Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Adding `systemd-importd` to the build, so that `machinectl`s `import-.*`
may actually do anything. Currently they fail with
```
Failed to transfer image: The name org.freedesktop.import1 was not provided by any .service files
```
as `systemd-importd` is not built. Also registers the regarding dbus
api and service in the systemd module.
|
|
Increase the system user id range
|
|
See: https://github.com/NixOS/systemd/pull/33
|
|
This enlarges the system uid/gid range 6-fold, from 100 to 600 ids. This
is a preventative measure against running out of dynamically allocated
ids for NixOS services with isSystemUser, which should become the
preferred way of allocating uids for non-real users.
|
|
|
|
|
|
Instead of referencing the impure /bin/sh, use a proper bash from the store.
|
|
|
|
systemd: cleanup unused variable and containing 'let' (NFCI)
|
|
|
|
This change was re-introduced when updating to systemd 243.
Also see: https://github.com/NixOS/nixpkgs/pull/67858
|
|
|
|
Since D-Bus 1.9.18 configuration files installed by third-party should
go in share/dbus-1/system.d. The old location is for sysadmin overrides.
|
|
The new systemd in 19.09 gives an "Access Denied" error when doing
"systemctl daemon-reexec" on an 19.03 system. The fix is to use the
previous systemctl to signal the daemon to re-exec itself. This
ensures that users don't have to reboot when upgrading from NixOS
19.03 to 19.09.
|
|
This seems to be inlined directly later, FWIW.
|
|
|
|
|
|
|
|
|
|
More details at: https://www.openwall.com/lists/oss-security/2019/09/03/1
|
|
|
|
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
|
|
|
|
from https://github.com/NixOS/systemd/pull/29
|
|
* treewide: remove unused variables
* making ofborg happy
|
|
On aarch64 we "leak" a reference to $out/lib/systemd/catalog in the lib
output. The result of that is a dependency cycle between $out and $lib.
Thus nix (rightfully) marks the build as failed. That reference
originates from an array of strings (catalog_file_dirs) in systemd
(src/src/journal/catalog.{c,h}). The only consumer (as of v242) of the
symbol is the main function of journalctl. Still libsystemd.so contains
the VALUE but not the symbol. Systemd seems to be properly using
function & data sections together with the linker flags to garbage
collect unused sections (-Wl,--gc-sections). For unknown reasons those
flags do not eliminate the unused string constants, in this case on
aarch64-linux. The hacky way is to just remove the reference after we
finished compiling. Since it can not be used (there is no symbol to
actually refer to it) there should not be any harm. It is a bit odd and
I really do not like starting these kind of hacks but there doesn't seem
to be a straight forward way at this point in time.
The reference will be replaced by the same reference the usual nukeRefs
tooling uses. The standard tooling can not / should not be uesd since
it is a bit too excessive and could potentially do us some (more) harm.
|
|
We are currently not running any tests but building them takes
signitifcant amounts of time since they account to about 40% of all the
compilation targets.
|
|
|
|
|
|
|
|
|
|
it’s almost always a better idea to use getBin instead of .bin.
Otherwise, we could get an evaluation error if utillinux is missing
the bin otuput.
|
|
The current approach will fail when enough time has passed. We ideally
want to be reproducible even in a few years of time. So we should pick
the sources of patches wisely as otherwise we can not do that.
|
|
Fix CVE-2019-6454.
|
|
It got broken by 74a64a8a6 #53483.
But IMO it's *this* expression that was written in a too fragile way.
|
|
Fixes CVE-2018-16864 & CVE-2018-16865 (journald stack clash). Fixes #53755.
Also updates the debian patches to fix CVE-2018-15686. Fixes #52250.
|
|
There are some security fixes among those.
|
|
This reverts commit d1de23b8302d02d4699e884533906a3992f370b6.
The changes turned out to be too intrusive, so we'll patch instead.
Discussion: https://github.com/NixOS/systemd/pull/24
|
|
Fixes CVE-2018-15688 and updates latest upstream stable v239 branch.
See https://github.com/NixOS/systemd/pull/24 for details.
Co-authored-by: Andreas Rammhold <andreas@rammhold.de>
|
|
|
|
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
|
|
This fixes nspawn containers with older systemd inside currently failing
to start.
See:
https://github.com/NixOS/systemd/pull/23
https://github.com/systemd/systemd/pull/10104
https://github.com/NixOS/nixpkgs/issues/47253
|
|
A few trivial conflicts due to *Platforms mass replace.
|
|
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
|
|
Include fix by @aszlig to fix remount with comment/application-specific
fstab options.
|
|
This fixes the build.
|
|
|
|
|
|
|