Merge branch 'master' into staging-next

Conflicts - GitHub wouldn't auto-resolve them but my local git did: pkgs/development/cuda-modules/cuda/overrides.nix
author: Vladimír Čunát <v@cunat.cz> 2024-07-04 10:10:22 +0200
committer: Vladimír Čunát <v@cunat.cz> 2024-07-04 10:10:22 +0200
commit: 44b36397c2796d3e3f1f82215e9e4a810e99204d (patch)
tree: bd4bcc5d076bcea5c5e2a70f768a58c6896455dd /pkgs/os-specific
parent: 1a386e193d1a19e3e176f4642697f5abae60b126 (diff)
parent: 213b7c561bdd292f11ff99373222c2545c53ce7a (diff)
74 files changed, 1253 insertions, 133 deletions
diff --git a/pkgs/os-specific/bsd/freebsd/lib/default.nix b/pkgs/os-specific/bsd/freebsd/lib/default.nix
index d022f7cfa14c6..3fea3bc3e7f22 100644
--- a/pkgs/os-specific/bsd/freebsd/lib/default.nix
+++ b/pkgs/os-specific/bsd/freebsd/lib/default.nix
@@ -1,4 +1,8 @@
-{ version }:
+{
+  version,
+  lib,
+  writeText,
+}:
 
 {
   inherit version;
@@ -15,4 +19,65 @@
     .${stdenv'.hostPlatform.parsed.cpu.name} or stdenv'.hostPlatform.parsed.cpu.name;
 
   install-wrapper = builtins.readFile ../../lib/install-wrapper.sh;
+
+  # this function takes a list of patches and a list of paths and returns a list of derivations,
+  # one per file that is patched, containing the actual patch contents. This allows us to have
+  # extract only the patches that are relevant for a given subset of the source tree.
+  # note: the "list of patches" input can be a directory containing patch files, a path or a list of valid inputs to this argument, recursively.
+  filterPatches =
+    patches: paths:
+    let
+      isDir =
+        file:
+        let
+          base = baseNameOf file;
+          type = (builtins.readDir (dirOf file)).${base} or null;
+        in
+        file == /. || type == "directory";
+      consolidatePatches =
+        patches:
+        if (lib.isDerivation patches) then
+          [ patches ]
+        else if (builtins.isPath patches) then
+          (if (isDir patches) then (lib.filesystem.listFilesRecursive patches) else [ patches ])
+        else if (builtins.isList patches) then
+          (lib.flatten (builtins.map consolidatePatches patches))
+        else
+          throw "Bad patches - must be path or derivation or list thereof";
+      consolidated = consolidatePatches patches;
+      splitPatch =
+        patchFile:
+        let
+          allLines' = lib.strings.splitString "\n" (builtins.readFile patchFile);
+          allLines = builtins.filter (
+            line: !((lib.strings.hasPrefix "diff --git" line) || (lib.strings.hasPrefix "index " line))
+          ) allLines';
+          foldFunc =
+            a: b:
+            if ((lib.strings.hasPrefix "--- " b) || (lib.strings.hasPrefix "diff --git " b)) then
+              (a ++ [ [ b ] ])
+            else
+              ((lib.lists.init a) ++ (lib.lists.singleton ((lib.lists.last a) ++ [ b ])));
+          partitionedPatches' = lib.lists.foldl foldFunc [ [ ] ] allLines;
+          partitionedPatches =
+            if (builtins.length partitionedPatches' > 1) then
+              (lib.lists.drop 1 partitionedPatches')
+            else
+              (throw "${patchFile} does not seem to be a unified patch (diff -u). this is required for FreeBSD.");
+          filterFunc =
+            patchLines:
+            let
+              prefixedPath = builtins.elemAt (builtins.split " |\t" (builtins.elemAt patchLines 1)) 2;
+              unfixedPath = lib.path.subpath.join (lib.lists.drop 1 (lib.path.subpath.components prefixedPath));
+            in
+            lib.lists.any (included: lib.path.hasPrefix (/. + ("/" + included)) (/. + ("/" + unfixedPath))) (
+              paths
+            );
+          filteredLines = builtins.filter filterFunc partitionedPatches;
+          derive = patchLines: writeText "freebsd-patch" (lib.concatLines patchLines);
+          derivedPatches = builtins.map derive filteredLines;
+        in
+        derivedPatches;
+    in
+    lib.lists.concatMap splitPatch consolidated;
 }
diff --git a/pkgs/os-specific/bsd/freebsd/package-set.nix b/pkgs/os-specific/bsd/freebsd/package-set.nix
index 4ff6cb2102490..e9f45ed64c709 100644
--- a/pkgs/os-specific/bsd/freebsd/package-set.nix
+++ b/pkgs/os-specific/bsd/freebsd/package-set.nix
@@ -7,6 +7,7 @@
   versionData,
   buildFreebsd,
   patchesRoot,
+  writeText,
 }:
 
 self:
@@ -39,6 +40,7 @@ lib.packagesFromDirectoryRecursive {
         ]
       )
     );
+    inherit lib writeText;
   };
 
   # The manual callPackages below should in principle be unnecessary, but are
diff --git a/pkgs/os-specific/bsd/freebsd/patches/14.0/libifconfig-no-internal.patch b/pkgs/os-specific/bsd/freebsd/patches/14.0/libifconfig-no-internal.patch
new file mode 100644
index 0000000000000..a84ca0ff89ffd
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/patches/14.0/libifconfig-no-internal.patch
@@ -0,0 +1,36 @@
+diff --git a/lib/libifconfig/Makefile b/lib/libifconfig/Makefile
+index 6bdb202bec1d..ebc626901cfc 100644
+--- a/lib/libifconfig/Makefile
++++ b/lib/libifconfig/Makefile
+@@ -1,7 +1,6 @@
+ 
+ PACKAGE=	lib${LIB}
+ LIB=		ifconfig
+-INTERNALLIB=	true
+ 
+ LIBADD=		m
+ 
+@@ -36,8 +35,8 @@ SRCS+=	${GEN}
+ CLEANFILES+= ${GEN}
+ 
+ # If libifconfig become public uncomment those two lines
+-#INCSDIR=	${INCLUDEDIR}
+-#INCS=		libifconfig.h libifconfig_sfp.h libifconfig_sfp_tables.h
++INCSDIR=	${INCLUDEDIR}
++INCS=		libifconfig.h libifconfig_sfp.h libifconfig_sfp_tables.h
+ 
+ #MAN=		libifconfig.3
+ 
+diff --git a/lib/libifconfig/Symbol.map b/lib/libifconfig/Symbol.map
+index 2d80fb31652a..8b08947112e5 100644
+--- a/lib/libifconfig/Symbol.map
++++ b/lib/libifconfig/Symbol.map
+@@ -2,6 +2,8 @@ FBSD_1.6 {
+ 	ifconfig_bridge_get_bridge_status;
+ 	ifconfig_bridge_free_bridge_status;
+ 	ifconfig_carp_get_info;
++	ifconfig_carp_get_vhid;
++	ifconfig_carp_set_info;
+ 	ifconfig_close;
+ 	ifconfig_create_interface;
+ 	ifconfig_create_interface_vlan;
diff --git a/pkgs/os-specific/bsd/freebsd/patches/14.0/mount-use-path.patch b/pkgs/os-specific/bsd/freebsd/patches/14.0/mount-use-path.patch
new file mode 100644
index 0000000000000..614c327dda69a
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/patches/14.0/mount-use-path.patch
@@ -0,0 +1,18 @@
+diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c
+index 2fcc94e40818..7de6da1bb20e 100644
+--- a/sbin/mount/mount.c
++++ b/sbin/mount/mount.c
+@@ -155,12 +155,9 @@ exec_mountprog(const char *name, const char *execname, char *const argv[])
+ 		EXIT(1);
+ 	case 0:					/* Child. */
+ 		/* Go find an executable. */
+-		execvP(execname, _PATH_SYSPATH, argv);
++		execvp(execname, argv);
+ 		if (errno == ENOENT) {
+ 			xo_warn("exec %s not found", execname);
+-			if (execname[0] != '/') {
+-				xo_warnx("in path: %s", _PATH_SYSPATH);
+-			}
+ 		}
+ 		EXIT(1);
+ 	default:				/* Parent. */
diff --git a/pkgs/os-specific/bsd/freebsd/patches/14.0/rc-user.patch b/pkgs/os-specific/bsd/freebsd/patches/14.0/rc-user.patch
new file mode 100644
index 0000000000000..27e8f9a13f211
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/patches/14.0/rc-user.patch
@@ -0,0 +1,17 @@
+diff --git a/libexec/rc/rc b/libexec/rc/rc
+index 0ea61a4b2c0a..d9bfb228224c 100644
+--- a/libexec/rc/rc
++++ b/libexec/rc/rc
+@@ -87,6 +87,12 @@ if ! [ -e ${firstboot_sentinel} ]; then
+ 	skip_firstboot="-s firstboot"
+ fi
+ 
++if [ -z "$USER_LOGIN" ]; then
++        skip="$skip -s user"
++else
++        skip="$skip -k user"
++fi
++
+ # Do a first pass to get everything up to $early_late_divider so that
+ # we can do a second pass that includes $local_startup directories
+ #
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/bintrans.nix b/pkgs/os-specific/bsd/freebsd/pkgs/bintrans.nix
new file mode 100644
index 0000000000000..d10426e26ca1b
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/bintrans.nix
@@ -0,0 +1,5 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "usr.bin/bintrans";
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/bsdlabel.nix b/pkgs/os-specific/bsd/freebsd/pkgs/bsdlabel.nix
new file mode 100644
index 0000000000000..45d5516ecc78d
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/bsdlabel.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, libgeom }:
+mkDerivation {
+  path = "sbin/bsdlabel";
+  extraPaths = [ "sys/geom" ];
+  buildInputs = [ libgeom ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/cap_mkdb.nix b/pkgs/os-specific/bsd/freebsd/pkgs/cap_mkdb.nix
new file mode 100644
index 0000000000000..d579b5605bcf2
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/cap_mkdb.nix
@@ -0,0 +1,6 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "usr.bin/cap_mkdb";
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/daemon.nix b/pkgs/os-specific/bsd/freebsd/pkgs/daemon.nix
new file mode 100644
index 0000000000000..b7c29ccfc2a51
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/daemon.nix
@@ -0,0 +1,5 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "usr.sbin/daemon";
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/devfs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/devfs.nix
new file mode 100644
index 0000000000000..8fc29aa382d6f
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/devfs.nix
@@ -0,0 +1,10 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "sbin/devfs";
+
+  # These config files are mostly examples and not super useful
+  # in nixbsd
+  postPatch = ''
+    sed -i 's/^CONFS=.*$//' $BSDSRCDIR/sbin/devfs/Makefile
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/dmesg.nix b/pkgs/os-specific/bsd/freebsd/pkgs/dmesg.nix
new file mode 100644
index 0000000000000..f2412ff557666
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/dmesg.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "sbin/dmesg";
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod-firmware.nix b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod-firmware.nix
new file mode 100644
index 0000000000000..002b9276cf5b7
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod-firmware.nix
@@ -0,0 +1,54 @@
+{
+  lib,
+  mkDerivation,
+  fetchFromGitHub,
+  buildFreebsd,
+  sys,
+  withAmd ? true,
+  withIntel ? true,
+}:
+mkDerivation rec {
+  pname =
+    "drm-kmod-firmware" + lib.optionalString withAmd "-amd" + lib.optionalString withIntel "-intel";
+
+  version = "20230625_8";
+
+  src = fetchFromGitHub {
+    owner = "freebsd";
+    repo = "drm-kmod-firmware";
+    rev = version;
+    hash = "sha256-Ly9B0zf+YODel/X1sZYVVUVWh38faNLhkcXcjEnQwII=";
+  };
+
+  extraNativeBuildInputs = [ buildFreebsd.xargs-j ];
+
+  hardeningDisable = [
+    "pic" # generates relocations the linker can't handle
+    "stackprotector" # generates stack protection for the function generating the stack canary
+  ];
+
+  # hardeningDisable = stackprotector doesn't seem to be enough, put it in cflags too
+  NIX_CFLAGS_COMPILE = "-fno-stack-protector";
+
+  KMODS =
+    lib.optional withIntel "i915kmsfw"
+    ++ lib.optionals withAmd [
+      "amdgpukmsfw"
+      "radeonkmsfw"
+    ];
+
+  env = sys.passthru.env;
+  SYSDIR = "${sys.src}/sys";
+
+  KMODDIR = "${builtins.placeholder "out"}/kernel";
+
+  meta = {
+    description = "GPU firmware for FreeBSD drm-kmod";
+    platforms = lib.platforms.freebsd;
+    license =
+      lib.optional withAmd lib.licenses.unfreeRedistributableFirmware
+      # Intel license prohibits modification. this will wrap firmware files in an ELF
+      ++ lib.optional withIntel lib.licenses.unfree;
+    sourceProvenance = [ lib.sourceTypes.binaryFirmware ];
+  };
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/package.nix b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/package.nix
new file mode 100644
index 0000000000000..42806392d217a
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/package.nix
@@ -0,0 +1,53 @@
+{
+  lib,
+  mkDerivation,
+  fetchFromGitHub,
+  xargs-j,
+  versionData,
+  sys,
+}:
+let
+  # Based off ports tree versions
+  reldate = lib.toIntBase10 versionData.reldate;
+  branch =
+    if reldate >= 1500008 then
+      "6.1-lts"
+    else if reldate >= 1400097 then
+      "5.15-lts"
+    else if reldate >= 1302000 then
+      "5.10-lts"
+    else
+      throw "drm-kmod not supported on FreeBSD version ${reldate}";
+
+  fetchOptions = (lib.importJSON ./versions.json).${branch};
+in
+mkDerivation {
+  pname = "drm-kmod";
+  version = branch;
+
+  src = fetchFromGitHub fetchOptions;
+
+  extraNativeBuildInputs = [ xargs-j ];
+
+  hardeningDisable = [
+    "pic" # generates relocations the linker can't handle
+    "stackprotector" # generates stack protection for the function generating the stack canary
+  ];
+
+  # hardeningDisable = stackprotector doesn't seem to be enough, put it in cflags too
+  NIX_CFLAGS_COMPILE = "-fno-stack-protector";
+
+  env = sys.passthru.env;
+  SYSDIR = "${sys.src}/sys";
+
+  KMODDIR = "${builtins.placeholder "out"}/kernel";
+
+  meta = {
+    description = "Linux drm driver, ported to FreeBSD";
+    platforms = lib.platforms.freebsd;
+    license = with lib.licenses; [
+      bsd2
+      gpl2Only
+    ];
+  };
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/update.py b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/update.py
new file mode 100755
index 0000000000000..c724e3cbd104a
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/update.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i python -p python3 nix-prefetch-github git
+
+import subprocess
+import json
+import os.path
+
+BRANCHES = ["5.10-lts", "5.15-lts", "6.1-lts"]
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+
+versions = dict()
+
+for branch in BRANCHES:
+    text = subprocess.check_output(
+        ["nix-prefetch-github", "freebsd", "drm-kmod", "--rev", branch, "--json"]
+    ).decode("utf-8")
+    versions[branch] = json.loads(text)
+
+with open(os.path.join(BASE_DIR, "versions.json"), "w") as out:
+    json.dump(versions, out, sort_keys=True, indent=2)
+    out.write("\n")
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/versions.json b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/versions.json
new file mode 100644
index 0000000000000..9375e53e9d4dd
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/drm-kmod/versions.json
@@ -0,0 +1,20 @@
+{
+  "5.10-lts": {
+    "hash": "sha256-6v8FhaEch9fJfo0/1UXeo0bcZh5n4Y2TyAsyHmCBJgw=",
+    "owner": "freebsd",
+    "repo": "drm-kmod",
+    "rev": "e7950546196d44af502dd6abf162d1453f6f0dd0"
+  },
+  "5.15-lts": {
+    "hash": "sha256-i768QfnYo2hqxnoCEnfYqOurDSRwkAsC4qsP7TUalxc=",
+    "owner": "freebsd",
+    "repo": "drm-kmod",
+    "rev": "d7dc64fb8e63208afaca01e6d48284aa2305df35"
+  },
+  "6.1-lts": {
+    "hash": "sha256-+CsqQ0beJgoO3SSWzwLcAO8JP15oaDW9HR+bxwPaan4=",
+    "owner": "freebsd",
+    "repo": "drm-kmod",
+    "rev": "f2d6d4b58446fa45de575bae76d6435439b3ca8b"
+  }
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/fdisk.nix b/pkgs/os-specific/bsd/freebsd/pkgs/fdisk.nix
new file mode 100644
index 0000000000000..62654008955c4
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/fdisk.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, libgeom }:
+mkDerivation {
+  path = "sbin/fdisk";
+
+  buildInputs = [ libgeom ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/fsck.nix b/pkgs/os-specific/bsd/freebsd/pkgs/fsck.nix
new file mode 100644
index 0000000000000..ba55a5f651ed4
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/fsck.nix
@@ -0,0 +1,5 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "sbin/fsck";
+  extraPaths = [ "sbin/mount" ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/geom.nix b/pkgs/os-specific/bsd/freebsd/pkgs/geom.nix
new file mode 100644
index 0000000000000..552d2e420120a
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/geom.nix
@@ -0,0 +1,44 @@
+{
+  mkDerivation,
+  libgeom,
+  libufs,
+  openssl,
+}:
+let
+  libs = mkDerivation {
+    name = "geom-class-libs";
+    path = "lib/geom";
+    extraPaths = [
+      "lib/Makefile.inc"
+      "sbin/geom"
+      "sys/geom"
+
+      # geli isn't okay with just libcrypt, it wants files in here
+      "sys/crypto/sha2"
+      "sys/opencrypto"
+    ];
+
+    # libgeom needs sbuf and bsdxml but linker doesn't know that
+    buildInputs = [
+      libgeom
+      libufs
+      openssl
+    ];
+
+    # tools want geom headers but don't seem to declare it
+    preBuild = ''
+      export NIX_CFLAGS_COMPILE="-I$BSDSRCDIR/sys $NIX_CFLAGS_COMPILE";
+    '';
+  };
+in
+mkDerivation {
+  path = "sbin/geom";
+  extraPaths = [
+    "lib/Makefile.inc"
+    "lib/geom"
+  ];
+
+  GEOM_CLASS_DIR = "${libs}/lib";
+
+  buildInputs = [ libgeom ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/getent.nix b/pkgs/os-specific/bsd/freebsd/pkgs/getent.nix
new file mode 100644
index 0000000000000..4d812f506b4dc
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/getent.nix
@@ -0,0 +1 @@
+{ mkDerivation }: mkDerivation { path = "usr.bin/getent"; }
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/getty.nix b/pkgs/os-specific/bsd/freebsd/pkgs/getty.nix
new file mode 100644
index 0000000000000..4335a21fe4f3c
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/getty.nix
@@ -0,0 +1,21 @@
+{
+  mkDerivation,
+  login,
+  wrappedLogin ? null,
+}:
+mkDerivation {
+  path = "libexec/getty";
+
+  postPatch = ''
+    sed -E -i -e "s|/usr/bin/login|${
+      if (wrappedLogin != null) then wrappedLogin else "${login}/bin/login"
+    }|g" $BSDSRCDIR/libexec/getty/*.h
+  '';
+
+  MK_TESTS = "no";
+
+  postInstall = ''
+    mkdir -p $out/etc
+    cp $BSDSRCDIR/libexec/getty/gettytab $out/etc/gettytab
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/id.nix b/pkgs/os-specific/bsd/freebsd/pkgs/id.nix
new file mode 100644
index 0000000000000..d838995f89bd7
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/id.nix
@@ -0,0 +1 @@
+{ mkDerivation }: mkDerivation { path = "usr.bin/id"; }
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/ifconfig.nix b/pkgs/os-specific/bsd/freebsd/pkgs/ifconfig.nix
new file mode 100644
index 0000000000000..16b20733af4b3
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/ifconfig.nix
@@ -0,0 +1,24 @@
+{
+  mkDerivation,
+  compatIfNeeded,
+  libifconfig,
+  lib80211,
+  libjail,
+  libnv,
+}:
+mkDerivation {
+  path = "sbin/ifconfig";
+
+  buildInputs = compatIfNeeded ++ [
+    libifconfig
+    lib80211
+    libjail
+    libnv
+  ];
+
+  # ifconfig believes libifconfig is internal and thus PIE.
+  # We build libifconfig as an external library
+  MK_PIE = "no";
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/init.nix b/pkgs/os-specific/bsd/freebsd/pkgs/init.nix
new file mode 100644
index 0000000000000..502c532b82e8d
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/init.nix
@@ -0,0 +1,7 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "sbin/init";
+  extraPaths = [ "sbin/mount" ];
+  NO_FSCHG = "yes";
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/kldconfig.nix b/pkgs/os-specific/bsd/freebsd/pkgs/kldconfig.nix
new file mode 100644
index 0000000000000..29f2a1b54308f
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/kldconfig.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "sbin/kldconfig";
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/kldload.nix b/pkgs/os-specific/bsd/freebsd/pkgs/kldload.nix
new file mode 100644
index 0000000000000..a39909dc03692
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/kldload.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "sbin/kldload";
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/kldstat.nix b/pkgs/os-specific/bsd/freebsd/pkgs/kldstat.nix
new file mode 100644
index 0000000000000..164376a6bff90
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/kldstat.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "sbin/kldstat";
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/kldunload.nix b/pkgs/os-specific/bsd/freebsd/pkgs/kldunload.nix
new file mode 100644
index 0000000000000..fc622fc9edade
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/kldunload.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "sbin/kldunload";
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/lib80211.nix b/pkgs/os-specific/bsd/freebsd/pkgs/lib80211.nix
new file mode 100644
index 0000000000000..1cc8d337e0572
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/lib80211.nix
@@ -0,0 +1,13 @@
+{
+  mkDerivation,
+  libsbuf,
+  libbsdxml,
+}:
+mkDerivation {
+  path = "lib/lib80211";
+  buildInputs = [
+    libsbuf
+    libbsdxml
+  ];
+  clangFixup = true;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libbsdxml.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libbsdxml.nix
new file mode 100644
index 0000000000000..333e4048c8376
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libbsdxml.nix
@@ -0,0 +1,6 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "lib/libexpat";
+  extraPaths = [ "contrib/expat" ];
+  buildInputs = [ ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libbsm.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libbsm.nix
new file mode 100644
index 0000000000000..96ec9fd84d383
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libbsm.nix
@@ -0,0 +1,7 @@
+{ mkDerivation, libpam }:
+mkDerivation {
+  path = "lib/libbsm";
+  extraPaths = [ "contrib/openbsm" ];
+  buildInputs = [ libpam ];
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libgeom.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libgeom.nix
new file mode 100644
index 0000000000000..295d9d75c5370
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libgeom.nix
@@ -0,0 +1,17 @@
+{
+  mkDerivation,
+  libbsdxml,
+  libsbuf,
+}:
+mkDerivation {
+  path = "lib/libgeom";
+  buildInputs = [
+    libbsdxml
+    libsbuf
+  ];
+
+  makeFlags = [
+    "SHLIB_MAJOR=1"
+    "STRIP=-s"
+  ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libifconfig.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libifconfig.nix
new file mode 100644
index 0000000000000..4d7ab09b0c00c
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libifconfig.nix
@@ -0,0 +1,9 @@
+{ mkDerivation, buildPackages }:
+mkDerivation {
+  path = "lib/libifconfig";
+  extraPaths = [
+    "tools/lua"
+    "lib/libc/Versions.def"
+  ];
+  LUA = "${buildPackages.lua}/bin/lua";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libipsec.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libipsec.nix
new file mode 100644
index 0000000000000..a250448bac54d
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libipsec.nix
@@ -0,0 +1,9 @@
+{ mkDerivation, buildPackages }:
+mkDerivation {
+  path = "lib/libipsec";
+
+  extraNativeBuildInputs = [
+    buildPackages.byacc
+    buildPackages.flex
+  ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libkiconv.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libkiconv.nix
new file mode 100644
index 0000000000000..543f3e7ac042f
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libkiconv.nix
@@ -0,0 +1,5 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "lib/libkiconv";
+  extraPaths = [ "sys" ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libpam.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libpam.nix
new file mode 100644
index 0000000000000..2afb20377d6bb
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libpam.nix
@@ -0,0 +1,44 @@
+{
+  mkDerivation,
+  openssl,
+  libradius,
+}:
+mkDerivation {
+  path = "lib/libpam/libpam";
+  extraPaths = [
+    "lib/libpam"
+    "contrib/openpam"
+    "lib/Makefile.inc"
+    "contrib/pam_modules"
+    "crypto/openssh"
+  ];
+  buildInputs = [
+    libradius
+    openssl
+  ];
+
+  MK_NIS = "no"; # TODO
+
+  # TODO
+  postPatch = ''
+    sed -E -i -e /pam_tacplus/d $BSDSRCDIR/lib/libpam/modules/modules.inc
+    sed -E -i -e /pam_krb5/d $BSDSRCDIR/lib/libpam/modules/modules.inc
+    sed -E -i -e /pam_ksu/d $BSDSRCDIR/lib/libpam/modules/modules.inc
+    sed -E -i -e /pam_ssh/d $BSDSRCDIR/lib/libpam/modules/modules.inc
+  '';
+
+  preBuild = ''
+    export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I$BSDSRCDIR/lib/libpam/libpam -DOPENPAM_MODULES_DIRECTORY=\"$out/lib\""
+  '';
+
+  MK_TESTS = "no";
+
+  postInstall = ''
+    make $makeFlags installconfig
+
+    export NIX_LDFLAGS="$NIX_LDFLAGS -L$out/lib"
+    make -C $BSDSRCDIR/lib/libpam/modules $makeFlags
+    make -C $BSDSRCDIR/lib/libpam/modules $makeFlags install
+    make -C $BSDSRCDIR/lib/libpam/modules $makeFlags installconfig
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libradius.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libradius.nix
new file mode 100644
index 0000000000000..9766d75e6c3f7
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libradius.nix
@@ -0,0 +1,14 @@
+{
+  mkDerivation,
+  openssl,
+  libmd,
+}:
+mkDerivation {
+  path = "lib/libradius";
+  buildInputs = [
+    libmd
+    openssl
+  ];
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libsysdecode.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libsysdecode.nix
new file mode 100644
index 0000000000000..da78404e2a58f
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libsysdecode.nix
@@ -0,0 +1,14 @@
+{ mkDerivation, stdenv }:
+mkDerivation {
+  path = "lib/libsysdecode";
+  extraPaths = [
+    "sys"
+    "libexec/rtld-elf"
+  ];
+
+  preBuild = ''
+    sed -E -i -e "s|..INCLUDEDIR.|${stdenv.cc.libc}/include|g" $BSDSRCDIR/lib/libsysdecode/Makefile
+  '';
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libufs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libufs.nix
new file mode 100644
index 0000000000000..c0d71eb2b9c13
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libufs.nix
@@ -0,0 +1,8 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "lib/libufs";
+  extraPaths = [
+    "sys/libkern"
+    "sys/ufs"
+  ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/libzfs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/libzfs.nix
new file mode 100644
index 0000000000000..fcb4b29dc14d6
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/libzfs.nix
@@ -0,0 +1,85 @@
+{
+  mkDerivation,
+  lib,
+  libbsdxml,
+  libgeom,
+  openssl,
+  zfs-data,
+  zlib,
+}:
+# When I told you this was libzfs, I lied.
+# This is actually all the openzfs libs.
+# We need to build a bunch of them before libzfs otherwise it complains
+# For the dependency tree see sys/contrib/openzfs/lib/Makefile.am
+# or cddl/lib/Makefile
+let
+  libs = [
+    # Not really "zfs" libraries, they're solaris compatiblity libraries
+    "libspl"
+    "libumem"
+
+    # Libraires with no dependencies here execpt libumem and libspl
+    "libavl"
+    "libicp"
+    "libnvpair"
+    "libtpool"
+
+    # Depend only on the previous ones
+    "libzutil"
+    "libzfs_core"
+    "libuutil"
+
+    # Final libraries
+    "libzpool"
+    "libzfs"
+  ];
+in
+mkDerivation {
+  path = "cddl/lib/libzfs";
+  extraPaths = [
+    "cddl/Makefile.inc"
+    "cddl/compat/opensolaris"
+    "cddl/lib"
+    "sys/contrib/openzfs"
+    "sys/modules/zfs"
+  ];
+
+  buildInputs = [
+    libbsdxml
+    libgeom
+    openssl
+    zlib
+  ];
+
+  postPatch = ''
+    # libnvpair uses `struct xdr_bytesrec`, which is never defined when this is set
+    # no idea how this works upstream
+    sed -i 's/-DHAVE_XDR_BYTESREC//' $BSDSRCDIR/cddl/lib/libnvpair/Makefile
+
+    # libzfs wants some files from compatibility.d, put them in the store
+    sed -i 's|/usr/share/zfs|${zfs-data}/share/zfs|' $BSDSRCDIR/cddl/lib/libzfs/Makefile
+  '';
+
+  # If we don't specify an object directory then
+  # make will try to put openzfs objects in nonexistant directories.
+  # This one seems to work
+  preBuild =
+    ''
+      export MAKEOBJDIRPREFIX=$BSDSRCDIR/obj
+    ''
+    + lib.flip lib.concatMapStrings libs (libname: ''
+      echo "building dependency ${libname}"
+      make -C $BSDSRCDIR/cddl/lib/${libname} $makeFlags
+      make -C $BSDSRCDIR/cddl/lib/${libname} $makeFlags install
+    '');
+
+  outputs = [
+    "out"
+    "debug"
+  ];
+
+  meta = {
+    platforms = lib.platforms.freebsd;
+    license = with lib.licenses; [ cddl ];
+  };
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/limits.nix b/pkgs/os-specific/bsd/freebsd/pkgs/limits.nix
new file mode 100644
index 0000000000000..1e045c8a13fae
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/limits.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, libutil }:
+mkDerivation {
+  path = "usr.bin/limits";
+  buildInputs = [ libutil ];
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/login.nix b/pkgs/os-specific/bsd/freebsd/pkgs/login.nix
new file mode 100644
index 0000000000000..8952068b8e9c1
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/login.nix
@@ -0,0 +1,28 @@
+{
+  mkDerivation,
+  libutil,
+  libpam,
+  libbsm,
+  cap_mkdb,
+}:
+mkDerivation {
+  path = "usr.bin/login";
+  buildInputs = [
+    libutil
+    libpam
+    libbsm
+  ];
+  extraNativeBuildInputs = [ cap_mkdb ];
+
+  postPatch = ''
+    sed -E -i -e "s|..DESTDIR./etc|\''${CONFDIR}|g" $BSDSRCDIR/usr.bin/login/Makefile
+  '';
+
+  MK_TESTS = "no";
+  MK_SETUID_LOGIN = "no";
+
+  postInstall = ''
+    mkdir -p $out/etc
+    make $makeFlags installconfig
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/makefs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/makefs.nix
new file mode 100644
index 0000000000000..c685a84264b7a
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/makefs.nix
@@ -0,0 +1,24 @@
+{
+  mkDerivation,
+  libnetbsd,
+  compatIfNeeded,
+  libsbuf,
+}:
+mkDerivation {
+  path = "usr.sbin/makefs";
+  extraPaths = [
+    "stand/libsa"
+    "sys/cddl/boot"
+    "sys/ufs/ffs"
+    "sbin/newfs_msdos"
+    "contrib/mtree"
+    "contrib/mknod"
+    "sys/fs/cd9660"
+  ];
+  buildInputs = compatIfNeeded ++ [
+    libnetbsd
+    libsbuf
+  ];
+  MK_TESTS = "no";
+  MK_PIE = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/mdconfig.nix b/pkgs/os-specific/bsd/freebsd/pkgs/mdconfig.nix
new file mode 100644
index 0000000000000..b5e13344d94ac
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/mdconfig.nix
@@ -0,0 +1,7 @@
+{ mkDerivation, libgeom }:
+mkDerivation {
+  path = "sbin/mdconfig";
+  buildInputs = [ libgeom ];
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/mkDerivation.nix b/pkgs/os-specific/bsd/freebsd/pkgs/mkDerivation.nix
index a085367ac68e6..ec4b698116b9c 100644
--- a/pkgs/os-specific/bsd/freebsd/pkgs/mkDerivation.nix
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/mkDerivation.nix
@@ -2,9 +2,6 @@
   lib,
   stdenv,
   stdenvNoCC,
-  stdenvNoLibs,
-  overrideCC,
-  buildPackages,
   versionData,
   writeText,
   patches,
@@ -24,15 +21,7 @@
 lib.makeOverridable (
   attrs:
   let
-    stdenv' =
-      if attrs.noCC or false then
-        stdenvNoCC
-      else if attrs.noLibc or false then
-        stdenvNoLibs
-      else if attrs.noLibcxx or false then
-        overrideCC stdenv buildPackages.llvmPackages.clangNoLibcxx
-      else
-        stdenv;
+    stdenv' = if attrs.noCC or false then stdenvNoCC else stdenv;
   in
   stdenv'.mkDerivation (
     rec {
@@ -117,61 +106,10 @@ lib.makeOverridable (
     }
     // {
       patches =
-        let
-          isDir =
-            file:
-            let
-              base = baseNameOf file;
-              type = (builtins.readDir (dirOf file)).${base} or null;
-            in
-            file == /. || type == "directory";
-          consolidatePatches =
-            patches:
-            if (lib.isDerivation patches) then
-              [ patches ]
-            else if (builtins.isPath patches) then
-              (if (isDir patches) then (lib.filesystem.listFilesRecursive patches) else [ patches ])
-            else if (builtins.isList patches) then
-              (lib.flatten (builtins.map consolidatePatches patches))
-            else
-              throw "Bad patches - must be path or derivation or list thereof";
-          consolidated = consolidatePatches patches;
-          splitPatch =
-            patchFile:
-            let
-              allLines' = lib.strings.splitString "\n" (builtins.readFile patchFile);
-              allLines = builtins.filter (
-                line: !((lib.strings.hasPrefix "diff --git" line) || (lib.strings.hasPrefix "index " line))
-              ) allLines';
-              foldFunc =
-                a: b:
-                if ((lib.strings.hasPrefix "--- " b) || (lib.strings.hasPrefix "diff --git " b)) then
-                  (a ++ [ [ b ] ])
-                else
-                  ((lib.lists.init a) ++ (lib.lists.singleton ((lib.lists.last a) ++ [ b ])));
-              partitionedPatches' = lib.lists.foldl foldFunc [ [ ] ] allLines;
-              partitionedPatches =
-                if (builtins.length partitionedPatches' > 1) then
-                  (lib.lists.drop 1 partitionedPatches')
-                else
-                  (throw "${patchFile} does not seem to be a unified patch (diff -u). this is required for FreeBSD.");
-              filterFunc =
-                patchLines:
-                let
-                  prefixedPath = builtins.elemAt (builtins.split " |\t" (builtins.elemAt patchLines 1)) 2;
-                  unfixedPath = lib.path.subpath.join (lib.lists.drop 1 (lib.path.subpath.components prefixedPath));
-                in
-                lib.lists.any (included: lib.path.hasPrefix (/. + ("/" + included)) (/. + ("/" + unfixedPath))) (
-                  (attrs.extraPaths or [ ]) ++ [ attrs.path ]
-                );
-              filteredLines = builtins.filter filterFunc partitionedPatches;
-              derive = patchLines: writeText "freebsd-patch" (lib.concatLines patchLines);
-              derivedPatches = builtins.map derive filteredLines;
-            in
-            derivedPatches;
-          picked = lib.lists.concatMap splitPatch consolidated;
-        in
-        picked ++ attrs.patches or [ ];
+        (lib.optionals (attrs.autoPickPatches or true) (
+          freebsd-lib.filterPatches patches (attrs.extraPaths or [ ] ++ [ attrs.path ])
+        ))
+        ++ attrs.patches or [ ];
     }
   )
 )
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/mkimg.nix b/pkgs/os-specific/bsd/freebsd/pkgs/mkimg.nix
new file mode 100644
index 0000000000000..00982a2a52a74
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/mkimg.nix
@@ -0,0 +1,6 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "usr.bin/mkimg";
+  extraPaths = [ "sys/sys/disk" ];
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/mount.nix b/pkgs/os-specific/bsd/freebsd/pkgs/mount.nix
new file mode 100644
index 0000000000000..a4885871ad1c5
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/mount.nix
@@ -0,0 +1,13 @@
+{
+  mkDerivation,
+  libutil,
+  libxo,
+  ...
+}:
+mkDerivation {
+  path = "sbin/mount";
+  buildInputs = [
+    libutil
+    libxo
+  ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/mount_msdosfs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/mount_msdosfs.nix
new file mode 100644
index 0000000000000..da42260ffbad5
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/mount_msdosfs.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, libkiconv }:
+mkDerivation {
+  path = "sbin/mount_msdosfs";
+  extraPaths = [ "sbin/mount" ];
+  buildInputs = [ libkiconv ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/newfs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/newfs.nix
new file mode 100644
index 0000000000000..7b7af7fcb25f8
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/newfs.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, libufs }:
+mkDerivation {
+  path = "sbin/newfs";
+  extraPaths = [ "sys/geom" ];
+  buildInputs = [ libufs ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/newfs_msdos.nix b/pkgs/os-specific/bsd/freebsd/pkgs/newfs_msdos.nix
new file mode 100644
index 0000000000000..274421a1a0966
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/newfs_msdos.nix
@@ -0,0 +1,6 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "sbin/newfs_msdos";
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/newsyslog.nix b/pkgs/os-specific/bsd/freebsd/pkgs/newsyslog.nix
new file mode 100644
index 0000000000000..947f324587ba5
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/newsyslog.nix
@@ -0,0 +1,15 @@
+{
+  mkDerivation,
+  compatIfNeeded,
+  libsbuf,
+}:
+mkDerivation {
+  path = "usr.sbin/newsyslog";
+
+  buildInputs = compatIfNeeded ++ [ libsbuf ];
+
+  # The only subdir is newsyslog.conf.d, all config files we don't want
+  postPatch = ''
+    sed -E -i -e '/^SUBDIR/d' $BSDSRCDIR/usr.sbin/newsyslog/Makefile
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/nscd.nix b/pkgs/os-specific/bsd/freebsd/pkgs/nscd.nix
new file mode 100644
index 0000000000000..c3ae6d46f0675
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/nscd.nix
@@ -0,0 +1,5 @@
+{ mkDerivation, libutil, ... }:
+mkDerivation {
+  path = "usr.sbin/nscd";
+  buildInputs = [ libutil ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/ping.nix b/pkgs/os-specific/bsd/freebsd/pkgs/ping.nix
new file mode 100644
index 0000000000000..ea209db2b960d
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/ping.nix
@@ -0,0 +1,24 @@
+{
+  mkDerivation,
+  lib,
+  libcasper,
+  libcapsicum,
+  libipsec,
+}:
+mkDerivation {
+  path = "sbin/ping";
+  buildInputs = [
+    libcasper
+    libcapsicum
+    libipsec
+  ];
+
+  postPatch = ''
+    sed -i 's/4555/0555/' $BSDSRCDIR/sbin/ping/Makefile
+  '';
+
+  MK_TESTS = "no";
+  clangFixup = true;
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/protect.nix b/pkgs/os-specific/bsd/freebsd/pkgs/protect.nix
new file mode 100644
index 0000000000000..00e5dcfb16e94
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/protect.nix
@@ -0,0 +1 @@
+{ mkDerivation }: mkDerivation { path = "usr.bin/protect"; }
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/pwd_mkdb.nix b/pkgs/os-specific/bsd/freebsd/pkgs/pwd_mkdb.nix
new file mode 100644
index 0000000000000..27c3a9cec42ac
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/pwd_mkdb.nix
@@ -0,0 +1,6 @@
+{ mkDerivation, ... }:
+mkDerivation {
+  path = "usr.sbin/pwd_mkdb";
+
+  extraPaths = [ "lib/libc/gen" ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/rc.nix b/pkgs/os-specific/bsd/freebsd/pkgs/rc.nix
new file mode 100644
index 0000000000000..92b645851b9c1
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/rc.nix
@@ -0,0 +1,76 @@
+{
+  mkDerivation,
+  lib,
+  sysctl,
+  bash,
+  rcorder,
+  bin,
+  stat,
+  id,
+  protect,
+  mount,
+}:
+let
+  rcDepsPath = lib.makeBinPath [
+    sysctl
+    bin
+    bash
+    rcorder
+    stat
+    id
+    mount
+    protect
+  ];
+in
+mkDerivation {
+  path = "libexec/rc";
+  MK_TESTS = "no";
+
+  postPatch =
+    ''
+      substituteInPlace "$BSDSRCDIR/libexec/rc/rc.d/Makefile" "$BSDSRCDIR/libexec/rc/Makefile" --replace-fail /etc $out/etc
+      substituteInPlace "$BSDSRCDIR/libexec/rc/rc.d/Makefile" --replace-fail /var $out/var
+    ''
+    + (
+      let
+        bins = [
+          "/sbin/sysctl"
+          "/usr/bin/protect"
+          "/usr/bin/id"
+          "/bin/ps"
+          "/bin/cpuset"
+          "/usr/bin/stat"
+          "/bin/rm"
+          "/bin/chmod"
+          "/bin/cat"
+          "/bin/sync"
+          "/bin/sleep"
+          "/bin/date"
+        ];
+        scripts = [
+          "rc"
+          "rc.initdiskless"
+          "rc.shutdown"
+          "rc.subr"
+          "rc.suspend"
+          "rc.resume"
+        ];
+        scriptPaths = "$BSDSRCDIR/libexec/rc/{${lib.concatStringsSep "," scripts}}";
+      in
+      # set PATH correctly in scripts
+      ''
+        sed -E -i -e "s|PATH=.*|PATH=${rcDepsPath}|g" ${scriptPaths}
+      ''
+      # replace executable absolute filepaths with PATH lookups
+      + lib.concatMapStringsSep "\n" (fname: ''
+        sed -E -i -e "s|${fname}|${lib.last (lib.splitString "/" fname)}|g" \
+          ${scriptPaths}'') bins
+    );
+
+  skipIncludesPhase = true;
+
+  postInstall = ''
+    makeFlags="$(sed -E -e 's/CONFDIR=[^ ]*//g' <<<"$makeFlags")"
+    make $makeFlags installconfig
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/rcorder.nix b/pkgs/os-specific/bsd/freebsd/pkgs/rcorder.nix
new file mode 100644
index 0000000000000..ddacf18e7b95e
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/rcorder.nix
@@ -0,0 +1 @@
+{ mkDerivation }: mkDerivation { path = "sbin/rcorder"; }
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/reboot.nix b/pkgs/os-specific/bsd/freebsd/pkgs/reboot.nix
new file mode 100644
index 0000000000000..10a042dc45fde
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/reboot.nix
@@ -0,0 +1,6 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "sbin/reboot";
+
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/route.nix b/pkgs/os-specific/bsd/freebsd/pkgs/route.nix
new file mode 100644
index 0000000000000..83278e7857971
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/route.nix
@@ -0,0 +1,10 @@
+{
+  mkDerivation,
+  compatIfNeeded,
+  libjail,
+}:
+mkDerivation {
+  path = "sbin/route";
+  buildInputs = compatIfNeeded ++ [ libjail ];
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/services_mkdb.nix b/pkgs/os-specific/bsd/freebsd/pkgs/services_mkdb.nix
new file mode 100644
index 0000000000000..33c07093260ef
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/services_mkdb.nix
@@ -0,0 +1,8 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "usr.sbin/services_mkdb";
+  postInstall = ''
+    mkdir -p $out/etc
+    cp $BSDSRCDIR/usr.sbin/services_mkdb/services $out/etc/services
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/shutdown.nix b/pkgs/os-specific/bsd/freebsd/pkgs/shutdown.nix
new file mode 100644
index 0000000000000..4d32db0ed1da4
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/shutdown.nix
@@ -0,0 +1,9 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "sbin/shutdown";
+
+  MK_TESTS = "no";
+  preBuild = ''
+    sed -i 's/4554/0554/' Makefile
+  '';
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/stand-efi.nix b/pkgs/os-specific/bsd/freebsd/pkgs/stand-efi.nix
new file mode 100644
index 0000000000000..c2d42af7814a4
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/stand-efi.nix
@@ -0,0 +1,60 @@
+{
+  lib,
+  stdenv,
+  mkDerivation,
+  include,
+  buildPackages,
+  freebsd-lib,
+  vtfontcvt,
+}:
+let
+  hostArchBsd = freebsd-lib.mkBsdArch stdenv;
+in
+mkDerivation {
+  path = "stand/efi";
+  extraPaths = [
+    "contrib/bzip2"
+    "contrib/llvm-project/compiler-rt/lib/builtins"
+    "contrib/lua"
+    "contrib/pnglite"
+    "contrib/terminus"
+    "lib/libc"
+    "lib/liblua"
+    "libexec/flua"
+    "stand"
+    "sys"
+  ];
+  extraNativeBuildInputs = [ vtfontcvt ];
+
+  makeFlags = [
+    "STRIP=-s" # flag to install, not command
+    "MK_MAN=no"
+    "MK_TESTS=no"
+    "OBJCOPY=${lib.getBin buildPackages.binutils-unwrapped}/bin/${buildPackages.binutils-unwrapped.targetPrefix}objcopy"
+  ] ++ lib.optional (!stdenv.hostPlatform.isFreeBSD) "MK_WERROR=no";
+
+  hardeningDisable = [ "stackprotector" ];
+
+  # ???
+  preBuild = ''
+    NIX_CFLAGS_COMPILE+=" -I${include}/include -I$BSDSRCDIR/sys/sys -I$BSDSRCDIR/sys/${hostArchBsd}/include"
+    export NIX_CFLAGS_COMPILE
+
+    make -C $BSDSRCDIR/stand/libsa $makeFlags
+    make -C $BSDSRCDIR/stand/ficl $makeFlags
+    make -C $BSDSRCDIR/stand/liblua $makeFlags
+  '';
+
+  postPatch = ''
+    sed -E -i -e 's|/bin/pwd|${buildPackages.coreutils}/bin/pwd|' $BSDSRCDIR/stand/defs.mk
+    #sed -E -i -e 's|-e start|-Wl,-e,start|g' $BSDSRCDIR/stand/i386/Makefile.inc $BSDSRCDIR/stand/i386/*/Makefile
+  '';
+
+  postInstall = ''
+    mkdir -p $out/bin/lua
+    cp $BSDSRCDIR/stand/lua/*.lua $out/bin/lua
+    cp -r $BSDSRCDIR/stand/defaults $out/bin/defaults
+  '';
+
+  meta.platforms = lib.platforms.freebsd;
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/stat.nix b/pkgs/os-specific/bsd/freebsd/pkgs/stat.nix
index a801ab895441c..78c01ae498bd3 100644
--- a/pkgs/os-specific/bsd/freebsd/pkgs/stat.nix
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/stat.nix
@@ -19,4 +19,6 @@ mkDerivation {
     mandoc
     groff
   ];
+
+  MK_TESTS = "no";
 }
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/swapon.nix b/pkgs/os-specific/bsd/freebsd/pkgs/swapon.nix
new file mode 100644
index 0000000000000..d7bd8a870b8f4
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/swapon.nix
@@ -0,0 +1 @@
+{ mkDerivation }: mkDerivation { path = "sbin/swapon"; }
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/sys/package.nix b/pkgs/os-specific/bsd/freebsd/pkgs/sys/package.nix
index 86f847cbd45cf..5bca92269212f 100644
--- a/pkgs/os-specific/bsd/freebsd/pkgs/sys/package.nix
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/sys/package.nix
@@ -1,85 +1,137 @@
 {
-  stdenv,
+  lib,
   mkDerivation,
-  freebsd-lib,
+  stdenv,
   buildPackages,
+  freebsd-lib,
+  patches,
+  filterSource,
+  applyPatches,
+  baseConfig ? "GENERIC",
+  extraFlags ? { },
   bsdSetupHook,
+  mandoc,
+  groff,
+  gawk,
   freebsdSetupHook,
   makeMinimal,
   install,
-  mandoc,
-  groff,
   config,
   rpcgen,
   file2c,
-  gawk,
-  uudecode,
+  bintrans,
   xargs-j,
 }:
-
-mkDerivation (
-  let
-    cfg = "MINIMAL";
-  in
-  rec {
+let
+  hostArchBsd = freebsd-lib.mkBsdArch stdenv;
+  filteredSource = filterSource {
+    pname = "sys";
     path = "sys";
-
-    nativeBuildInputs = [
-      bsdSetupHook
-      freebsdSetupHook
-      makeMinimal
-      install
-      mandoc
-      groff
-
-      config
-      rpcgen
-      file2c
-      gawk
-      uudecode
-      xargs-j
+    extraPaths = [ "include" ];
+  };
+  patchedSource = applyPatches {
+    src = filteredSource;
+    patches = freebsd-lib.filterPatches patches [
+      "sys"
+      "include"
     ];
+    postPatch = ''
+      for f in sys/conf/kmod.mk sys/contrib/dev/acpica/acpica_prep.sh; do
+        substituteInPlace "$f" --replace-warn 'xargs -J' 'xargs-j '
+      done
+
+      for f in sys/conf/*.mk; do
+        substituteInPlace "$f" --replace-quiet 'KERN_DEBUGDIR}''${' 'KERN_DEBUGDIR_'
+      done
 
-    # --dynamic-linker /red/herring is used when building the kernel.
-    NIX_ENFORCE_PURITY = 0;
+      sed -i sys/${hostArchBsd}/conf/${baseConfig} \
+        -e 's/WITH_CTF=1/WITH_CTF=0/' \
+        -e '/KDTRACE/d'
+    '';
+  };
 
-    AWK = "${buildPackages.gawk}/bin/awk";
+  # Kernel modules need this for kern.opts.mk
+  env =
+    {
+      MK_CTF = "no";
+    }
+    // (lib.flip lib.mapAttrs' extraFlags (
+      name: value: {
+        name = "MK_${lib.toUpper name}";
+        value = if value then "yes" else "no";
+      }
+    ));
+in
+mkDerivation rec {
+  pname = "sys";
 
-    CWARNEXTRA = "-Wno-error=shift-negative-value -Wno-address-of-packed-member";
+  # Patch source outside of this derivation so out-of-tree modules can use it
+  src = patchedSource;
+  path = "sys";
+  autoPickPatches = false;
 
-    MK_CTF = "no";
+  nativeBuildInputs = [
+    bsdSetupHook
+    mandoc
+    groff
+    gawk
+    freebsdSetupHook
+    makeMinimal
+    install
+    config
+    rpcgen
+    file2c
+    bintrans
+    xargs-j
+  ];
 
-    KODIR = "${builtins.placeholder "out"}/kernel";
-    KMODDIR = "${builtins.placeholder "out"}/kernel";
-    DTBDIR = "${builtins.placeholder "out"}/dbt";
+  # --dynamic-linker /red/herring is used when building the kernel.
+  NIX_ENFORCE_PURITY = 0;
 
-    KERN_DEBUGDIR = "${builtins.placeholder "out"}/debug";
-    KERN_DEBUGDIR_KODIR = "${KERN_DEBUGDIR}/kernel";
-    KERN_DEBUGDIR_KMODDIR = "${KERN_DEBUGDIR}/kernel";
+  AWK = "${buildPackages.gawk}/bin/awk";
 
-    skipIncludesPhase = true;
+  CWARNEXTRA = "-Wno-error=shift-negative-value -Wno-address-of-packed-member";
 
-    configurePhase = ''
-      runHook preConfigure
+  hardeningDisable = [
+    "pic" # generates relocations the linker can't handle
+    "stackprotector" # generates stack protection for the function generating the stack canary
+  ];
 
-      for f in conf/kmod.mk contrib/dev/acpica/acpica_prep.sh; do
-        substituteInPlace "$f" --replace 'xargs -J' 'xargs-j '
-      done
+  # hardeningDisable = stackprotector doesn't seem to be enough, put it in cflags too
+  NIX_CFLAGS_COMPILE = "-fno-stack-protector";
 
-      for f in conf/*.mk; do
-        substituteInPlace "$f" --replace 'KERN_DEBUGDIR}''${' 'KERN_DEBUGDIR_'
-      done
+  inherit env;
+  passthru.env = env;
 
-      cd ${freebsd-lib.mkBsdArch stdenv}/conf
-      sed -i ${cfg} \
-        -e 's/WITH_CTF=1/WITH_CTF=0/' \
-        -e '/KDTRACE/d'
-      config ${cfg}
+  KODIR = "${builtins.placeholder "out"}/kernel";
+  KMODDIR = "${builtins.placeholder "out"}/kernel";
+  DTBDIR = "${builtins.placeholder "out"}/dbt";
 
-      runHook postConfigure
-    '';
-    preBuild = ''
-      cd ../compile/${cfg}
-    '';
-  }
-)
+  KERN_DEBUGDIR = "${builtins.placeholder "debug"}/lib/debug";
+  KERN_DEBUGDIR_KODIR = "${KERN_DEBUGDIR}/kernel";
+  KERN_DEBUGDIR_KMODDIR = "${KERN_DEBUGDIR}/kernel";
+
+  skipIncludesPhase = true;
+
+  configurePhase = ''
+    runHook preConfigure
+
+    cd ${hostArchBsd}/conf
+    config ${baseConfig}
+
+    runHook postConfigure
+  '';
+  preBuild = ''
+    cd ../compile/${baseConfig}
+  '';
+
+  outputs = [
+    "out"
+    "debug"
+  ];
+
+  meta = {
+    description = "FreeBSD kernel and modules";
+    platforms = lib.platforms.freebsd;
+  };
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/sysctl.nix b/pkgs/os-specific/bsd/freebsd/pkgs/sysctl.nix
new file mode 100644
index 0000000000000..42b956614c510
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/sysctl.nix
@@ -0,0 +1,5 @@
+{ mkDerivation, ... }:
+mkDerivation {
+  path = "sbin/sysctl";
+  MK_TESTS = "no";
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/syslogd.nix b/pkgs/os-specific/bsd/freebsd/pkgs/syslogd.nix
new file mode 100644
index 0000000000000..33b7acdf9800c
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/syslogd.nix
@@ -0,0 +1,23 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "usr.sbin/syslogd";
+
+  extraPaths = [
+    "usr.bin/wall"
+    "sys/sys"
+  ];
+
+  # These want to install some config files which we don't want
+  MK_FTP = "no";
+  MK_LPR = "no";
+  MK_PPP = "no";
+
+  MK_TESTS = "no";
+
+  meta = {
+    description = "FreeBSD syslog daemon";
+    maintainers = with lib.maintainers; [ artemist ];
+    platforms = lib.platforms.freebsd;
+    license = lib.licenses.bsd2;
+  };
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/top.nix b/pkgs/os-specific/bsd/freebsd/pkgs/top.nix
new file mode 100644
index 0000000000000..0059fb731d2dd
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/top.nix
@@ -0,0 +1,17 @@
+{
+  mkDerivation,
+  libjail,
+  libncurses-tinfo,
+  libutil,
+  libsbuf,
+  ...
+}:
+mkDerivation {
+  path = "usr.bin/top";
+  buildInputs = [
+    libjail
+    libncurses-tinfo
+    libutil
+    libsbuf
+  ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/truss.nix b/pkgs/os-specific/bsd/freebsd/pkgs/truss.nix
new file mode 100644
index 0000000000000..df00db4367bd9
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/truss.nix
@@ -0,0 +1,5 @@
+{ mkDerivation, libsysdecode }:
+mkDerivation {
+  path = "usr.bin/truss";
+  buildInputs = [ libsysdecode ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/vtfontcvt.nix b/pkgs/os-specific/bsd/freebsd/pkgs/vtfontcvt.nix
new file mode 100644
index 0000000000000..a0ea69b3fd4d1
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/vtfontcvt.nix
@@ -0,0 +1,5 @@
+{ mkDerivation }:
+mkDerivation {
+  path = "usr.bin/vtfontcvt";
+  extraPaths = [ "sys/cddl/contrib/opensolaris/common/lz4" ];
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/zfs-data.nix b/pkgs/os-specific/bsd/freebsd/pkgs/zfs-data.nix
new file mode 100644
index 0000000000000..8b13f7ba9d767
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/zfs-data.nix
@@ -0,0 +1,9 @@
+{ mkDerivation, lib }:
+mkDerivation {
+  path = "cddl/share/zfs/compatibility.d";
+  extraPaths = [ "sys/contrib/openzfs/cmd/zpool/compatibility.d" ];
+
+  meta = with lib; {
+    license = licenses.cddl;
+  };
+}
diff --git a/pkgs/os-specific/bsd/freebsd/pkgs/zfs.nix b/pkgs/os-specific/bsd/freebsd/pkgs/zfs.nix
new file mode 100644
index 0000000000000..505fa37fe2d7b
--- /dev/null
+++ b/pkgs/os-specific/bsd/freebsd/pkgs/zfs.nix
@@ -0,0 +1,49 @@
+{
+  mkDerivation,
+  lib,
+  libgeom,
+  libjail,
+  libzfs,
+  openssl,
+  zfs-data,
+}:
+mkDerivation {
+  path = "cddl/sbin/zfs";
+  extraPaths = [
+    "cddl/compat/opensolaris"
+    "cddl/sbin/zpool"
+    "sys/contrib/openzfs"
+    "sys/modules/zfs"
+  ];
+
+  buildInputs = [
+    libgeom
+    libjail
+    libzfs
+    openssl
+  ];
+
+  postPatch = ''
+    sed -i 's|/usr/share/zfs|${zfs-data}/share/zfs|' $BSDSRCDIR/cddl/sbin/zpool/Makefile
+  '';
+
+  # I lied, this is both zpool and zfs
+  preBuild = ''
+    make -C $BSDSRCDIR/cddl/sbin/zpool $makeFlags
+    make -C $BSDSRCDIR/cddl/sbin/zpool $makeFlags install
+  '';
+
+  outputs = [
+    "out"
+    "man"
+    "debug"
+  ];
+
+  meta = {
+    platforms = lib.platforms.freebsd;
+    license = with lib.licenses; [
+      cddl
+      bsd2
+    ];
+  };
+}
diff --git a/pkgs/os-specific/linux/kernel/mainline.nix b/pkgs/os-specific/linux/kernel/mainline.nix
index 4e1d5b8a9e87c..862ba8e8ddcce 100644
--- a/pkgs/os-specific/linux/kernel/mainline.nix
+++ b/pkgs/os-specific/linux/kernel/mainline.nix
@@ -1,7 +1,10 @@
+let
+  allKernels = builtins.fromJSON (builtins.readFile ./kernels-org.json);
+in
+
 { branch, lib, fetchurl, fetchzip, buildLinux, ... } @ args:
 
 let
-  allKernels = builtins.fromJSON (builtins.readFile ./kernels-org.json);
   thisKernel = allKernels.${branch};
   inherit (thisKernel) version;
 
diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix
index bcb5dafa137b6..6a2296fda4fce 100644
--- a/pkgs/os-specific/linux/policycoreutils/default.nix
+++ b/pkgs/os-specific/linux/policycoreutils/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   pname = "policycoreutils";
-  version = "3.6";
+  version = "3.7";
   inherit (libsepol) se_url;
 
   src = fetchurl {
     url = "${se_url}/${version}/policycoreutils-${version}.tar.gz";
-    hash = "sha256-p2rEMepAo1qDFkzpAHkJwcbBL9EFZif2IhROSnBcCiw=";
+    hash = "sha256-WP5OSB7ftEVsEUklRC4ROJ3xc5SSWs26PeIRFFzl6pg=";
   };
 
   postPatch = ''
diff --git a/pkgs/os-specific/linux/sd-switch/default.nix b/pkgs/os-specific/linux/sd-switch/default.nix
index b8dfd36d5919c..f14595d655be4 100644
--- a/pkgs/os-specific/linux/sd-switch/default.nix
+++ b/pkgs/os-specific/linux/sd-switch/default.nix
@@ -1,6 +1,6 @@
 { lib, fetchFromSourcehut, rustPlatform, nix-update-script }:
 
-let version = "0.5.0";
+let version = "0.5.1";
 in rustPlatform.buildRustPackage {
   pname = "sd-switch";
   inherit version;
@@ -9,10 +9,10 @@ in rustPlatform.buildRustPackage {
     owner = "~rycee";
     repo = "sd-switch";
     rev = version;
-    hash = "sha256-TESS+CwwEugAz+grzndunAoKF9Or/Jl7tftL392fUaM=";
+    hash = "sha256-Kns49Qv3oWNmbLoLTKIcWIewDz4cR7uyMA3IHnhKyxA=";
   };
 
-  cargoHash = "sha256-QEnleFwEIoKATupj0sSV/GUztQoozEsb3SEgnfFzAfw=";
+  cargoHash = "sha256-r20dJMF+0q3XLm2hn9/LTv43ApmhjJNgeiMCLfwBnOk=";
 
   passthru = {
     updateScript = nix-update-script { };
author	Vladimír Čunát <v@cunat.cz>	2024-07-04 10:10:22 +0200
committer	Vladimír Čunát <v@cunat.cz>	2024-07-04 10:10:22 +0200
commit	44b36397c2796d3e3f1f82215e9e4a810e99204d (patch)
tree	bd4bcc5d076bcea5c5e2a70f768a58c6896455dd /pkgs/os-specific
parent	1a386e193d1a19e3e176f4642697f5abae60b126 (diff)
parent	213b7c561bdd292f11ff99373222c2545c53ce7a (diff)