diff options
Diffstat (limited to 'pkgs/os-specific/linux')
25 files changed, 176 insertions, 88 deletions
diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index 3c5427340baf8..b1d85f2674cbf 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, alsa-ucm-conf, alsa-topology-conf }: stdenv.mkDerivation rec { - name = "alsa-lib-1.2.3"; + pname = "alsa-lib"; + version = "1.2.4"; src = fetchurl { - url = "mirror://alsa/lib/${name}.tar.bz2"; - sha256 = "13k7dx1g749z74rz71hs5j8z0pqdjgx7l69pn0vsy7jizhi0kw02"; + url = "mirror://alsa/lib/${pname}-${version}.tar.bz2"; + sha256 = "sha256-91VL4aVs3/RotY/BwpuVtkhkxZADjdMJx6l4xxFpCPc="; }; patches = [ diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 64fa92be86583..3ce310acf231b 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -14,7 +14,7 @@ let apparmor-series = "2.13"; - apparmor-patchver = "5"; + apparmor-patchver = "6"; apparmor-version = apparmor-series + "." + apparmor-patchver; apparmor-meta = component: with stdenv.lib; { @@ -27,7 +27,7 @@ let apparmor-sources = fetchurl { url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "05x7r99k00r97v1cq2f711lv6yqzhbl8zp1i1c7kxra4v0a2lzk3"; + sha256 = "13xshy7905d9q9n8d8i0jmdi9m36wr525g4wlsp8k21n7yvvh9j4"; }; prePatchCommon = '' diff --git a/pkgs/os-specific/linux/btfs/default.nix b/pkgs/os-specific/linux/btfs/default.nix index 762baa5871126..6d919ce57d4f0 100644 --- a/pkgs/os-specific/linux/btfs/default.nix +++ b/pkgs/os-specific/linux/btfs/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, autoreconfHook, pkgconfig -, python3, boost, fuse, libtorrentRasterbar, curl }: +, python3, boost, fuse, libtorrent-rasterbar, curl }: stdenv.mkDerivation rec { pname = "btfs"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook pkgconfig ]; buildInputs = [ - boost fuse libtorrentRasterbar curl python3 + boost fuse libtorrent-rasterbar curl python3 ]; meta = with stdenv.lib; { diff --git a/pkgs/os-specific/linux/evdi/default.nix b/pkgs/os-specific/linux/evdi/default.nix index 119ba22ca2642..986bb402e57ff 100644 --- a/pkgs/os-specific/linux/evdi/default.nix +++ b/pkgs/os-specific/linux/evdi/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "evdi"; - version = "unstable-20200416"; + version = "v1.7.2"; src = fetchFromGitHub { owner = "DisplayLink"; repo = pname; - rev = "dc595db636845aef39490496bc075f6bf067106c"; - sha256 = "1yrny6jj9403z0rxbd3nxf49xc4w0rfpl7xsq03pq32pb3vlbqw7"; + rev = version; + sha256 = "074j0xh037n8mc4isihfz9lap57wvxaxib32pvy6jhjl3wyik632"; }; nativeBuildInputs = kernel.moduleBuildDependencies; diff --git a/pkgs/os-specific/linux/firmware/rtl8761b-firmware/default.nix b/pkgs/os-specific/linux/firmware/rtl8761b-firmware/default.nix new file mode 100644 index 0000000000000..4418722c7c45f --- /dev/null +++ b/pkgs/os-specific/linux/firmware/rtl8761b-firmware/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation { + name = "rtl8761b-firmware"; + + src = fetchFromGitHub { + owner = "Realtek-OpenSource"; + repo = "android_hardware_realtek"; + rev = "rtk1395"; + sha256 = "sha256-vd9sZP7PGY+cmnqVty3sZibg01w8+UNinv8X85B+dzc="; + }; + + installPhase = '' + install -D -pm644 \ + bt/rtkbt/Firmware/BT/rtl8761b_fw \ + $out/lib/firmware/rtl_bt/rtl8761b_fw.bin + + install -D -pm644 \ + bt/rtkbt/Firmware/BT/rtl8761b_config \ + $out/lib/firmware/rtl_bt/rtl8761b_config.bin + ''; + + meta = with stdenv.lib; { + description = "Firmware for Realtek RTL8761b"; + license = licenses.unfreeRedistributableFirmware; + maintainers = with maintainers; [ edibopp ]; + platforms = with platforms; linux; + }; +} diff --git a/pkgs/os-specific/linux/intel-compute-runtime/default.nix b/pkgs/os-specific/linux/intel-compute-runtime/default.nix index e33a40e6a85f3..7b8c2197d706b 100644 --- a/pkgs/os-specific/linux/intel-compute-runtime/default.nix +++ b/pkgs/os-specific/linux/intel-compute-runtime/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "intel-compute-runtime"; - version = "20.33.17675"; + version = "20.34.17727"; src = fetchFromGitHub { owner = "intel"; repo = "compute-runtime"; rev = version; - sha256 = "1ckzspf05skdrjh947gv96finxbv5dpgc84hppm5pdsp5q70iyxp"; + sha256 = "19scbbr6jf3yp2v7z8xyzzm01g44jym7xfkf1dz64d5nhvjw6ig5"; }; nativeBuildInputs = [ cmake pkgconfig ]; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index ea7ed2076428e..0ea36ce8f4405 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -10,13 +10,13 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.163.a/linux-hardened-4.19.163.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.84.a.patch", - "sha256": "1pwij0bxgf61ahi6fa8qwrr85yhx92z4sif71kdgxkbwcw9qwyzs", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.84.a/linux-hardened-5.4.84.a.patch" + "name": "linux-hardened-5.4.85.a.patch", + "sha256": "1ml9vpakhpxry29c4q0fz346ly7s3hwd7rasr4dzkgs71lm5a1sy", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.85.a/linux-hardened-5.4.85.a.patch" }, "5.9": { - "name": "linux-hardened-5.9.15.a.patch", - "sha256": "1iqkw4mnr1p9wzfmjy5lawc6cn9wvg05xsak24fzbp1i22h4dfz4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.15.a/linux-hardened-5.9.15.a.patch" + "name": "linux-hardened-5.9.16.a.patch", + "sha256": "024wdzc9bwgr4nd4z0l6bazcl35jczhsmdl2lb26bvffjwg207rw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.16.a/linux-hardened-5.9.16.a.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index db7ff9c912a54..411a88d929346 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.10.1"; + version = "5.10.2"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0p2fl7kl4ckphq17xir7n7vgrzlhbdqmyd2yyp4yilwvih9625pd"; + sha256 = "18l1ywp99inm90434fm74w8rjfl4yl974kfcpizg2sp2p8xf311v"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index cee3d136d6d67..0d504ff334a46 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.84"; + version = "5.4.85"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "058mhczv6whjwxn7jjh1c6n5zrqjdnvbl2mp7jkfrg6frpvgr189"; + sha256 = "0220k327aa7gg48fqw171mcng8h717c4a1v14r3q36ksirnmiqqx"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.9.nix b/pkgs/os-specific/linux/kernel/linux-5.9.nix index 9e740c0c2a6fd..39cc9c56c5fcc 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.9.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.9.15"; + version = "5.9.16"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1vhaayqjv1ha3nsxy9zbsz497ba4d4a1g0gfhgxcvci8dp8djh2p"; + sha256 = "11mbnjvb5d5gwbrwlkqvzpg1ij4m19l5wr3wca9iiyg5i2papmxh"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index dfb4cb9cc86aa..07a74c1077115 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.1-rt19"; # updated by ./update-rt.sh + version = "5.10.1-rt20"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -25,7 +25,7 @@ in buildLinux (args // { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0hihi7p866alh03ziz8q1l0p3sxi437h4a45c5dlv9lrg6f177qb"; + sha256 = "0z8ljfcn908hzjl11fkmwrx2r7j0hcgpx07g21ag162qrn6g5qby"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix index 9f64abc55a02a..25e3172b0f3a6 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.4.82-rt45"; # updated by ./update-rt.sh + version = "5.4.84-rt47"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -14,14 +14,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1byx163v83aw0ixphwz20znml2s2n3cy1kp89vgwbdiqxbj5hi7v"; + sha256 = "058mhczv6whjwxn7jjh1c6n5zrqjdnvbl2mp7jkfrg6frpvgr189"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0nh7d5b81br3cpljmn5n7lgn877h02aal95782hiflv7cmrb597r"; + sha256 = "0nccxf9l9ycvb782f48zrbl59vi674qq7yjyaks97440pgyd1jg0"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix index 81dcb5d4563b8..dd9ce3e080a38 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix @@ -1,14 +1,14 @@ { stdenv, buildPackages, fetchFromGitHub, fetchpatch, perl, buildLinux, ... } @ args: buildLinux (args // { - version = "5.8.0-2020.09.07"; - modDirVersion = "5.8.0"; + version = "5.9.0-2020.11.20"; + modDirVersion = "5.9.0"; src = fetchFromGitHub { owner = "koverstreet"; repo = "bcachefs"; - rev = "fb2821e72648f35d3cff61ac26041d634fd1dacf"; - sha256 = "0f9hx6fz27rm8h1lk9868v727klvyzcbw6hcgm5mypbfq1nqirdy"; + rev = "6a505b63ed3003faf5000f19fd08bbd477d93fbc"; + sha256 = "1rf34gzv9npafp1c3i6lymk3b0gnqp4rb0wl33pw6yrpgnsry3cc"; }; extraConfig = "BCACHEFS_FS m"; diff --git a/pkgs/os-specific/linux/kernel/linux-zen.nix b/pkgs/os-specific/linux/kernel/linux-zen.nix index 5ac81d6ebb94c..fd06b2f821721 100644 --- a/pkgs/os-specific/linux/kernel/linux-zen.nix +++ b/pkgs/os-specific/linux/kernel/linux-zen.nix @@ -1,7 +1,7 @@ { stdenv, fetchFromGitHub, buildLinux, ... } @ args: let - version = "5.9.14"; + version = "5.10.1"; in buildLinux (args // { @@ -13,11 +13,11 @@ buildLinux (args // { owner = "zen-kernel"; repo = "zen-kernel"; rev = "v${version}-zen1"; - sha256 = "1b8pm80z49d7qk9mvdf9w3hih34pilqr1zjk110q5im1kdz81zrg"; + sha256 = "1c77x53ixyn64b4qq6br6ckicmjs316c8k08yfxibmhv72av1wcp"; }; extraMeta = { - branch = "5.9/master"; + branch = "5.10/master"; maintainers = with stdenv.lib.maintainers; [ atemu andresilva ]; }; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index e2805c315b8bf..23c01d0419215 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -76,6 +76,13 @@ }; }; + # Adapted for Linux 5.4 from: + # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04896832c94aae4842100cafb8d3a73e1bed3a45 + rtl8761b_support = + { name = "rtl8761b-support"; + patch = ./rtl8761b-support.patch; + }; + export_kernel_fpu_functions = { "4.14" = { name = "export_kernel_fpu_functions"; diff --git a/pkgs/os-specific/linux/kernel/rtl8761b-support.patch b/pkgs/os-specific/linux/kernel/rtl8761b-support.patch new file mode 100644 index 0000000000000..b6d80d5bc8d32 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/rtl8761b-support.patch @@ -0,0 +1,33 @@ +diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c +index 67f4bc21e7c5..3a9afc905f24 100644 +--- a/drivers/bluetooth/btrtl.c ++++ b/drivers/bluetooth/btrtl.c +@@ -130,12 +130,19 @@ static const struct id_table ic_id_table[] = { + .cfg_name = "rtl_bt/rtl8821c_config" }, + + /* 8761A */ +- { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8761A, 0x0, ++ { IC_INFO(RTL_ROM_LMP_8761A, 0xa), + .config_needed = false, + .has_rom_version = true, + .fw_name = "rtl_bt/rtl8761a_fw.bin", + .cfg_name = "rtl_bt/rtl8761a_config" }, + ++ /* 8761B */ ++ { IC_INFO(RTL_ROM_LMP_8761A, 0xb), ++ .config_needed = false, ++ .has_rom_version = true, ++ .fw_name = "rtl_bt/rtl8761b_fw.bin", ++ .cfg_name = "rtl_bt/rtl8761b_config" }, ++ + /* 8822C with USB interface */ + { IC_INFO(RTL_ROM_LMP_8822B, 0xc), + .config_needed = false, +@@ -251,6 +258,7 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, + { RTL_ROM_LMP_8723B, 9 }, /* 8723D */ + { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ + { RTL_ROM_LMP_8822B, 13 }, /* 8822C */ ++ { RTL_ROM_LMP_8761A, 14 }, /* 8761B */ + }; + + min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3; diff --git a/pkgs/os-specific/linux/keyutils/default.nix b/pkgs/os-specific/linux/keyutils/default.nix index fb06f942e482b..fe9cb46fb8a92 100644 --- a/pkgs/os-specific/linux/keyutils/default.nix +++ b/pkgs/os-specific/linux/keyutils/default.nix @@ -23,6 +23,8 @@ stdenv.mkDerivation rec { ./conf-symlink.patch ]; + makeFlags = stdenv.lib.optionals stdenv.hostPlatform.isStatic "NO_SOLIB=1"; + BUILDDATE = "1970-01-01"; outputs = [ "out" "lib" "dev" ]; diff --git a/pkgs/os-specific/linux/libpsm2/default.nix b/pkgs/os-specific/linux/libpsm2/default.nix index b9e41380da8cd..501453b88216b 100644 --- a/pkgs/os-specific/linux/libpsm2/default.nix +++ b/pkgs/os-specific/linux/libpsm2/default.nix @@ -2,8 +2,7 @@ stdenv.mkDerivation rec { pname = "libpsm2"; - version = "11.2.156"; - ifs_version = "10_10_2_0_44"; + version = "11.2.185"; preConfigure= '' export UDEVDIR=$out/etc/udev @@ -14,7 +13,7 @@ stdenv.mkDerivation rec { buildInputs = [ numactl pkgconfig ]; - installFlags = [ + installFlags = [ "DESTDIR=$(out)" "UDEVDIR=/etc/udev" "LIBPSM2_COMPAT_CONF_DIR=/etc" @@ -23,8 +22,8 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "intel"; repo = "opa-psm2"; - rev = "IFS_RELEASE_${ifs_version}"; - sha256 = "0ckrfzih1ga9yvximxjdh0z05kn9l858ykqiblv18w6ka3gra1xz"; + rev = "PSM2_${version}"; + sha256 = "062hg4r6gz7pla9df70nqs5i2a3mp1wszmp4l0g771fykhhrxsjg"; }; postInstall = '' diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index e3407f8fe5f1a..b9af74906b49d 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -29,16 +29,20 @@ rec { } else legacy_390; - # No active beta right now - beta = stable; + beta = generic { + version = "460.27.04"; + sha256_64bit = "plTqtc5QZQwM0f3MeMZV0N5XOiuSXCCDklL/qyy8HM8="; + settingsSha256 = "hU9J0VSrLXs7N14zq6U5LbBLZXEIyTfih/Bj6eFcMf0="; + persistencedSha256 = "PmqhoPskqhJe2FxMrQh9zX1BWQCR2kkfDwvA89+XALA="; + }; # Vulkan developer beta driver # See here for more information: https://developer.nvidia.com/vulkan-driver vulkan_beta = generic rec { - version = "455.46.02"; + version = "455.46.04"; persistencedVersion = "455.45.01"; settingsVersion = "455.45.01"; - sha256_64bit = "05y4scg62mrhjnj2c8689m5hdyzqnx5p8vqvdqvv76zy970723l7"; + sha256_64bit = "1iv42w3x1vc00bgn6y4w1hnfsvnh6bvj3vcrq8hw47760sqwa4xa"; settingsSha256 = "09v86y2c8xas9ql0bqr7vrjxx3if6javccwjzyly11dzffm02h7g"; persistencedSha256 = "13s4b73il0lq2hs81q03176n16mng737bfsp3bxnxgnrv3whrayz"; url = "https://developer.nvidia.com/vulkan-beta-${lib.concatStrings (lib.splitString "." version)}-linux"; diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix index 3ab1ae28a7b57..b8cdda5a69a5e 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix @@ -1,46 +1,52 @@ -{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }: +{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }: stdenv.mkDerivation rec { - name = "pam_ssh_agent_auth-0.10.3"; + pname = "pam_ssh_agent_auth"; + version = "0.10.4"; - src = fetchurl { - url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2"; - sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw"; + src = fetchFromGitHub { + owner = "jbeverly"; + repo = "pam_ssh_agent_auth"; + rev = "pam_ssh_agent_auth-${version}"; + sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs="; }; - patches = - [ # Allow multiple colon-separated authorized keys files to be - # specified in the file= option. - ./multiple-key-files.patch - (fetchpatch { - name = "openssl-1.1.1-1.patch"; - url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch"; - sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf"; - }) - (fetchpatch { - name = "openssl-1.1.1-2.patch"; - url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch"; - sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww"; - }) - ]; + ed25519-donna = fetchFromGitHub { + owner = "floodyberry"; + repo = "ed25519-donna"; + rev = "8757bd4cd209cb032853ece0ce413f122eef212c"; + sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM="; + }; buildInputs = [ pam openssl perl ]; - # It's not clear to me why this is necessary, but without it, you see: - # - # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) - # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019) - # checking whether OpenSSL's headers match the library... no - # configure: WARNING: Your OpenSSL headers do not match your - # library. Check config.log for details. - # - # ...despite the fact that clearly the values match - configureFlags = [ "--without-openssl-header-check" ]; + patches = [ + # Allow multiple colon-separated authorized keys files to be + # specified in the file= option. + ./multiple-key-files.patch + ]; + + configureFlags = [ + # It's not clear to me why this is necessary, but without it, you see: + # + # checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020) + # checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020) + # checking whether OpenSSL's headers match the library... no + # configure: WARNING: Your OpenSSL headers do not match your + # library. Check config.log for details. + # + # ...despite the fact that clearly the values match + "--without-openssl-header-check" + # Make sure it can find ed25519-donna + "--with-cflags=-I$PWD" + ]; + + prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/."; enableParallelBuilding = true; meta = { - homepage = "http://pamsshagentauth.sourceforge.net/"; + homepage = "https://github.com/jbeverly/pam_ssh_agent_auth"; description = "PAM module for authentication through the SSH agent"; maintainers = [ stdenv.lib.maintainers.eelco ]; platforms = stdenv.lib.platforms.linux; diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch index 190325251c9a6..71d8e08ecd0bc 100644 --- a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch +++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch @@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0 /* * PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter. -@@ -187,16 +184,17 @@ +@@ -184,5 +181,5 @@ */ if(user && strlen(ruser) > 0) { - pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); + pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input); +@@ -201,3 +197,3 @@ + retval = PAM_SUCCESS; +- pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file); ++ pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input); + +@@ -211,11 +208,12 @@ /* * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user */ - if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */ -- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file); +- pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file); + const char *key_file; + if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */ -+ pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file); ++ pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file); retval = PAM_SUCCESS; } else { - pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix index 7399ac90586c9..59cc59d7714d4 100644 --- a/pkgs/os-specific/linux/shadow/default.nix +++ b/pkgs/os-specific/linux/shadow/default.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt, libxml2 -, docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison +{ stdenv, nixosTests, fetchpatch, fetchFromGitHub, autoreconfHook, libxslt +, libxml2 , docbook_xml_dtd_45, docbook_xsl, itstool, flex, bison , pam ? null, glibcCross ? null }: @@ -86,5 +86,6 @@ stdenv.mkDerivation rec { passthru = { shellPath = "/bin/nologin"; + tests = { inherit (nixosTests) shadow; }; }; } diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index f1a0f06eb5870..e6cb589c9bfee 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -111,7 +111,7 @@ assert withCryptsetup -> let wantCurl = withRemote || withImportd; - version = "247"; + version = "247.2"; in stdenv.mkDerivation { inherit version pname; @@ -120,9 +120,9 @@ stdenv.mkDerivation { # This has proven to be less error-prone than the previous systemd fork. src = fetchFromGitHub { owner = "systemd"; - repo = "systemd"; + repo = "systemd-stable"; rev = "v${version}"; - sha256 = "1nwsr6p65zy5jpabvjbszq5g556l1npaf2xsik4p4pvjjwnn1nx6"; + sha256 = "091pwrvxz3gcf80shlp28d6l4gvjzc6pb61v4mwxmk9d71qaq7ry"; }; # If these need to be regenerated, `git am path/to/00*.patch` them into a diff --git a/pkgs/os-specific/linux/tomb/default.nix b/pkgs/os-specific/linux/tomb/default.nix index 9a21aab9f256f..0c5a02061b82d 100644 --- a/pkgs/os-specific/linux/tomb/default.nix +++ b/pkgs/os-specific/linux/tomb/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "tomb"; - version = "2.8"; + version = "2.8.1"; src = fetchFromGitHub { owner = "dyne"; repo = "Tomb"; rev = "v${version}"; - sha256 = "sha256-bmkUwj0FFq51MUPbNK7xsyyq4swjZcwFeMwOO3fXCzA="; + sha256 = "03zj9az5626kjg96rkqr5sjydqwlrzhz0gq35r62sajv6mn2qm6s"; }; buildInputs = [ sudo zsh pinentry ]; diff --git a/pkgs/os-specific/linux/util-linux/default.nix b/pkgs/os-specific/linux/util-linux/default.nix index ac6ad8a4bb768..4f8f7cae7f8a8 100644 --- a/pkgs/os-specific/linux/util-linux/default.nix +++ b/pkgs/os-specific/linux/util-linux/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "util-linux"; - version = "2.36"; + version = "2.36.1"; src = fetchurl { url = "mirror://kernel/linux/utils/util-linux/v${lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "1cg0m4psswg71v6wrqc2bngcw20fsp01vbijxdzvdf8kxdkiqjwy"; + sha256 = "1vbyydl1b13lx73di4bhc4br9ih24hcqv7bky0kyrn1c2x1c5yh9"; }; patches = [ |