  asciidoc: FAILED: <stdin>: line 3: section title expected
-    #  make[2]: *** [manpages/ru/man1/awesome.1.xml] Error 1
-    substituteInPlace CMakeLists.txt \
-      --replace "set(AWE_MAN_LANGS it es fr de ru)" \
-                "set(AWE_MAN_LANGS it es fr de)"
-  '';
- 
-  meta = {
-    homepage = http://awesome.naquadah.org/;
     description = "Highly configurable, dynamic window manager for X";
-    license = "GPLv2+";
+    homepage    = http://awesome.naquadah.org/;
-    maintainers = with stdenv.lib.maintainers; [viric];
+    license     = "GPLv2+";
-    platforms = with stdenv.lib.platforms; linux;
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = platforms.linux;
   };
-}
+ 
+  buildInputs = [
+    asciidoc
+    cairo
+    cmake
+    dbus
+    doxygen
+    gdk_pixbuf
+    git
+    imagemagick
+    lgi
+    libpthreadstubs
+    libstartup_notification
+    libxdg_basedir
+    lua
+    makeWrapper
+    nettools
+    pango
+    pkgconfig
+    xcb-util-cursor
+    xlibs.libXau
+    xlibs.libXdmcp
+    xlibs.libxcb
+    xlibs.xcbutil
+    xlibs.xcbutilimage
+    xlibs.xcbutilkeysyms
+    xlibs.xcbutilrenderutil
+    xlibs.xcbutilwm
+  ];
 
+  AWESOME_IGNORE_LGI = 1;
+
+  LUA_CPATH = "${lgi}/lib/lua/5.1/?.so";
+  LUA_PATH  = "${lgi}/share/lua/5.1/?.lua;${lgi}/share/lua/5.1/lgi/?.lua";
+
+  postInstall = ''
+    wrapProgram $out/bin/awesome \
+      --set LUA_CPATH '"${lgi}/lib/lua/5.1/?.so"' \
+      --set LUA_PATH '"${lgi}/share/lua/5.1/?.lua;${lgi}/share/lua/5.1/lgi/?.lua"' \
+      --set GI_TYPELIB_PATH "${pango}/lib/girepository-1.0" \
+      --set LD_LIBRARY_PATH "${cairo}/lib:${pango}/lib:${gobjectIntrospection}/lib" \
+      --prefix PATH : "${compton}/bin:${unclutter}/bin:${procps}/bin:${iproute}/sbin:${coreutils}/bin:${curl}/bin:${alsaUtils}/bin:${findutils}/bin:${rxvt_unicode}/bin"
+
+    wrapProgram $out/bin/awesome-client \
+      --prefix PATH : "${which}/bin"
+  '';
+}

pkgs/applications/window-managers/openbox/default.nix

@@ -3,7 +3,7 @@
 , imlib2, pango, libstartup_notification }:
 
 stdenv.mkDerivation rec {
-  name = "openbox-3.5.0";
+  name = "openbox-3.5.2";
 
   buildInputs = [
     pkgconfig libxml2
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "http://openbox.org/dist/openbox/${name}.tar.gz";
-    sha256 = "02pa1wa2rzvnq1z3xchzafc96hvp3537jh155q8acfhbacb01abg";
+    sha256 = "0cxgb334zj6aszwiki9g10i56sm18i7w1kw52vdnwgzq27pv93qj";
   };
 
   meta = {

pkgs/build-support/clang-wrapper/builder.sh

@@ -58,11 +58,14 @@ fi
 doSubstitute() {
     local src=$1
     local dst=$2
+    local uselibcxx=
+    if test -n "$libcxx" && echo $dst | fgrep ++; then uselibcxx=$libcxx; fi
     # Can't use substitute() here, because replace may not have been
     # built yet (in the bootstrap).
     sed \
         -e "s^@out@^$out^g" \
         -e "s^@shell@^$shell^g" \
+        -e "s^@libcxx@^$uselibcxx^g" \
         -e "s^@clang@^$clang^g" \
         -e "s^@clangProg@^$clangProg^g" \
         -e "s^@binutils@^$binutils^g" \

pkgs/build-support/clang-wrapper/clang-wrapper.sh

@@ -52,7 +52,6 @@ if test "$nonFlagArgs" = "0"; then
     dontLink=1
 fi
 
-
 # Optionally filter out paths not refering to the store.
 params=("$@")
 if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then
@@ -79,6 +78,10 @@ if test "$NIX_ENFORCE_PURITY" = "1" -a -n "$NIX_STORE"; then
     params=("${rest[@]}")
 fi
 
+if test -n "@libcxx@"; then
+    NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -isystem@libcxx@/include/c++/v1 -stdlib=libc++"
+    NIX_CFLAGS_LINK="$NIX_CFLAGS_LINK -L@libcxx@/lib -stdlib=libc++ -lc++abi"
+fi
 
 # Add the flags for the C compiler proper.
 extraAfter=($NIX_CFLAGS_COMPILE)
@@ -134,6 +137,12 @@ if test -n "$NIX_CLANG_WRAPPER_EXEC_HOOK"; then
     source "$NIX_CLANG_WRAPPER_EXEC_HOOK"
 fi
 
+# We nuke LD_LIBRARY_PATH here, because clang dynamically links to LLVM.
+# Unfortunately, when such clang is used to build LLVM again, it can get in
+# trouble temporarily binding to the build-directory versions of the libraries
+# (the buildsystem sets LD_LIBRARY_PATH).  That is very undesirable and can
+# cause mysterious failures.
+LD_LIBRARY_PATH=
 
 # Call the real `clang'.  Filter out warnings from stderr about unused
 # `-B' flags, since they confuse some programs.  Deep bash magic to

pkgs/build-support/clang-wrapper/default.nix

@@ -7,7 +7,7 @@
 
 { name ? "", stdenv, nativeTools, nativeLibc, nativePrefix ? ""
 , clang ? null, libc ? null, binutils ? null, coreutils ? null, shell ? ""
-, zlib ? null
+, zlib ? null, libcxx ? null
 }:
 
 assert nativeTools -> nativePrefix != "";
@@ -33,7 +33,7 @@ stdenv.mkDerivation {
   utils = ./utils.sh;
   addFlags = ./add-flags;
   
-  inherit nativeTools nativeLibc nativePrefix clang clangVersion;
+  inherit nativeTools nativeLibc nativePrefix clang clangVersion libcxx;
   gcc = clang.gcc;
   libc = if nativeLibc then null else libc;
   binutils = if nativeTools then null else binutils;

pkgs/build-support/fetchgit/nix-prefetch-git

@@ -142,10 +142,12 @@ init_submodules(){
     git submodule status |
     while read l; do
         # checkout each submodule
-        local hash=$(echo $l | sed 's,^-\([0-9a-f]*\) \(.*\)$,\1,');
+        local hash=$(echo $l | awk '{print substr($1,2)}');
-        local dir=$(echo $l | sed 's,^-\([0-9a-f]*\) \(.*\)$,\2,');
+        local dir=$(echo $l | awk '{print $2}');
-        local url=$(sed -n "\,$dir, { :loop; n; s,^.*url = ,,; T loop; p; q }" .git/config);
+        local name=$(
-
+            git config -f .gitmodules --get-regexp submodule\.[^.]*\.path |
+            sed -n "s,^\(.*\)\.path $dir\$,\\1,p")
+        local url=$(git config -f .gitmodules --get ${name}.url);
         clone "$dir" "$url" "$hash" "";
     done;
 }

pkgs/data/fonts/dejavu-fonts/default.nix

@@ -1,6 +1,6 @@
 {fetchurl, stdenv, fontforge, perl, fontconfig, FontTTF}:
 
-let version = "2.33" ; in
+let version = "2.34" ; in
 
 stdenv.mkDerivation rec {
   name = "dejavu-fonts-${version}";
@@ -8,17 +8,17 @@ stdenv.mkDerivation rec {
   buildInputs = [fontforge perl FontTTF];
 
   unicodeData = fetchurl {
-    url = http://www.unicode.org/Public/6.1.0/ucd/UnicodeData.txt ; 
+    url = http://www.unicode.org/Public/6.1.0/ucd/UnicodeData.txt ;
     sha256 = "1bd6zkzvxfnifrn5nh171ywk7q56sgk8gdvdn43z9i53hljjcrih";
   };
   blocks = fetchurl {
-    url = http://www.unicode.org/Public/6.1.0/ucd/Blocks.txt; 
+    url = http://www.unicode.org/Public/6.1.0/ucd/Blocks.txt;
     sha256 = "0w0vkb09nrlc6mrhqyl9npszdi828afgvhvlb1vs5smjv3h8y3dz";
   };
 
   src = fetchurl {
     url = "mirror://sourceforge/dejavu/dejavu-fonts-${version}.tar.bz2";
-    sha256 = "10m0rds36yyaznfqaa9msayv6f0v1h50zbikja6qdy5dwwxi8q5w";
+    sha256 = "09wh9c9kk82i4kwy73fcqa0779bvf0ncikciqw2gxa9m2rkrxjmm";
   };
   buildFlags = "full-ttf";
   preBuild = ''

pkgs/data/fonts/terminus-font/default.nix

@@ -1,26 +1,27 @@
-{ fetchurl, stdenv, perl, bdftopcf, mkfontdir, mkfontscale }:
+{ stdenv, fetchurl, perl, bdftopcf, mkfontdir, mkfontscale }:
+
 stdenv.mkDerivation rec {
-  name = "terminus-font-4.30";
+  name = "terminus-font-4.38";
+
   src = fetchurl {
-#    urls = "http://www.is-vn.bg/hamster/${name}.tar.gz"
+    url = "mirror://sourceforge/project/terminus-font/${name}/${name}.tar.gz";
-#    sha256 = "ca15718f715f1ca7af827a8ab5543b0c0339b2515f39f8c15f241b2bc1a15a9a";
+    sha256 = "1dwpxmg0wiyhp7hh18mvw18gnf0y2jgbn80c4xya7rmb9mm8gx7n";
-     url = "http://ftp.de.debian.org/debian/pool/main/x/xfonts-terminus/xfonts-terminus_4.30.orig.tar.gz";
-     sha256 = "d7f1253d75f0aa278b0bbf457d15927ed3bbf2565b9f6b829c2b2560fedc1712";
   };
+
   buildInputs = [ perl bdftopcf mkfontdir mkfontscale ];
+
   patchPhase = ''
     substituteInPlace Makefile --replace 'fc-cache' '#fc-cache'
   '';
+
   configurePhase = ''
-    ./configure --prefix=$out
+    sh ./configure --prefix=$out
   '';
-  buildPhase = ''
+
-    make pcf
+  installPhase = ''
-  '';
+    make install fontdir
-  installPhase = '' 
-    make install-pcf
-    make fontdir
   '';
+
   meta = {
     description = "A clean fixed width font";
     longDescription = ''

pkgs/desktops/gnome-3/core/evince/default.nix

@@ -22,6 +22,8 @@ stdenv.mkDerivation rec {
     makeWrapper
   ];
 
+  preFixup = "rm $out/share/icons/hicolor/icon-theme.cache";
+
   configureFlags = [
     "--disable-nautilus" # Do not use nautilus
     "--disable-dbus" # strange compilation error

pkgs/desktops/xfce/common.nix

@@ -68,6 +68,8 @@
 
     xfce4_systemload_plugin = callPackage ./panel-plugins/xfce4-systemload-plugin.nix { };
     xfce4_cpufreq_plugin    = callPackage ./panel-plugins/xfce4-cpufreq-plugin.nix    { };
+    xfce4_xkb_plugin        = callPackage ./panel-plugins/xfce4-xkb-plugin.nix        { };
+    xfce4_datetime_plugin   = callPackage ./panel-plugins/xfce4-datetime-plugin.nix   { };
 
   };
 }

pkgs/desktops/xfce/core/tumbler.nix

@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, pkgconfig, intltool, dbus_glib, gdk_pixbuf }:
+{ stdenv, fetchurl, pkgconfig, intltool, dbus_glib, gdk_pixbuf, curl, freetype,
+libgsf, poppler, bzip2 }:
 
 stdenv.mkDerivation rec {
   p_name  = "tumbler";
@@ -11,11 +12,24 @@ stdenv.mkDerivation rec {
   };
   name = "${p_name}-${ver_maj}.${ver_min}";
 
-  buildInputs = [ pkgconfig intltool dbus_glib gdk_pixbuf ];
+  buildInputs = [ pkgconfig intltool dbus_glib gdk_pixbuf curl freetype
+    poppler libgsf bzip2];
+
+  configureFlags = [
+    # Needs gst-tag
+    # "--enable-gstreamer-thumbnailer"
+
+    # Needs libffmpegthumbnailer
+    # "--enable-ffmpeg-thumbnailer"
+    
+    "--enable-odf-thumbnailer"
+    "--enable-poppler-thumbnailer"
+  ];
 
   meta = {
     homepage = http://git.xfce.org/xfce/tumbler/;
     description = "A D-Bus thumbnailer service";
+    platforms = stdenv.lib.platforms.linux;
     license = "GPLv2";
   };
 }

pkgs/desktops/xfce/core/xfce4-session.nix

@@ -21,6 +21,11 @@ stdenv.mkDerivation rec {
       polkit
     ];
 
+  preBuild = ''
+    sed '/^PATH=/d'        -i scripts/xflock4
+    sed '/^export PATH$/d' -i scripts/xflock4
+  '';
+
   configureFlags = [ "--with-xsession-prefix=$(out)" ];
 
   preFixup = "rm $out/share/icons/hicolor/icon-theme.cache";

pkgs/desktops/xfce/default.nix

@@ -55,7 +55,9 @@ xfce_self = rec { # the lines are very long but it seems better than the even-od
   #### PANEL PLUGINS        from "mirror://xfce/src/panel-plugins/${p_name}/${ver_maj}/${name}.tar.bz2"
 
   xfce4_systemload_plugin = callPackage ./panel-plugins/xfce4-systemload-plugin.nix { };
-  xfce4_cpufreq_plugin    = callPackage ./panel-plugins/xfce4-cpufreq-plugin.nix { };
+  xfce4_cpufreq_plugin    = callPackage ./panel-plugins/xfce4-cpufreq-plugin.nix    { };
+  xfce4_xkb_plugin        = callPackage ./panel-plugins/xfce4-xkb-plugin.nix        { };
+  xfce4_datetime_plugin   = callPackage ./panel-plugins/xfce4-datetime-plugin.nix   { };
 
 }; # xfce_self
 

pkgs/desktops/xfce/panel-plugins/xfce4-datetime-plugin.nix

@@ -0,0 +1,23 @@
+{ stdenv, fetchurl, pkgconfig, intltool, libxfce4util, libxfcegui4, xfce4panel
+, gtk }:
+
+stdenv.mkDerivation rec {
+  p_name  = "xfce4-datetime-plugin";
+  ver_maj = "0.6";
+  ver_min = "1";
+
+  name = "${p_name}-${ver_maj}.${ver_min}";
+
+  src = fetchurl {
+    url = "mirror://xfce/src/panel-plugins/${p_name}/${ver_maj}/${name}.tar.bz2";
+    sha256 = "06xvh22y5y0bcy7zb9ylvjpcl09wdyb751r7gwyg7m3h44f0qd7v";
+  };
+
+  buildInputs = [ pkgconfig intltool libxfce4util libxfcegui4 xfce4panel gtk ];
+
+  meta = {
+    homepage = "http://goodies.xfce.org/projects/panel-plugins/${p_name}";
+    description = "Shows the date and time in the panel, and a calendar appears when you left-click on it";
+    platforms = stdenv.lib.platforms.linux;
+  };
+}

pkgs/desktops/xfce/panel-plugins/xfce4-xkb-plugin.nix

@@ -0,0 +1,25 @@
+{ stdenv, fetchurl, pkgconfig, intltool, libxfce4util, libxfce4ui, xfce4panel
+, gtk, libxklavier, librsvg, libwnck
+}:
+
+stdenv.mkDerivation rec {
+  p_name  = "xfce4-xkb-plugin";
+  ver_maj = "0.5";
+  ver_min = "4.3";
+
+  name = "${p_name}-${ver_maj}.${ver_min}";
+
+  src = fetchurl {
+    url = "mirror://xfce/src/panel-plugins/${p_name}/${ver_maj}/${name}.tar.bz2";
+    sha256 = "0v9r0w9m5lxrzmz12f8w67l781lsywy9p1vixgn4xq6z5sxh2j6a";
+  };
+
+  buildInputs = [ pkgconfig intltool libxfce4util libxfce4ui xfce4panel gtk
+    libxklavier librsvg libwnck ];
+
+  meta = {
+    homepage = "http://goodies.xfce.org/projects/panel-plugins/${p_name}";
+    description = "Allows you to setup and use multiple keyboard layouts";
+    platforms = stdenv.lib.platforms.linux;
+  };
+}

pkgs/development/arduino/ino/default.nix

@@ -2,12 +2,12 @@
 , avrdude, arduino_core, avrgcclibc }:
 
 buildPythonPackage rec {
-  name = "ino-0.3.5";
+  name = "ino-0.3.6";
   namePrefix = "";
 
   src = fetchurl {
     url = "http://pypi.python.org/packages/source/i/ino/${name}.tar.gz";
-    sha256 = "1j2qzcjp6r2an1v431whq9l47s81d5af6ni8j87gv294f53sl1ab";
+    sha256 = "0k6lzfcn55favbj0w4afrvnmwyskf7bgzg9javv2ycvskp35srwv";
   };
 
   # TODO: add avrgcclibc, it must be rebuild with C++ support

pkgs/development/compilers/chicken/default.nix

@@ -1,18 +1,46 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchurl, devSnapshot ? false }:
 
+let
+  version = if devSnapshot
+    then "4.8.2"
+    else "4.8.0.5";
+  srcRelease = fetchurl {
+    url = "http://code.call-cc.org/releases/4.8.0/chicken-4.8.0.5.tar.gz";
+    sha256 = "1yrhqirqj3l535zr5mv8d1mz9gq876wwwg4nsjfw27663far54av";
+  };
+  srcDev = fetchurl {
+    url = "http://code.call-cc.org/dev-snapshots/2013/08/08/chicken-4.8.2.tar.gz";
+    sha256 = "01g7h0664342nl536mnri4c72kwj4z40vmv1250xfndlr218qdqg";
+  };
+  platform = with stdenv;
+    if isDarwin then "macosx"
+    else if isCygwin then "cygwin"
+    else if isBSD then "bsd"
+    else if isSunOS then "solaris"
+    else "linux";               # Should be a sane default
+in
 stdenv.mkDerivation {
-  name = "chicken-4.8.1";
+  name = "chicken-${version}";
+
+  src = if devSnapshot
+    then srcDev
+    else srcRelease;
+
+  buildFlags = "PLATFORM=${platform} PREFIX=$(out) VARDIR=$(out)/var/lib";
+  installFlags = "PLATFORM=${platform} PREFIX=$(out) VARDIR=$(out)/var/lib";
 
   meta = {
     homepage = http://www.call-cc.org/;
-    description = "Chicken Scheme";
+    license = "BSD";
+    maintainers = with stdenv.lib.maintainers; [ the-kenny ];
+    platforms = stdenv.lib.platforms.all;
+    description = "A portable compiler for the Scheme programming language";
+    longDescription = ''
+      CHICKEN is a compiler for the Scheme programming language.
+      CHICKEN produces portable and efficient C, supports almost all
+      of the R5RS Scheme language standard, and includes many
+      enhancements and extensions. CHICKEN runs on Linux, MacOS X,
+      Windows, and many Unix flavours.
+    '';
   };
-
-  src = fetchurl {
-    url = http://code.call-cc.org/dev-snapshots/2013/01/04/chicken-4.8.1.tar.gz;
-    md5 = "bd758ec7abeaeb4f4c92c290fb5f3db7";
-  };
-
-  buildFlags = "PLATFORM=linux PREFIX=$(out) VARDIR=$(out)/var/lib";
-  installFlags = "PLATFORM=linux PREFIX=$(out) VARDIR=$(out)/var/lib";
 }

pkgs/development/compilers/go/1.1-darwin.nix

@@ -45,6 +45,11 @@ stdenv.mkDerivation {
 
   installPhase = ''
     mkdir -p "$out/bin"
+
+    # CGO is broken on Maverick. See: http://code.google.com/p/go/issues/detail?id=5926
+    # Reevaluate once go 1.1.3 is out
+    export CGO_ENABLED=0
+
     export GOROOT="$(pwd)/"
     export GOBIN="$out/bin"
     export PATH="$GOBIN:$PATH"

pkgs/development/compilers/idris/default.nix

@@ -1,21 +1,21 @@
 { cabal, ansiTerminal, ansiWlPprint, binary, boehmgc, Cabal
-, filepath, gmp, happy, haskeline, languageJava, libffi
+, deepseq, filepath, gmp, happy, haskeline, languageJava, mtl
-, llvmGeneral, llvmGeneralPure, mtl, parsec, parsers, split, text
+, network, parsers, split, text, time, transformers, trifecta
-, time, transformers, trifecta, unorderedContainers, utf8String
+, unorderedContainers, utf8String, vector, vectorBinaryInstances
-, vector, vectorBinaryInstances
+, xml
 }:
 
 cabal.mkDerivation (self: {
   pname = "idris";
-  version = "0.9.9.3";
+  version = "0.9.10";
-  sha256 = "1l19xx0xbcwlnnh2w0rmri7wwixffzfrafpbji64nwyx1awz4iab";
+  sha256 = "0sbadjc4kj59f5240036pryxr4b6k6y2zkmszv99wq660mm7a3d3";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
-    ansiTerminal ansiWlPprint binary Cabal filepath haskeline
+    ansiTerminal ansiWlPprint binary Cabal deepseq filepath haskeline
-    languageJava libffi llvmGeneral llvmGeneralPure mtl parsec parsers
+    languageJava mtl network parsers split text time transformers
-    split text time transformers trifecta unorderedContainers
+    trifecta unorderedContainers utf8String vector
-    utf8String vector vectorBinaryInstances
+    vectorBinaryInstances xml
   ];
   buildTools = [ happy ];
   extraLibraries = [ boehmgc gmp ];

pkgs/development/compilers/llvm/clang-tablegen-dir.patch

@@ -0,0 +1,9 @@
+--- a/utils/TableGen/CMakeLists.txt       (revision 190146)
++++ b/utils/TableGen/CMakeLists.txt       (working copy)
+@@ -1,4 +1,5 @@
+ set(LLVM_LINK_COMPONENTS Support)
++set(LLVM_TOOLS_BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR})
+ 
+ add_tablegen(clang-tblgen CLANG
+   ClangASTNodesEmitter.cpp
+

pkgs/development/compilers/llvm/clang.nix

@@ -10,7 +10,8 @@ stdenv.mkDerivation {
 
   buildInputs = [ perl llvm groff cmake libxml2 python ];
 
-  patches = stdenv.lib.optional (stdenv.gcc.libc != null) ./clang-purity.patch;
+  patches = [ ./clang-tablegen-dir.patch ] ++
+            stdenv.lib.optional (stdenv.gcc.libc != null) ./clang-purity.patch;
 
   cmakeFlags = [
     "-DCLANG_PATH_TO_LLVM_BUILD=${llvm}"