Maintainer notes
-----
The execline exec function interface changed quite drastically, and
backwards-compatibility to the old functions was dropped in-between
the last release and this one. Thus, downstream code might break.
At the end of this commit message is a compatibility interface.
-----
Release notes
-----
Hello,
Happy New Year to everyone!
New versions of the skarnet.org packages are available.
This is a major release. The skalibs major version number has been
bumped, which means that compatibility with previous versions is not
ensured. Other packages have been updated to build against the new
skalibs. If they only had their patch number increased, that's all
the modifications they had (save for possible bugfixes); but some
packages also received significant changes and underwent either a major
(compatibility not ensured) or minor (simple additions) release.
Support for the 2.9.* branch of skalibs, and associated versions of
the other packages, is still ensured for a while, but users are always
strongly encouraged to upgrade.
* General
-------
- Some rarely-triggered build bugs have been fixed.
- -fno-stack-protector is not part of the default CFLAGS anymore;
stack protector policy now defaults to the compiler's settings.
* skalibs-2.10.0.0
----------------
- Bugfixes.
- Significant code cleanup.
- New sysdep: chroot.
- Lots of new functions, mostly to optimize the number of needed
fcntl() calls at open() time. Traces should generally be marginally
shorter than they were before.
- Removal of the DJBUNIX_FLAG_NB and DJBUNIX_FLAG_COE macros, replaced
by the POSIX O_NONBLOCK and O_CLOEXEC macros wherever they were used.
- Removal of the skalibs/webipc.h header, and better header separation.
- Complete revamping of the pathexec functions, now separated into
exec_* (simple execution) and mexec_* (execution with merging of the
environment first). In true skalibs fashion, there is a little code,
and 3 pages of convenience macros (the exec.h header).
- Complete rewrite of the locking functions, with a change of
underlying mechanisms. The skalibs locking primitives are now named
fd_lock(), fd_unlock() and fd_islocked().
The Unix locks primitive space is a horror show. flock() is not
POSIX and does not have a way to test for a lock without taking it.
The POSIX lockf() only has exclusive locks, not shared ones. The least
bad option is fcntl(), which has shared and exclusive locks *and* a way
to check for a lock without taking it, but does not allow taking a
shared lock via a O_WRONLY file descriptor. Of all inconveniences this
is the most minor one, so now skalibs uses fcntl().
https://skarnet.org/software/skalibs/
git://git.skarnet.org/skalibs
* nsss-0.1.0.0
------------
- New --enable-libc-includes configure option. Without this option,
the pwd.h, grp.h and shadow.h headers are not installed anymore, so
by default installing nsss on a FHS system does not overwrite the
libc headers.
https://skarnet.org/software/nsss/
git://git.skarnet.org/nsss
* utmps-0.1.0.0
-------------
- New --enable-libc-includes configure option. Without this option,
the utmpx.h header is not installed anymore, so by default installing
utmps on a FHS system does not overwrite the libc headers.
https://skarnet.org/software/utmps/
git://git.skarnet.org/utmps
* execline-2.7.0.0
----------------
- Bugfixes.
- The trap program has changed. The "timeout" directive has been
removed; a "default" directive has been added, to handle all signals
for which a specific directive has not been given. Subprograms are
now run with the SIGNAL environment variable set to the signal number
(in addition to ! always being set to the application's pid).
- The forstdin program has changed. It now exits 0 if it has read at
least one line, and 1 otherwise.
- The default list of delimiters for backtick, withstdinas, forstdin
and forbacktickx has been set to "\n", so by default those programs
will read and/or split on lines and only lines.
- The backtick, withstdinas, forstdin, forbacktickx, forx, getpid
and getcwd programs now have a -E option to activate autoimport.
(This saves the user from manually adding "importas var var" after
every use of these programs.)
https://skarnet.org/software/execline/
git://git.skarnet.org/execline
* s6-2.10.0.0
-----------
It is imperative to restart your supervision trees, by rebooting if
necessary, after upgrading s6 to the new version. Otherwise, new s6
binaries interacting with service directories maintained by old
s6-supervise binaries may not work.
If you are using s6-linux-init, it is necessary to upgrade to the
latest version of s6-linux-init at the same time as s6.
- Bugfixes.
- Significant code refactoring.
- The internal locking system of service directories has changed,
allowing for a cleaner permissions model and official support of
relaxed permissions.
- New binary to implement those relaxed permissions: s6-svperms.
- The "nosetsid" file is not supported anymore in service directories.
Services are now always started in a new session.
- s6-supervise now traps SIGINT: before dying, it sends a SIGINT to its
service's process group. This allows correct transmission of ^C when a
supervision tree is running in a terminal, even though every service
runs in its own session.
- s6-svc -X doesn't exist anymore. s6-supervise now always closes stdin
and stdout on the last execution of the service.
- The semantics of SIGHUP and SIGQUIT have changed for s6-supervise.
- The set of commands sent by s6-svscanctl and received by s6-svscan
has been cleaned up and made more logical.
- When told to exit normally (typically via s6-svscanctl -t), s6-svscan
now first waits for the whole supervision tree to die. The
.s6-svscan/finish script can now assume that all services are completely
down. (s6-svscanctl -b is an exception; it should not be used in normal
circumstances.)
- The -s and -S options to s6-svscan are not supported anymore. Signal
management in s6-svscan has been streamlined: signals have a default
handler that can be overridden by a corresponding executable
.s6-svscan/SIGfoo file.
- Default signal handlers for s6-svscan have more intuitive semantics.
- New binary to help with management of user-owned supervision trees:
s6-usertree-maker.
https://skarnet.org/software/s6/
git://git.skarnet.org/s6
s6 now has man pages! Thanks to flexibeast for performing the conversion
work. Please allow some time for the man pages to be updated to reflect
the current HTML documentation. The repository can be found here:
https://github.com/flexibeast/s6-man-pages
* s6-linux-init-1.0.6.0
---------------------
It *is necessary* to upgrade s6-linux-init at the same time as s6.
It *is recommended*, although not strictly necessary, to create your
run-image directory again via a s6-linux-init-maker invocation. Old
images will still boot, as long as you are using an upgraded version
of s6-linux-init; but they may incorrectly handle signals sent to init,
so for instance Ctrl-Alt-Del may not work anymore, until you run
s6-linux-init-maker again.
- New internal binary: s6-linux-init-nuke. This program is not meant
to be invoked by users directly: it simply removes a dependency to the
'kill' program in a rare case involving containers.
https://skarnet.org/software/s6-linux-init/
git://git.skarnet.org/s6-linux-init
* s6-dns-2.3.4.0
--------------
- New library function: s6dns_message_parse_question().
https://skarnet.org/software/s6-dns/
git://git.skarnet.org/s6-dns
* s6-networking-2.4.0.0
---------------------
- Important refactoring of the tls code. The crypto tunnel now runs
as a child of the application, instead of the other way around. It is
now isolated in a s6-tls[cd]-io binary; s6-tlsc is now a simple wrapper
around s6-tlsc-io, and s6-tlsd is a simple wrapper around s6-tlsd-io.
- New binaries: s6-ucspitlsc and s6-ucspitlsd. Those implement
opportunistic TLS via the UCSPI-TLS protocol.
- The -K option to the tls binaries has changed semantics: it now
enforces a timeout for the handshake instead of dropping the connection
after some inactivity. Note that this option is only useful with the
bearssl backend: the libtls backend always performs a synchronous
handshake, with no way of interrupting it after a timeout expires.
- The execline dependency is now optional. Disabling execline, however,
changes the behaviour of s6-tcpserver-access (which cannot support
exec files without it).
https://skarnet.org/software/s6-networking/
git://git.skarnet.org/s6-networking
It is now possible to build the s6-networking package against OpenSSL
instead of LibreSSL, thanks to the libretls project:
https://git.causal.agency/libretls/about/
* mdevd-0.1.3.0
-------------
- New -C option to the mdevd program. This option makes mdevd
automatically spawn a mdevd-coldplug program when it's ready, allowing
mdevd to be used as a drop-in mdev -d replacement. (Note that the
coldplug is also performed if mdevd restarts after being killed, so
this feature should not be used in place of a proper service startup
sequence with a mdevd-coldplug oneshot depending on the mdevd longrun.
It has only been added for convenience.)
https://skarnet.org/software/mdevd/
git://git.skarnet.org/mdevd
* Other packages
--------------
The following packages have received an update so they build with the
latest version of skalibs and other dependencies, but nothing has changed
except possibly some bugfixes, and hopefully not too many bug additions.
- s6-rc-0.5.2.1. (It is not necessary to recompile your service
database. However, it is necessary to upgrade s6-rc along with s6, and
to reboot the system ASAP after upgrading.)
- s6-portable-utils-2.2.3.1
- s6-linux-utils-2.5.1.4
- bcnm-0.0.1.2
Enjoy,
Bug-reports welcome.
--
Laurent
-----
execline compat interface
-----
/* Compatibility */
#define pathexec_run(file, argv, envp) exec_ae(file, argv, envp)
#define pathexec0_run(file, argv, envp) exec0_ae(file, argv, envp)
#define xpathexec_run(file, argv, envp) xexec_ae(file, argv, envp)
#define xpathexec0_run(file, argv, envp) xexec0_ae(file, argv, envp)
#define pathexec_env(key, value) env_mexec(key, value)
#define pathexec_fromenv(argv, envp, envlen) mexec_f(argv, envp, envlen)
#define pathexec(argv) mexec(argv)
#define pathexec0(argv) mexec0(argv)
#define xpathexec_fromenv(argv, envp, envlen) xmexec_f(argv, envp, envlen)
#define xpathexec(argv) xmexec(argv)
#define xpathexec0(argv) xmexec0(argv)
#define pathexec_r_name(file, argv, envp, envlen, modif, modiflen) mexec_afm(file, argv, envp, envlen, modif, modiflen)
#define pathexec_r(argv, envp, envlen, modif, modiflen) mexec_fm(argv, envp, envlen, modif, modiflen)
#define xpathexec_r_name(file, argv, envp, envlen, modif, modiflen) xmexec_afm(file, argv, envp, envlen, modif, modiflen)
#define xpathexec_r(argv, envp, envlen, modif, modiflen) xmexec_fm(argv, envp, envlen, modif, modiflen)
#endif
copied from 18e4356557 (diff-69efbe5d997280a1430a6af2fa38e3f5105e706076a26fc751885c505ca598c6R140)
* alsaLib: fix build under musl-libc
there's a commit in upstream master that fixes the build issue here.
this patch is also applied in alpine linux.
* alsaLib: explainer for DL_ORIGIN patch
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.
This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.
`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.
The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
`throw` aborts eval when the package is touched in inappropriate places. See
https://github.com/NixOS/nixpkgs/issues/109001 for an adverse instance of that.
ZFS now behaves like a regular broken package when it's, you know, broken.
It also still prints the helpful incompatibility notice when fully evaluated.
Fixes the evaluation of packages in pkgs/os-specific/windows that
weren't updated to include a new lib parameter after the refactor from
stdenv.lib -> lib (#109490).
I originally only intended this change to fix
`pkgsCross.mingw32.buildPackages.gcc` & `pkgsCross.mingwW64.buildPackages.gcc`
to support building wine with `mingwSupport`, but I noticed this was
an issue for all updated windows packages. Most of these other
packages fail to build for other reasons.
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
it looks like this build wasn't tested with musl-libc after upgrading to
1.5.1, and has been broken in this configuration since, as the removed
patch does not apply cleanly. the good news is it's been fixed upstream,
rendering it unnecessary.
ebtables 2.0.11 renamed the ebtables commands
from "ebtables*" to "ebtables-legacy-*".
Of course this breaks legacy packages and scripts
that depends on the ebtables commands.
The idea behind this upstream change appears to be that
ebtables-nft replaces ebtables and distributions should
rename either the ebtables-legacy or ebtables-nft commands
to provide the ebtables commands.
For nix a better fit is for packages to specify either the
ebtables or the ebtables-nft package, while both packages
provide the same commands.
This patch restores the ebtables package so it functions again.
https://github.com/lvmteam/lvm2/blob/v2_03_11/WHATS_NEW
[VDO](https://github.com/dm-vdo/vdo) support is built by default now,
but is disabled in nixpkgs, because it can't find `vdoformat`.
AFAICT the kernel support for that still isn't upstream and it still
seems kind of experimental, so I'd just ignore that for now and add it
once it's either upstream of if anyone actually wants to use it.
Ports an OpenWRT patch for Atheros wireless drivers (ath*) which allows
the user to change the regulatory domain code to the one which actually
applies.
All Atheros devices have a regulatory domain burned into their EEPROM.
When using a device as AP, this domain is frequently overly restrictive
when compared to the regulation which applies in the country the device
actually operates in; often, this restriction disallows IR on all
channels making it impossible to use the device as an AP at all.
This commit introduces the NixOS config option
networking.wireless.athUserRegulatoryDomain which, if enabled, applies
the patch and sets the kernel config option ATH_USER_REGD.
The original OpenWRT patch targets Linux 5.8.
Starting from Linx 5.6, there is partial upstream support for the Multipath TCP
protocol. There are no downsides to enabling it afaict, since
applications need to opt-in when creating a socket.
From https://github.com/multipath-tcp/mptcp_net-next/wiki:
"[...] users of regular TCP continue to get the same type of connection and
performance unless MPTCP is requested."
This commit adds the pcimem tool.
pcimem is a simple method of reading and writing to memory registers on a PCI card.
Compared to pkgs.devmem2, it does not work on the total memory space
of the machine but restricts access to just one PCI resource.
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.
CC @FRidh @matthewbauer
This ensures that all the features that are implemented via dlopen(3)
are available (or explicitly deactivated) by pointing dlopen to the
absolute store path instead of relying on the linkers runtime lookup
code.
All of the dlopen calls have to be handled. When new ones are introduced
by upstream (or one of our patches) those must be explicitly declared,
otherwise the build will fail.
As of systemd version 247 we've seen a few errors like `libpcre2.… not
found` when using e.g. --grep with journalctl. Those errors should
become less unexpected now.
There are generally two classes of dlopen calls. Those that we want to
support and those that should be deactivated / unsupported. This change
enforces that we handle all dlopen calls explicitly. Meaning: There is
not a single dlopen call in the code source tree that we did not
explicitly handle.
In order to do this I introduced a list of attributes that maps from
shared object name to the package that contains them. The package can be
null meaning the reference should be nuked and the shared object will
never be loadable during runtime (because it points at an invalid store
path location).
libjack2 doesn't cross-compile, see
https://github.com/NixOS/nixpkgs/issues/96548.
The pulseaudio NixOS module uses pkgs.alsaPlugins to create its
asound.conf, so let's make sure that one can be built when
cross-compiling.
As per the in-line comment, this is where distros should configure it.
Not via kernel command line parameters.
As found by looking at the implementation, while exploring the cause of
a bug on the Raspberry Pi 4, it was found that `cma=` on the command
line parameters will overwrite the values a device tree will have
configured for a given platform.
With this, the more recent 5.4 vendor kernel boots just fine on the
Raspberry Pi 4 using our common configuration.