ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch Normal file
View File

@@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Tue, 8 Jan 2013 15:46:30 +0100
Subject: [PATCH] Start device units for uninitialised encrypted devices
This is necessary because the NixOS service that initialises the
filesystem depends on the appearance of the device unit. Also, this
makes more sense to me: the device is ready; it's the filesystem
that's not, but taking care of that is the responsibility of the mount
unit. (However, this ignores the fsck unit, so it's not perfect...)
---
rules.d/99-systemd.rules.in | 4 ----
1 file changed, 4 deletions(-)
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index 882cda0dcd..8e8d1f04ce 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -30,10 +30,6 @@ SUBSYSTEM=="block", ACTION=="add", KERNEL=="dm-*", ENV{DM_NAME}!="?*", ENV{SYSTE
# Import previous SYSTEMD_READY state.
SUBSYSTEM=="block", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}=="", IMPORT{db}="SYSTEMD_READY"
-# Ignore encrypted devices with no identified superblock on it, since
-# we are probably still calling mke2fs or mkswap on it.
-SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
-
# add symlink to GPT root disk
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"

45
pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch Normal file
View File

@@ -0,0 +1,45 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Mon, 19 Jun 2023 02:11:35 +0200
Subject: [PATCH] Don't try to unmount /nix or /nix/store
They'll still be remounted read-only.
https://github.com/NixOS/nixos/issues/126
Original-Author: Eelco Dolstra <eelco.dolstra@logicblox.com>
---
src/shared/fstab-util.c | 2 ++
src/shutdown/umount.c | 6 ++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c
index d6a256c4a7..f74d5198f1 100644
--- a/src/shared/fstab-util.c
+++ b/src/shared/fstab-util.c
@@ -66,6 +66,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) {
/* Don't bother with the OS data itself */
if (PATH_IN_SET(mount,
"/",
+ "/nix",
+ "/nix/store",
"/usr",
"/etc"))
return true;
diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
index 84da5eed63..d6e2f36d52 100644
--- a/src/shutdown/umount.c
+++ b/src/shutdown/umount.c
@@ -175,8 +175,10 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) {
static bool nonunmountable_path(const char *path) {
assert(path);
- return PATH_IN_SET(path, "/", "/usr") ||
- path_startswith(path, "/run/initramfs");
+ return PATH_IN_SET(path, "/", "/usr")
+ || path_equal(path, "/nix")
+ || path_equal(path, "/nix/store")
+ || path_startswith(path, "/run/initramfs");
}
static void log_umount_blockers(const char *mnt) {

31
pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch Normal file
View File

@@ -0,0 +1,31 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 16 Apr 2014 10:59:28 +0200
Subject: [PATCH] Fix NixOS containers
In NixOS containers, the init script is bind-mounted into the
container, so checking early whether it exists will fail.
---
src/nspawn/nspawn.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 6f90f2f418..74b2a237d3 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -6189,6 +6189,7 @@ static int run(int argc, char *argv[]) {
goto finish;
}
} else {
+#if 0
_cleanup_free_ char *p = NULL;
if (arg_pivot_root_new)
@@ -6208,6 +6209,7 @@ static int run(int argc, char *argv[]) {
log_error_errno(r, "Unable to determine if %s looks like it has an OS tree (i.e. whether /usr/ exists): %m", arg_directory);
goto finish;
}
+#endif
}
} else {

129
pkgs/os-specific/linux/systemd/0004-Add-some-NixOS-specific-unit-directories.patch Normal file
View File

@@ -0,0 +1,129 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Mon, 19 Jun 2023 02:13:42 +0200
Subject: [PATCH] Add some NixOS-specific unit directories
Look in `/nix/var/nix/profiles/default/lib/systemd/{system,user}` for
units provided by packages installed into the default profile via
`nix-env -iA nixos.$package`.
Also, remove /usr and /lib as these don't exist on NixOS.
Original-Author: Eelco Dolstra <eelco.dolstra@logicblox.com>
---
src/core/systemd.pc.in | 8 ++++----
src/libsystemd/sd-path/path-lookup.c | 20 +++-----------------
2 files changed, 7 insertions(+), 21 deletions(-)
diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
index f3b85b0190..f7aa5fca50 100644
--- a/src/core/systemd.pc.in
+++ b/src/core/systemd.pc.in
@@ -43,10 +43,10 @@ systemdsystemconfdir=${systemd_system_conf_dir}
systemd_user_conf_dir=${sysconfdir}/systemd/user
systemduserconfdir=${systemd_user_conf_dir}
-systemd_system_unit_path=${systemd_system_conf_dir}:/etc/systemd/system:/run/systemd/system:/usr/local/lib/systemd/system:${systemd_system_unit_dir}:/usr/lib/systemd/system:/lib/systemd/system
+systemd_system_unit_path=${systemd_system_conf_dir}:/etc/systemd/system:/nix/var/nix/profiles/default/lib/systemd/system:/run/systemd/system:${systemd_system_unit_dir}
systemdsystemunitpath=${systemd_system_unit_path}
-systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemd_user_unit_dir}:/usr/lib/systemd/user:/usr/share/systemd/user
+systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/nix/var/nix/profiles/default/lib/systemd/user:/run/systemd/user:${systemd_user_unit_dir}
systemduserunitpath=${systemd_user_unit_path}
systemd_system_generator_dir=${prefix}/lib/systemd/system-generators
@@ -55,10 +55,10 @@ systemdsystemgeneratordir=${systemd_system_generator_dir}
systemd_user_generator_dir=${prefix}/lib/systemd/user-generators
systemdusergeneratordir=${systemd_user_generator_dir}
-systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir}
+systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:${systemd_system_generator_dir}
systemdsystemgeneratorpath=${systemd_system_generator_path}
-systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:/usr/local/lib/systemd/user-generators:${systemd_user_generator_dir}
+systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:${systemd_user_generator_dir}
systemdusergeneratorpath=${systemd_user_generator_path}
systemd_sleep_dir=${prefix}/lib/systemd/system-sleep
diff --git a/src/libsystemd/sd-path/path-lookup.c b/src/libsystemd/sd-path/path-lookup.c
index a3b09208cb..91a085c6bc 100644
--- a/src/libsystemd/sd-path/path-lookup.c
+++ b/src/libsystemd/sd-path/path-lookup.c
@@ -69,11 +69,7 @@ int runtime_directory(RuntimeScope scope, const char *suffix, char **ret) {
}
static const char* const user_data_unit_paths[] = {
- "/usr/local/lib/systemd/user",
- "/usr/local/share/systemd/user",
USER_DATA_UNIT_DIR,
- "/usr/lib/systemd/user",
- "/usr/share/systemd/user",
NULL
};
@@ -481,16 +477,13 @@ int lookup_paths_init(
persistent_config,
SYSTEM_CONFIG_UNIT_DIR,
"/etc/systemd/system",
+ "/nix/var/nix/profiles/default/lib/systemd/system",
ASSERT_PTR(persistent_attached),
ASSERT_PTR(runtime_config),
"/run/systemd/system",
ASSERT_PTR(runtime_attached),
STRV_IFNOTNULL(generator),
- "/usr/local/lib/systemd/system",
SYSTEM_DATA_UNIT_DIR,
- "/usr/lib/systemd/system",
- /* To be used ONLY for images which might be legacy split-usr */
- FLAGS_SET(flags, LOOKUP_PATHS_SPLIT_USR) ? "/lib/systemd/system" : STRV_IGNORE,
STRV_IFNOTNULL(generator_late));
break;
@@ -508,13 +501,10 @@ int lookup_paths_init(
add = strv_new(persistent_config,
USER_CONFIG_UNIT_DIR,
"/etc/systemd/user",
+ "/nix/var/nix/profiles/default/lib/systemd/user",
ASSERT_PTR(runtime_config),
"/run/systemd/user",
- "/usr/local/share/systemd/user",
- "/usr/share/systemd/user",
- "/usr/local/lib/systemd/user",
- USER_DATA_UNIT_DIR,
- "/usr/lib/systemd/user");
+ USER_DATA_UNIT_DIR);
break;
case RUNTIME_SCOPE_USER:
@@ -653,7 +643,6 @@ void lookup_paths_log(LookupPaths *lp) {
static const char* const system_generator_paths[] = {
"/run/systemd/system-generators",
"/etc/systemd/system-generators",
- "/usr/local/lib/systemd/system-generators",
SYSTEM_GENERATOR_DIR,
NULL,
};
@@ -661,7 +650,6 @@ static const char* const system_generator_paths[] = {
static const char* const user_generator_paths[] = {
"/run/systemd/user-generators",
"/etc/systemd/user-generators",
- "/usr/local/lib/systemd/user-generators",
USER_GENERATOR_DIR,
NULL,
};
@@ -669,7 +657,6 @@ static const char* const user_generator_paths[] = {
static const char* const system_env_generator_paths[] = {
"/run/systemd/system-environment-generators",
"/etc/systemd/system-environment-generators",
- "/usr/local/lib/systemd/system-environment-generators",
SYSTEM_ENV_GENERATOR_DIR,
NULL,
};
@@ -677,7 +664,6 @@ static const char* const system_env_generator_paths[] = {
static const char* const user_env_generator_paths[] = {
"/run/systemd/user-environment-generators",
"/etc/systemd/user-environment-generators",
- "/usr/local/lib/systemd/user-environment-generators",
USER_ENV_GENERATOR_DIR,
NULL,
};

28
pkgs/os-specific/linux/systemd/0005-Get-rid-of-a-useless-message-in-user-sessions.patch Normal file
View File

@@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Mon, 11 May 2015 15:39:38 +0200
Subject: [PATCH] Get rid of a useless message in user sessions
Namely lots of variants of
Unit nix-var-nix-db.mount is bound to inactive unit dev-disk-by\x2dlabel-nixos.device. Stopping, too.
in containers.
---
src/core/manager.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 4ccaba9054..9577b89783 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1672,7 +1672,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) {
if (!unit_is_bound_by_inactive(u, &culprit))
continue;
- log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id);
+ if (u->type != UNIT_MOUNT || detect_container() <= 0)
+ log_unit_debug(u, "Unit is stopped because bound to inactive unit %s.", culprit->id);
/* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the
* service being unnecessary after a while. */

105
pkgs/os-specific/linux/systemd/0006-hostnamed-localed-timedated-disable-methods-that-cha.patch Normal file
View File

@@ -0,0 +1,105 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Sun, 6 Dec 2015 14:26:36 +0100
Subject: [PATCH] hostnamed, localed, timedated: disable methods that change
system settings.
---
src/hostname/hostnamed.c | 6 ++++++
src/locale/localed.c | 9 +++++++++
src/timedate/timedated.c | 10 ++++++++++
3 files changed, 25 insertions(+)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index ba50b59f92..9827487453 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -1115,6 +1115,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_
if (r < 0)
return r;
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
name = empty_to_null(name);
context_read_etc_hostname(c);
@@ -1177,6 +1180,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
if (r < 0)
return r;
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
name = empty_to_null(name);
context_read_machine_info(c);
diff --git a/src/locale/localed.c b/src/locale/localed.c
index 062744519d..95bde4b1c3 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -226,6 +226,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
use_localegen = locale_gen_check_available();
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
/* If single locale without variable name is provided, then we assume it is LANG=. */
if (strv_length(l) == 1 && !strchr(l[0], '=')) {
if (!locale_is_valid(l[0]))
@@ -343,6 +346,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro
if (r < 0)
return bus_log_parse_error(r);
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
vc_context_empty_to_null(&in);
r = vc_context_verify_and_warn(&in, LOG_ERR, error);
@@ -460,6 +466,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err
if (r < 0)
return bus_log_parse_error(r);
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
x11_context_empty_to_null(&in);
r = x11_context_verify_and_warn(&in, LOG_ERR, error);
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index c79bb864df..cbd30214b7 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -676,6 +676,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error *
if (r < 0)
return r;
+ if (getenv("NIXOS_STATIC_TIMEZONE"))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing timezone via systemd is not supported when it is set in NixOS configuration.");
+
if (!timezone_is_valid(z, LOG_DEBUG))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z);
@@ -754,6 +758,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error
if (r < 0)
return r;
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
if (lrtc == c->local_rtc && !fix_system)
return sd_bus_reply_method_return(m, NULL);
@@ -948,6 +955,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error
if (r < 0)
return r;
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+ "Changing system settings via systemd is not supported on NixOS.");
+
r = context_update_ntp_status(c, bus, m);
if (r < 0)
return r;

138
pkgs/os-specific/linux/systemd/0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch Normal file
View File

@@ -0,0 +1,138 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Tue, 11 Oct 2016 13:12:08 +0300
Subject: [PATCH] Change /usr/share/zoneinfo to /etc/zoneinfo
NixOS uses this path.
---
man/localtime.xml | 4 ++--
src/basic/time-util.c | 8 ++++----
src/firstboot/firstboot.c | 2 +-
src/nspawn/nspawn.c | 4 ++--
src/timedate/timedated.c | 8 ++++----
5 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/man/localtime.xml b/man/localtime.xml
index 3a13e04a27..4fd58068a1 100644
--- a/man/localtime.xml
+++ b/man/localtime.xml
@@ -20,7 +20,7 @@
</refnamediv>
<refsynopsisdiv>
- <para><filename>/etc/localtime</filename> -&gt; <filename>../usr/share/zoneinfo/…</filename></para>
+ <para><filename>/etc/localtime</filename> -&gt; <filename>zoneinfo/…</filename></para>
</refsynopsisdiv>
<refsect1>
@@ -30,7 +30,7 @@
system-wide timezone of the local system that is used by
applications for presentation to the user. It should be an
absolute or relative symbolic link pointing to
- <filename>/usr/share/zoneinfo/</filename>, followed by a timezone
+ <filename>/etc/zoneinfo/</filename>, followed by a timezone
identifier such as <literal>Europe/Berlin</literal> or
<literal>Etc/UTC</literal>. The resulting link should lead to the
corresponding binary
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index 29afb08ebc..398ff340cd 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1418,7 +1418,7 @@ static int get_timezones_from_zone1970_tab(char ***ret) {
assert(ret);
- f = fopen("/usr/share/zoneinfo/zone1970.tab", "re");
+ f = fopen("/etc/zoneinfo/zone1970.tab", "re");
if (!f)
return -errno;
@@ -1459,7 +1459,7 @@ static int get_timezones_from_tzdata_zi(char ***ret) {
assert(ret);
- f = fopen("/usr/share/zoneinfo/tzdata.zi", "re");
+ f = fopen("/etc/zoneinfo/tzdata.zi", "re");
if (!f)
return -errno;
@@ -1570,7 +1570,7 @@ int verify_timezone(const char *name, int log_level) {
if (p - name >= PATH_MAX)
return -ENAMETOOLONG;
- t = strjoina("/usr/share/zoneinfo/", name);
+ t = strjoina("/etc/zoneinfo/", name);
fd = open(t, O_RDONLY|O_CLOEXEC);
if (fd < 0)
@@ -1622,7 +1622,7 @@ int get_timezone(char **ret) {
if (r < 0)
return r; /* Return EINVAL if not a symlink */
- const char *e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/");
+ const char *e = PATH_STARTSWITH_SET(t, "/etc/zoneinfo/", "../etc/zoneinfo/");
if (!e)
return -EINVAL;
if (!timezone_is_valid(e, LOG_DEBUG))
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index a389eeae10..c817e91991 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -598,7 +598,7 @@ static int process_timezone(int rfd) {
if (isempty(arg_timezone))
return 0;
- e = strjoina("../usr/share/zoneinfo/", arg_timezone);
+ e = strjoina("zoneinfo/", arg_timezone);
r = symlinkat_atomic_full(e, pfd, f, /* make_relative= */ false);
if (r < 0)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 74b2a237d3..cf9eabf0f2 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1851,8 +1851,8 @@ int userns_mkdir(const char *root, const char *path, mode_t mode, uid_t uid, gid
static const char *timezone_from_path(const char *path) {
return PATH_STARTSWITH_SET(
path,
- "../usr/share/zoneinfo/",
- "/usr/share/zoneinfo/");
+ "../etc/zoneinfo/",
+ "/etc/zoneinfo/");
}
static bool etc_writable(void) {
diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
index cbd30214b7..b9b2f533a4 100644
--- a/src/timedate/timedated.c
+++ b/src/timedate/timedated.c
@@ -280,7 +280,7 @@ static int context_read_data(Context *c) {
r = get_timezone(&t);
if (r == -EINVAL)
- log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /usr/share/zoneinfo/.");
+ log_warning_errno(r, "/etc/localtime should be a symbolic link to a time zone data file in /etc/zoneinfo/.");
else if (r < 0)
log_warning_errno(r, "Failed to get target of /etc/localtime: %m");
@@ -304,7 +304,7 @@ static int context_write_data_timezone(Context *c) {
if (isempty(c->zone) || streq(c->zone, "UTC")) {
- if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) {
+ if (access("/etc/zoneinfo/UTC", F_OK) < 0) {
if (unlink("/etc/localtime") < 0 && errno != ENOENT)
return -errno;
@@ -312,9 +312,9 @@ static int context_write_data_timezone(Context *c) {
return 0;
}
- source = "../usr/share/zoneinfo/UTC";
+ source = "../etc/zoneinfo/UTC";
} else {
- p = path_join("../usr/share/zoneinfo", c->zone);
+ p = path_join("../etc/zoneinfo", c->zone);
if (!p)
return -ENOMEM;

24
pkgs/os-specific/linux/systemd/0008-localectl-use-etc-X11-xkb-for-list-x11.patch Normal file
View File

@@ -0,0 +1,24 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Imuli <i@imu.li>
Date: Wed, 19 Oct 2016 08:46:47 -0400
Subject: [PATCH] localectl: use /etc/X11/xkb for list-x11-*
NixOS has an option to link the xkb data files to /etc/X11, but not to
/usr/share/X11.
---
src/locale/localectl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/locale/localectl.c b/src/locale/localectl.c
index 36dbeb9daa..265eda2751 100644
--- a/src/locale/localectl.c
+++ b/src/locale/localectl.c
@@ -301,7 +301,7 @@ static int list_x11_keymaps(int argc, char **argv, void *userdata) {
} state = NONE, look_for;
int r;
- f = fopen("/usr/share/X11/xkb/rules/base.lst", "re");
+ f = fopen("/etc/X11/xkb/rules/base.lst", "re");
if (!f)
return log_error_errno(errno, "Failed to open keyboard mapping list. %m");

35
pkgs/os-specific/linux/systemd/0009-add-rootprefix-to-lookup-dir-paths.patch Normal file
View File

@@ -0,0 +1,35 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Thu, 9 May 2019 11:15:22 +0200
Subject: [PATCH] add rootprefix to lookup dir paths
systemd does not longer use the UDEVLIBEXEC directory as root for
discovery default udev rules. By adding `$out/lib` to the lookup paths
we should again be able to discover the udev rules amongst other default
files that I might have missed.
---
src/basic/constants.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/basic/constants.h b/src/basic/constants.h
index 5aaf8f535c..934175fb51 100644
--- a/src/basic/constants.h
+++ b/src/basic/constants.h
@@ -62,13 +62,15 @@
"/etc/" n "\0" \
"/run/" n "\0" \
"/usr/local/lib/" n "\0" \
- "/usr/lib/" n "\0"
+ "/usr/lib/" n "\0" \
+ PREFIX "/lib/" n "\0"
#define CONF_PATHS(n) \
"/etc/" n, \
"/run/" n, \
"/usr/local/lib/" n, \
- "/usr/lib/" n
+ "/usr/lib/" n, \
+ PREFIX "/lib/" n
#define CONF_PATHS_STRV(n) \
STRV_MAKE(CONF_PATHS(n))

23
pkgs/os-specific/linux/systemd/0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch Normal file
View File

@@ -0,0 +1,23 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 25 Jul 2019 20:45:55 +0300
Subject: [PATCH] systemd-shutdown: execute scripts in
/etc/systemd/system-shutdown
This is needed for NixOS to use such scripts as systemd directory is immutable.
---
src/shutdown/shutdown.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
index e26a8579c5..af814cd551 100644
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@@ -358,6 +358,7 @@ static void notify_supervisor(void) {
int main(int argc, char *argv[]) {
static const char* const dirs[] = {
SYSTEM_SHUTDOWN_PATH,
+ "/etc/systemd/system-shutdown",
NULL
};
_cleanup_free_ char *cgroup = NULL;

22
pkgs/os-specific/linux/systemd/0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch Normal file
View File

@@ -0,0 +1,22 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 25 Jul 2019 20:46:58 +0300
Subject: [PATCH] systemd-sleep: execute scripts in /etc/systemd/system-sleep
This is needed for NixOS to use such scripts as systemd directory is immutable.
---
src/sleep/sleep.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c
index 181bb4ccef..2b1410d8a1 100644
--- a/src/sleep/sleep.c
+++ b/src/sleep/sleep.c
@@ -218,6 +218,7 @@ static int execute(
};
static const char* const dirs[] = {
SYSTEM_SLEEP_PATH,
+ "/etc/systemd/system-sleep",
NULL
};

29
pkgs/os-specific/linux/systemd/0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch Normal file
View File

@@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sun, 8 Mar 2020 01:05:54 +0100
Subject: [PATCH] path-util.h: add placeholder for DEFAULT_PATH_NORMAL
This will be the $PATH used to lookup ExecStart= etc. options, which
systemd itself uses extensively.
---
src/basic/path-util.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index dff5a3a549..01344e5cf6 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -17,10 +17,10 @@
#define PATH_MERGED_BIN(x) x "bin"
#define PATH_MERGED_BIN_NULSTR(x) x "bin\0"
-#define DEFAULT_PATH_WITH_SBIN PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/")
-#define DEFAULT_PATH_WITHOUT_SBIN PATH_MERGED_BIN("/usr/local/") ":" PATH_MERGED_BIN("/usr/")
+#define DEFAULT_PATH_WITH_SBIN "@defaultPathNormal@"
+#define DEFAULT_PATH_WITHOUT_SBIN DEFAULT_PATH_WITH_SBIN
-#define DEFAULT_PATH_COMPAT PATH_SPLIT_BIN("/usr/local/") ":" PATH_SPLIT_BIN("/usr/") ":" PATH_SPLIT_BIN("/")
+#define DEFAULT_PATH_COMPAT DEFAULT_PATH_WITH_SBIN
const char* default_PATH(void);

39
pkgs/os-specific/linux/systemd/0013-inherit-systemd-environment-when-calling-generators.patch Normal file
View File

@@ -0,0 +1,39 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yuriy Taraday <yorik.sar@gmail.com>
Date: Fri, 17 Jun 2022 12:45:10 +0000
Subject: [PATCH] inherit systemd environment when calling generators.
Systemd generators need access to the environment configured in
stage-2-init.sh since it schedules fsck and mkfs executions based on
being able to find an appropriate binary for the target filesystem.
With this commit I am altering the systemd behaviour since upstream
tries to gather environments with that they call
"environment-generators" and then seems to pass that on to all the other
executables that are being called from managers.
---
src/core/manager.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/core/manager.c b/src/core/manager.c
index 9577b89783..9cfd2798b9 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -4158,9 +4158,17 @@ static int build_generator_environment(Manager *m, char ***ret) {
* adjust generated units to that. Let's pass down some bits of information that are easy for us to
* determine (but a bit harder for generator scripts to determine), as environment variables. */
+ // On NixOS we must propagate PATH to generators so they are
+ // able to find binaries such as `fsck.${fstype}` and
+ // `mkfs.${fstype}`. That is why we ignore transient_environment that
+ // overrides the PATH variable. This propagates systemd's
+ // environment (e.g. PATH) that was setup
+ // before calling systemd from stage-2-init.sh.
+#if 0
nl = strv_copy(m->transient_environment);
if (!nl)
return -ENOMEM;
+#endif
r = strv_env_assign(&nl, "SYSTEMD_SCOPE", runtime_scope_to_string(m->runtime_scope));
if (r < 0)

37
pkgs/os-specific/linux/systemd/0014-core-don-t-taint-on-unmerged-usr.patch Normal file
View File

@@ -0,0 +1,37 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: oxalica <oxalicc@pm.me>
Date: Tue, 4 Oct 2022 09:18:07 +0800
Subject: [PATCH] core: don't taint on unmerged /usr
NixOS has very different approach towards /bin and /sbin - they don't
really exist (except for /bin/sh and /usr/bin/env, because these are used
heavily in shebangs around the world). The concept of merged or unmerged
usr doesn't really apply here at all, it's neither of the two.
Users don't execute things from /bin or /sbin, there's nothing else in
there. In all cases, systemd doesn't look things up from /usr/bin or /bin,
so showing the taint isn't really helpful.
See also: https://github.com/systemd/systemd/issues/24191
---
src/core/taint.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/src/core/taint.c b/src/core/taint.c
index b7a1c647a2..c04864c478 100644
--- a/src/core/taint.c
+++ b/src/core/taint.c
@@ -41,14 +41,6 @@ char** taint_strv(void) {
_cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL;
- if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
- stage[n++] = "unmerged-usr";
-
- /* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks
- * too. */
- if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin"))
- stage[n++] = "unmerged-bin";
-
if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run"))
stage[n++] = "var-run-bad";

41
pkgs/os-specific/linux/systemd/0015-tpm2_context_init-fix-driver-name-checking.patch Normal file
View File

@@ -0,0 +1,41 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Sun, 15 Jan 2023 20:15:55 +0800
Subject: [PATCH] tpm2_context_init: fix driver name checking
https://github.com/systemd/systemd/commit/542dbc623e introduced
additional checks for tpm2 driver names, namely ensuring the driver
name, when concated with "libtss2-tcti-" and ".so.0", generates a valid
filename (with no '/' inside).
For example, if the driver is name "device", the line
fn = strjoina("libtss2-tcti-", driver, ".so.0")
would yield "libtss2-tcti-device.so.0", passing the check. And the
filename is then passed to dlopen for loading the driver.
Our current approach for systemd to correctly locate these dynamically
loaded libraries is to patch the filenames to include their absolute
path. Thus the line mentioned above is patched into
fn = strjoina("/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-", driver, ".so.0")
yielding "/nix/store/xxxxxxx-tpm2-tss-3.2.0/lib/libtss2-tcti-device.so.0",
tripping the check.
This patch relaxes the check to also accept absolute paths, by replacing
filename_is_valid with path_is_valid.
---
src/shared/tpm2-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 5b6b3ea93c..8ab04241b6 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -721,7 +721,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
fn = strjoina("libtss2-tcti-", driver, ".so.0");
/* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */
- if (!filename_is_valid(fn))
+ if (!path_is_valid(fn))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver);
context->tcti_dl = dlopen(fn, RTLD_NOW|RTLD_NODELETE);

45
pkgs/os-specific/linux/systemd/0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch Normal file
View File

@@ -0,0 +1,45 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Fri, 1 Sep 2023 09:57:02 +0200
Subject: [PATCH] systemctl-edit: suggest `systemdctl edit --runtime` on system
scope
This is a NixOS-specific change. When trying to modify a unit with
`systemctl edit` on NixOS, it'll fail with "Read-only file system":
$ systemctl edit libvirtd
Failed to open "/etc/systemd/system/libvirtd.service.d/.#override.conffa9825a0c9a249eb": Read-only file system
This is because `/etc/systemd/system` is a symlink into the store. In
fact, I'd consider this a feature rather than a bug since this ensures I
don't introduce state imperatively.
However, people wrongly assume that it's not possible to edit units
ad-hoc and re-deploy their system for quick&dirty debugging where this
would be absolutely fine (and doable with `--runtime` which adds a
transient and non-persistent unit override in `/run`).
To make sure that people learn about it quicker, this patch
throws an error which suggests using `--runtime` when running
`systemctl edit` on the system scope.
For the user scope this isn't needed because user-level unit overrides
are written into `$XDG_CONFIG_HOME/systemd/user`.
---
src/systemctl/systemctl-edit.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/systemctl/systemctl-edit.c b/src/systemctl/systemctl-edit.c
index 7165fa1cf7..7498cf9f4c 100644
--- a/src/systemctl/systemctl-edit.c
+++ b/src/systemctl/systemctl-edit.c
@@ -323,6 +323,9 @@ int verb_edit(int argc, char *argv[], void *userdata) {
sd_bus *bus;
int r;
+ if (!arg_runtime && arg_runtime_scope == RUNTIME_SCOPE_SYSTEM)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "The unit-directory '/etc/systemd/system' is read-only on NixOS, so it's not possible to edit system-units directly. Use 'systemctl edit --runtime' instead.");
+
if (!on_tty() && !arg_stdin)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit units interactively if not on a tty.");

21
pkgs/os-specific/linux/systemd/0017-meson.build-do-not-create-systemdstatedir.patch Normal file
View File

@@ -0,0 +1,21 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: nikstur <nikstur@outlook.com>
Date: Mon, 6 Nov 2023 22:51:38 +0100
Subject: [PATCH] meson.build: do not create systemdstatedir
---
meson.build | 1 -
1 file changed, 1 deletion(-)
diff --git a/meson.build b/meson.build
index a4730f0570..b5aaecd669 100644
--- a/meson.build
+++ b/meson.build
@@ -2815,7 +2815,6 @@ install_data('LICENSE.GPL2',
install_subdir('LICENSES',
install_dir : docdir)
-install_emptydir(systemdstatedir)
#####################################################################

29
pkgs/os-specific/linux/systemd/0018-meson-Don-t-link-ssh-dropins.patch Normal file
View File

@@ -0,0 +1,29 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marie Ramlow <me@nycode.dev>
Date: Sun, 24 Nov 2024 20:04:35 +0100
Subject: [PATCH] meson: Don't link ssh dropins
---
meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index b5aaecd669..91b23f2d72 100644
--- a/meson.build
+++ b/meson.build
@@ -207,13 +207,13 @@ sshconfdir = get_option('sshconfdir')
if sshconfdir == ''
sshconfdir = sysconfdir / 'ssh/ssh_config.d'
endif
-conf.set10('LINK_SSH_PROXY_DROPIN', sshconfdir != 'no' and not sshconfdir.startswith('/usr/'))
+conf.set10('LINK_SSH_PROXY_DROPIN', 0)
sshdconfdir = get_option('sshdconfdir')
if sshdconfdir == ''
sshdconfdir = sysconfdir / 'ssh/sshd_config.d'
endif
-conf.set10('LINK_SSHD_USERDB_DROPIN', sshdconfdir != 'no' and not sshdconfdir.startswith('/usr/'))
+conf.set10('LINK_SSHD_USERDB_DROPIN', 0)
sshdprivsepdir = get_option('sshdprivsepdir')
conf.set10('CREATE_SSHDPRIVSEPDIR', sshdprivsepdir != 'no' and not sshdprivsepdir.startswith('/usr/'))

22
pkgs/os-specific/linux/systemd/0019-install-unit_file_exists_full-follow-symlinks.patch Normal file
View File

@@ -0,0 +1,22 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marie Ramlow <me@nycode.dev>
Date: Fri, 10 Jan 2025 15:51:33 +0100
Subject: [PATCH] install: unit_file_exists_full: follow symlinks
---
src/shared/install.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/install.c b/src/shared/install.c
index 6d87858a3c..8da022eb64 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -3226,7 +3226,7 @@ int unit_file_exists_full(RuntimeScope scope, const LookupPaths *lp, const char
&c,
lp,
name,
- /* flags= */ 0,
+ /* flags= */ SEARCH_FOLLOW_CONFIG_SYMLINKS,
ret_path ? &info : NULL,
/* changes= */ NULL,
/* n_changes= */ NULL);

43
pkgs/os-specific/linux/systemd/0020-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch Normal file
View File

@@ -0,0 +1,43 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yuri Nesterov <yuriy.nesterov@unikie.com>
Date: Wed, 21 Jun 2023 17:17:38 +0300
Subject: [PATCH] timesyncd: disable NSCD when DNSSEC validation is disabled
Systemd-timesyncd sets SYSTEMD_NSS_RESOLVE_VALIDATE=0 in the unit file
to disable DNSSEC validation but it doesn't work when NSCD is used in
the system. This patch disabes NSCD in systemd-timesyncd when
SYSTEMD_NSS_RESOLVE_VALIDATE is set to 0 so that it uses NSS libraries
directly.
---
src/timesync/timesyncd.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index d002501d29..9b835dc031 100644
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -23,6 +23,11 @@
#include "timesyncd-conf.h"
#include "timesyncd-manager.h"
#include "user-util.h"
+#include "env-util.h"
+
+struct traced_file;
+extern void __nss_disable_nscd(void (*)(size_t, struct traced_file *));
+static void register_traced_file(size_t dbidx, struct traced_file *finfo) {}
static int advance_tstamp(int fd, usec_t epoch) {
assert(fd >= 0);
@@ -201,6 +206,12 @@ static int run(int argc, char *argv[]) {
if (r < 0)
return log_error_errno(r, "Failed to parse fallback server strings: %m");
+ r = secure_getenv_bool("SYSTEMD_NSS_RESOLVE_VALIDATE");
+ if (r == 0) {
+ log_info("Disabling NSCD because DNSSEC validation is turned off");
+ __nss_disable_nscd(register_traced_file);
+ }
+
log_debug("systemd-timesyncd running as pid " PID_FMT, getpid_cached());
notify_message = notify_start("READY=1\n"

1087
pkgs/os-specific/linux/systemd/default.nix Normal file
View File

File diff suppressed because it is too large Load Diff