2021-03-09 03:18:52 +00:00
# NOTE: Make sure to (re-)format this file on changes with `nixpkgs-fmt`!
2020-11-12 09:05:59 +00:00
{ stdenv
, lib
2021-12-19 01:06:50 +00:00
, nixosTests
2020-11-12 09:05:59 +00:00
, fetchFromGitHub
2020-12-25 13:55:36 +00:00
, fetchpatch
2021-12-06 16:07:01 +00:00
, fetchzip
2020-04-24 23:36:52 +00:00
, buildPackages
2022-10-30 15:09:59 +00:00
, makeBinaryWrapper
2020-11-12 09:05:59 +00:00
, ninja
, meson
, m4
2021-02-05 17:12:51 +00:00
, pkg-config
2020-11-12 09:05:59 +00:00
, coreutils
, gperf
, getent
, glibcLocales
2022-04-15 01:41:22 +00:00
# glib is only used during tests (test-bus-gvariant, test-bus-marshal)
2020-11-12 09:05:59 +00:00
, glib
, substituteAll
, gettext
, python3Packages
# Mandatory dependencies
2020-11-06 00:33:48 +00:00
, libcap
2020-11-24 20:58:05 +00:00
, util-linux
2020-11-06 00:33:48 +00:00
, kbd
, kmod
2022-10-30 15:09:59 +00:00
, libxcrypt
2020-11-06 00:33:48 +00:00
2020-11-12 09:05:59 +00:00
# Optional dependencies
, pam
, cryptsetup
, audit
, acl
, lz4
, libgcrypt
2021-10-08 15:17:17 +00:00
, libgpg-error
2020-11-12 09:05:59 +00:00
, libidn2
, curl
, gnutar
, gnupg
, zlib
, xz
2021-12-26 17:43:05 +00:00
, zstd
2021-09-26 12:46:18 +00:00
, tpm2-tss
2020-11-12 09:05:59 +00:00
, libuuid
, libapparmor
, intltool
, bzip2
, pcre2
, e2fsprogs
2021-12-26 17:43:05 +00:00
, elfutils
2020-11-06 00:33:48 +00:00
, linuxHeaders ? stdenv . cc . libc . linuxHeaders
, gnu-efi
, iptables
2020-11-12 09:05:59 +00:00
, withSelinux ? false
, libselinux
2021-05-20 23:08:51 +00:00
, withLibseccomp ? lib . meta . availableOn stdenv . hostPlatform libseccomp
2020-11-12 09:05:59 +00:00
, libseccomp
2021-09-18 10:52:07 +00:00
, withKexectools ? lib . meta . availableOn stdenv . hostPlatform kexec-tools
, kexec-tools
2020-11-06 00:33:48 +00:00
, bashInteractive
2020-11-12 09:05:59 +00:00
, libmicrohttpd
2022-04-15 01:41:22 +00:00
, libfido2
, p11-kit
2020-11-06 00:33:48 +00:00
2022-04-15 01:41:22 +00:00
# the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to be available during build time.
2021-09-26 12:46:18 +00:00
# Only libbpf should be a runtime dependency.
2023-01-11 07:51:40 +00:00
# Note: llvmPackages is explicitly taken from buildPackages instead of relying
# on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages
# which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc
# which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we explicitly
# take buildPackages.llvmPackages, this is no problem because
# `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to us. Working
# around this is important, because systemd is in the dependency closure of
# GHC via emscripten and jdk.
2021-09-26 12:46:18 +00:00
, bpftools
, libbpf
2020-11-12 09:05:59 +00:00
, withAnalyze ? true
, withApparmor ? true
2021-12-26 17:43:05 +00:00
, withCompression ? true # adds bzip2, lz4, xz and zstd
2020-11-30 08:33:03 +00:00
, withCoredump ? true
2020-11-12 09:05:59 +00:00
, withCryptsetup ? true
, withDocumentation ? true
2022-12-17 10:02:37 +00:00
, withEfi ? stdenv . hostPlatform . isEfi && ! stdenv . hostPlatform . isMusl
2021-09-26 12:46:18 +00:00
, withFido2 ? true
2023-01-20 10:41:00 +00:00
, withHomed ? ! stdenv . hostPlatform . isMusl
2020-11-06 00:33:48 +00:00
, withHostnamed ? true
2020-11-12 09:05:59 +00:00
, withHwdb ? true
2021-12-06 16:07:01 +00:00
, withImportd ? ! stdenv . hostPlatform . isMusl
2023-01-11 07:51:40 +00:00
, withLibBPF ? lib . versionAtLeast buildPackages . llvmPackages . clang . version " 1 0 . 0 "
2023-02-02 18:25:31 +00:00
&& stdenv . hostPlatform . isAarch -> lib . versionAtLeast stdenv . hostPlatform . parsed . cpu . version " 6 " # assumes hard floats
2023-01-20 10:41:00 +00:00
&& ! stdenv . hostPlatform . isMips64 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211
2020-11-06 00:33:48 +00:00
, withLocaled ? true
2020-11-12 09:05:59 +00:00
, withLogind ? true
, withMachined ? true
2020-11-06 00:33:48 +00:00
, withNetworkd ? true
2021-12-06 16:07:01 +00:00
, withNss ? ! stdenv . hostPlatform . isMusl
2022-09-09 14:08:57 +00:00
, withOomd ? true
2020-11-12 09:05:59 +00:00
, withPCRE2 ? true
, withPolkit ? true
2022-10-30 15:09:59 +00:00
, withPortabled ? ! stdenv . hostPlatform . isMusl
2021-12-06 16:07:01 +00:00
, withRemote ? ! stdenv . hostPlatform . isMusl
2020-11-12 09:05:59 +00:00
, withResolved ? true
, withShellCompletions ? true
2020-11-06 00:33:48 +00:00
, withTimedated ? true
, withTimesyncd ? true
2022-09-30 11:47:45 +00:00
, withTpm2Tss ? true
, withUserDb ? true
2022-09-14 18:05:37 +00:00
, withUtmp ? ! stdenv . hostPlatform . isMusl
2022-04-15 01:41:22 +00:00
# tests assume too much system access for them to be feasible for us right now
, withTests ? false
2020-11-06 00:33:48 +00:00
2020-11-12 09:05:59 +00:00
# name argument
2020-11-06 00:33:48 +00:00
, pname ? " s y s t e m d "
2020-11-12 09:05:59 +00:00
, libxslt
, docbook_xsl
, docbook_xml_dtd_42
, docbook_xml_dtd_45
2020-04-24 23:36:52 +00:00
} :
2022-09-22 12:36:57 +00:00
assert withImportd -> withCompression ;
2020-11-12 09:05:59 +00:00
assert withCoredump -> withCompression ;
assert withHomed -> withCryptsetup ;
2020-11-06 00:33:48 +00:00
2020-09-25 04:45:31 +00:00
let
2020-11-12 09:05:59 +00:00
wantCurl = withRemote || withImportd ;
2022-04-15 01:41:22 +00:00
wantGcrypt = withResolved || withImportd ;
2023-02-16 17:41:37 +00:00
version = " 2 5 2 . 5 " ;
2022-04-15 01:41:22 +00:00
# Bump this variable on every (major) version change. See below (in the meson options list) for why.
# command:
# $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \
# jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime'
2022-12-17 10:02:37 +00:00
releaseTimestamp = " 1 6 6 7 2 4 6 3 9 3 " ;
2020-11-12 09:05:59 +00:00
in
2021-09-26 12:46:18 +00:00
stdenv . mkDerivation {
inherit pname version ;
2020-04-24 23:36:52 +00:00
2020-09-25 04:45:31 +00:00
# We use systemd/systemd-stable for src, and ship NixOS-specific patches inside nixpkgs directly
# This has proven to be less error-prone than the previous systemd fork.
2020-04-24 23:36:52 +00:00
src = fetchFromGitHub {
owner = " s y s t e m d " ;
repo = " s y s t e m d - s t a b l e " ;
2020-09-25 04:45:31 +00:00
rev = " v ${ version } " ;
2023-02-16 17:41:37 +00:00
hash = " s h a 2 5 6 - c N Z R T u Y F M R 1 z 6 K p E L e Q o J a h M h R l 4 f K u R u c 3 x X H 3 K z l M = " ;
2020-04-24 23:36:52 +00:00
} ;
2022-04-15 01:41:22 +00:00
# On major changes, or when otherwise required, you *must* reformat the patches,
# `git am path/to/00*.patch` them into a systemd worktree, rebase to the more recent
2022-08-12 12:06:08 +00:00
# systemd version, and export the patches again via
# `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`.
2020-12-25 13:55:36 +00:00
# Use `find . -name "*.patch" | sort` to get an up-to-date listing of all patches
2020-04-24 23:36:52 +00:00
patches = [
./0001-Start-device-units-for-uninitialised-encrypted-devic.patch
2020-05-15 21:57:56 +00:00
./0002-Don-t-try-to-unmount-nix-or-nix-store.patch
./0003-Fix-NixOS-containers.patch
./0004-Look-for-fsck-in-the-right-place.patch
./0005-Add-some-NixOS-specific-unit-directories.patch
./0006-Get-rid-of-a-useless-message-in-user-sessions.patch
./0007-hostnamed-localed-timedated-disable-methods-that-cha.patch
./0008-Fix-hwdb-paths.patch
./0009-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch
./0010-localectl-use-etc-X11-xkb-for-list-x11.patch
./0011-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch
2022-08-12 12:06:08 +00:00
./0012-add-rootprefix-to-lookup-dir-paths.patch
./0013-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch
./0014-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch
./0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
./0016-pkg-config-derive-prefix-from-prefix.patch
./0017-inherit-systemd-environment-when-calling-generators.patch
2022-10-30 15:09:59 +00:00
./0018-core-don-t-taint-on-unmerged-usr.patch
2023-02-02 18:25:31 +00:00
./0019-tpm2_context_init-fix-driver-name-checking.patch
2022-04-15 01:41:22 +00:00
] ++ lib . optional stdenv . hostPlatform . isMusl (
let
oe-core = fetchzip {
2023-01-20 10:41:00 +00:00
url = " h t t p s : / / g i t . o p e n e m b e d d e d . o r g / o p e n e m b e d d e d - c o r e / s n a p s h o t / o p e n e m b e d d e d - c o r e - c c c d 4 b c a f 3 8 1 c 2 7 2 9 a d c 0 0 0 3 8 1 b d 8 9 9 0 6 0 0 3 e 7 2 a . t a r . g z " ;
sha256 = " 2 C F Z E z W q U y 6 O O F 3 c + L N 4 Z m y 3 R q M z f d R H p + B 5 z l W J s o E = " ;
2022-04-15 01:41:22 +00:00
} ;
2023-01-20 10:41:00 +00:00
musl-patches = oe-core + " / m e t a / r e c i p e s - c o r e / s y s t e m d / s y s t e m d " ;
2022-04-15 01:41:22 +00:00
in
[
2022-08-12 12:06:08 +00:00
( musl-patches + " / 0 0 0 3 - m i s s i n g _ t y p e . h - a d d - c o m p a r i s o n _ f n _ t . p a t c h " )
2022-04-15 01:41:22 +00:00
( musl-patches + " / 0 0 0 4 - a d d - f a l l b a c k - p a r s e _ p r i n t f _ f o r m a t - i m p l e m e n t a t i o n . p a t c h " )
( musl-patches + " / 0 0 0 5 - s r c - b a s i c - m i s s i n g . h - c h e c k - f o r - m i s s i n g - s t r n d u p a . p a t c h " )
( musl-patches + " / 0 0 0 7 - d o n - t - f a i l - i f - G L O B _ B R A C E - a n d - G L O B _ A L T D I R F U N C - i s - n o t - . p a t c h " )
( musl-patches + " / 0 0 0 8 - a d d - m i s s i n g - F T W _ - m a c r o s - f o r - m u s l . p a t c h " )
( musl-patches + " / 0 0 1 0 - U s e - u i n t m a x _ t - f o r - h a n d l i n g - r l i m _ t . p a t c h " )
( musl-patches + " / 0 0 1 1 - t e s t - s i z e o f . c - D i s a b l e - t e s t s - f o r - m i s s i n g - t y p e d e f s - i n - . p a t c h " )
( musl-patches + " / 0 0 1 2 - d o n - t - p a s s - A T _ S Y M L I N K _ N O F O L L O W - f l a g - t o - f a c c e s s a t . p a t c h " )
( musl-patches + " / 0 0 1 3 - D e f i n e - g l i b c - c o m p a t i b l e - b a s e n a m e - f o r - n o n - g l i b c - s y s t e . p a t c h " )
( musl-patches + " / 0 0 1 4 - D o - n o t - d i s a b l e - b u f f e r i n g - w h e n - w r i t i n g - t o - o o m _ s c o r e _ a . p a t c h " )
( musl-patches + " / 0 0 1 5 - d i s t i n g u i s h - X S I - c o m p l i a n t - s t r e r r o r _ r - f r o m - G N U - s p e c i f . p a t c h " )
( musl-patches + " / 0 0 1 8 - a v o i d - r e d e f i n i t i o n - o f - p r c t l _ m m _ m a p - s t r u c t u r e . p a t c h " )
( musl-patches + " / 0 0 2 2 - d o - n o t - d i s a b l e - b u f f e r - i n - w r i t i n g - f i l e s . p a t c h " )
( musl-patches + " / 0 0 2 5 - H a n d l e - _ _ c p u _ m a s k - u s a g e . p a t c h " )
( musl-patches + " / 0 0 2 6 - H a n d l e - m i s s i n g - g s h a d o w . p a t c h " )
( musl-patches + " / 0 0 2 8 - m i s s i n g _ s y s c a l l . h - D e f i n e - M I P S - A B I - d e f i n e s - f o r - m u s l . p a t c h " )
( musl-patches + " / 0 0 0 1 - p a s s - c o r r e c t - p a r a m e t e r s - t o - g e t d e n t s 6 4 . p a t c h " )
( musl-patches + " / 0 0 0 2 - A d d - s y s - s t a t . h - f o r - S _ I F D I R . p a t c h " )
( musl-patches + " / 0 0 0 1 - A d j u s t - f o r - m u s l - h e a d e r s . p a t c h " )
2023-01-20 10:41:00 +00:00
( musl-patches + " / 0 0 0 1 - t e s t - b u s - e r r o r - s t r e r r o r - i s - a s s u m e d - t o - b e - G N U - s p e c i f i . p a t c h " )
2022-04-15 01:41:22 +00:00
]
) ;
2020-04-24 23:36:52 +00:00
postPatch = ''
substituteInPlace src/basic/path-util.h - - replace " @ d e f a u l t P a t h N o r m a l @ " " ${ placeholder " o u t " } / b i n / "
2020-06-18 07:06:33 +00:00
substituteInPlace src/boot/efi/meson.build \
- - replace \
2022-08-12 12:06:08 +00:00
" r u n _ c o m m a n d ( c c . c m d _ a r r a y ( ) , ' - p r i n t - p r o g - n a m e = o b j c o p y ' , c h e c k : t r u e ) . s t d o u t ( ) . s t r i p ( ) " \
" ' ${ stdenv . cc . bintools . targetPrefix } o b j c o p y ' "
2022-09-14 18:05:37 +00:00
'' + l i b . o p t i o n a l S t r i n g w i t h L i b B P F ''
substituteInPlace meson . build \
- - replace " f i n d _ p r o g r a m ( ' c l a n g ' " " f i n d _ p r o g r a m ( ' ${ stdenv . cc . targetPrefix } c l a n g ' "
# BPF does not work with stack protector
substituteInPlace src/core/bpf/meson.build \
- - replace " c l a n g _ f l a g s = [ " " c l a n g _ f l a g s = [ ' - f n o - s t a c k - p r o t e c t o r ' , "
2021-03-09 03:18:52 +00:00
'' + (
let
2022-04-15 01:41:22 +00:00
# The following patches references to dynamic libraries to ensure that
2021-09-26 12:46:18 +00:00
# all the features that are implemented via dlopen(3) are available (or
# explicitly deactivated) by pointing dlopen to the absolute store path
# instead of relying on the linkers runtime lookup code.
2021-03-09 03:18:52 +00:00
#
2021-09-26 12:46:18 +00:00
# All of the shared library references have to be handled. When new ones
# are introduced by upstream (or one of our patches) they must be
# explicitly declared, otherwise the build will fail.
2021-03-09 03:18:52 +00:00
#
# As of systemd version 247 we've seen a few errors like `libpcre2.… not
# found` when using e.g. --grep with journalctl. Those errors should
# become less unexpected now.
#
# There are generally two classes of dlopen(3) calls. Those that we want to
# support and those that should be deactivated / unsupported. This change
# enforces that we handle all dlopen calls explicitly. Meaning: There is
# not a single dlopen call in the source code tree that we did not
# explicitly handle.
#
# In order to do this we introduced a list of attributes that maps from
# shared object name to the package that contains them. The package can be
# null meaning the reference should be nuked and the shared object will
# never be loadable during runtime (because it points at an invalid store
# path location).
#
# To get a list of dynamically loaded libraries issue something like
2021-09-26 12:46:18 +00:00
# `grep -ri '"lib[a-zA-Z0-9-]*\.so[\.0-9a-zA-z]*"'' $src` and update the below list.
dlopenLibs =
let
opt = condition : pkg : if condition then pkg else null ;
in
[
2022-11-21 17:40:18 +00:00
# bpf compilation support. We use libbpf 1 now.
{ name = " l i b b p f . s o . 1 " ; pkg = opt withLibBPF libbpf ; }
{ name = " l i b b p f . s o . 0 " ; pkg = null ; }
2021-09-26 12:46:18 +00:00
# We did never provide support for libxkbcommon & qrencode
{ name = " l i b x k b c o m m o n . s o . 0 " ; pkg = null ; }
{ name = " l i b q r e n c o d e . s o . 4 " ; pkg = null ; }
2022-11-21 17:40:18 +00:00
{ name = " l i b q r e n c o d e . s o . 3 " ; pkg = null ; }
2021-09-26 12:46:18 +00:00
# We did not provide libpwquality before so it is safe to disable it for
# now.
{ name = " l i b p w q u a l i t y . s o . 1 " ; pkg = null ; }
# Only include cryptsetup if it is enabled. We might not be able to
# provide it during "bootstrap" in e.g. the minimal systemd build as
# cryptsetup has udev (aka systemd) in it's dependencies.
{ name = " l i b c r y p t s e t u p . s o . 1 2 " ; pkg = opt withCryptsetup cryptsetup ; }
# We are using libidn2 so we only provide that and ignore the others.
# Systemd does this decision during configure time and uses ifdef's to
# enable specific branches. We can safely ignore (nuke) the libidn "v1"
# libraries.
{ name = " l i b i d n 2 . s o . 0 " ; pkg = libidn2 ; }
{ name = " l i b i d n . s o . 1 2 " ; pkg = null ; }
{ name = " l i b i d n . s o . 1 1 " ; pkg = null ; }
2022-04-15 01:41:22 +00:00
# journalctl --grep requires libpcre so let's provide it
2021-09-26 12:46:18 +00:00
{ name = " l i b p c r e 2 - 8 . s o . 0 " ; pkg = pcre2 ; }
# Support for TPM2 in systemd-cryptsetup, systemd-repart and systemd-cryptenroll
{ name = " l i b t s s 2 - e s y s . s o . 0 " ; pkg = opt withTpm2Tss tpm2-tss ; }
{ name = " l i b t s s 2 - r c . s o . 0 " ; pkg = opt withTpm2Tss tpm2-tss ; }
{ name = " l i b t s s 2 - m u . s o . 0 " ; pkg = opt withTpm2Tss tpm2-tss ; }
2021-12-06 16:07:01 +00:00
{ name = " l i b t s s 2 - t c t i - " ; pkg = opt withTpm2Tss tpm2-tss ; }
2021-09-26 12:46:18 +00:00
{ name = " l i b f i d o 2 . s o . 1 " ; pkg = opt withFido2 libfido2 ; }
2022-04-15 01:41:22 +00:00
# inspect-elf support
{ name = " l i b e l f . s o . 1 " ; pkg = opt withCoredump elfutils ; }
{ name = " l i b d w . s o . 1 " ; pkg = opt withCoredump elfutils ; }
2021-09-26 12:46:18 +00:00
] ;
2021-01-15 22:18:51 +00:00
2021-03-09 03:18:52 +00:00
patchDlOpen = dl :
let
library = " ${ lib . makeLibraryPath [ dl . pkg ] } / ${ dl . name } " ;
in
if dl . pkg == null then ''
# remove the dependency on the library by replacing it with an invalid path
2021-09-26 12:46:18 +00:00
for file in $ ( grep - lr ' " ${ dl . name } " ' src ) ; do
2021-03-09 03:18:52 +00:00
echo " p a t c h i n g d l o p e n ( \" ${ dl . name } \" , … ) i n $ f i l e t o a n i n v a l i d s t o r e p a t h ( " /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-not-implemented / $ { dl . name } " ) … "
2021-09-26 12:46:18 +00:00
substituteInPlace " $ f i l e " - - replace ' " ${ dl . name } " ' ' " / n i x / s t o r e / e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e - n o t - i m p l e m e n t e d / ${ dl . name } " '
2021-03-09 03:18:52 +00:00
done
'' e l s e ''
# ensure that the library we provide actually exists
if ! [ - e $ { library } ] ; then
2021-12-06 16:07:01 +00:00
# exceptional case, details:
# https://github.com/systemd/systemd-stable/blob/v249-stable/src/shared/tpm2-util.c#L157
if ! [ [ " ${ library } " = ~ . * libtss2-tcti- $ ] ] ; then
2022-04-15 01:41:22 +00:00
echo ' The shared library ` $ { library } ` does not exist but was given as substitute for ` $ { dl . name } ` '
2021-12-06 16:07:01 +00:00
exit 1
fi
2021-03-09 03:18:52 +00:00
fi
# make the path to the dependency explicit
2021-09-26 12:46:18 +00:00
for file in $ ( grep - lr ' " ${ dl . name } " ' src ) ; do
2021-03-09 03:18:52 +00:00
echo " p a t c h i n g d l o p e n ( \" ${ dl . name } \" , … ) i n $ f i l e t o ${ library } … "
2021-09-26 12:46:18 +00:00
substituteInPlace " $ f i l e " - - replace ' " ${ dl . name } " ' ' " ${ library } " '
2021-03-09 03:18:52 +00:00
done
2021-09-26 12:46:18 +00:00
2021-03-09 03:18:52 +00:00
'' ;
in
# patch all the dlopen calls to contain absolute paths to the libraries
lib . concatMapStringsSep " \n " patchDlOpen dlopenLibs
)
2021-09-26 12:46:18 +00:00
# finally ensure that there are no left-over dlopen calls (or rather strings pointing to shared libraries) that we didn't handle
2021-01-15 22:18:51 +00:00
+ ''
2021-09-26 12:46:18 +00:00
if grep - qr ' " l i b [ a - z A - Z 0 - 9 - ] * \. s o [ \. 0 - 9 a - z A - z ] * " ' src ; then
echo " F o u n d u n h a n d l e d d y n a m i c l i b r a r y c a l l s : "
grep - r ' " l i b [ a - z A - Z 0 - 9 - ] * \. s o [ \. 0 - 9 a - z A - z ] * " ' src
2021-01-15 22:18:51 +00:00
exit 1
fi
2021-09-26 12:46:18 +00:00
''
2022-06-16 17:23:12 +00:00
# Finally, patch shebangs in scripts used at build time. This must not patch
# scripts that will end up in the output, to avoid build platform references
# when cross-compiling.
2021-09-26 12:46:18 +00:00
+ ''
2022-06-16 17:23:12 +00:00
shopt - s extglob
patchShebangs tools test src / ! ( rpm )
2020-04-24 23:36:52 +00:00
'' ;
2020-09-25 04:45:31 +00:00
outputs = [ " o u t " " m a n " " d e v " ] ;
2020-04-24 23:36:52 +00:00
2021-09-26 12:46:18 +00:00
nativeBuildInputs =
[
pkg-config
2022-10-30 15:09:59 +00:00
makeBinaryWrapper
2021-09-26 12:46:18 +00:00
gperf
ninja
meson
glibcLocales
getent
m4
intltool
gettext
libxslt
docbook_xsl
docbook_xml_dtd_42
docbook_xml_dtd_45
( buildPackages . python3Packages . python . withPackages ( ps : with ps ; [ lxml jinja2 ] ) )
]
2022-09-14 18:05:37 +00:00
++ lib . optionals withLibBPF [
2021-09-26 12:46:18 +00:00
bpftools
2023-01-11 07:51:40 +00:00
buildPackages . llvmPackages . clang
buildPackages . llvmPackages . libllvm
2021-09-26 12:46:18 +00:00
]
;
2021-09-18 10:52:07 +00:00
2021-09-26 12:46:18 +00:00
buildInputs =
[
acl
audit
kmod
2022-10-30 15:09:59 +00:00
libxcrypt
2021-09-26 12:46:18 +00:00
libcap
libidn2
libuuid
linuxHeaders
pam
]
2022-04-15 01:41:22 +00:00
++ lib . optional wantGcrypt libgcrypt
++ lib . optional withTests glib
2021-09-26 12:46:18 +00:00
++ lib . optional withApparmor libapparmor
++ lib . optional wantCurl ( lib . getDev curl )
2021-12-26 17:43:05 +00:00
++ lib . optionals withCompression [ bzip2 lz4 xz zstd ]
++ lib . optional withCoredump elfutils
2021-09-26 12:46:18 +00:00
++ lib . optional withCryptsetup ( lib . getDev cryptsetup . dev )
++ lib . optional withEfi gnu-efi
++ lib . optional withKexectools kexec-tools
++ lib . optional withLibseccomp libseccomp
++ lib . optional withNetworkd iptables
++ lib . optional withPCRE2 pcre2
2021-10-08 15:17:17 +00:00
++ lib . optional withResolved libgpg-error
2021-09-26 12:46:18 +00:00
++ lib . optional withSelinux libselinux
++ lib . optional withRemote libmicrohttpd
++ lib . optionals withHomed [ p11-kit ]
++ lib . optionals ( withHomed || withCryptsetup ) [ libfido2 ]
++ lib . optionals withLibBPF [ libbpf ]
2021-12-06 16:07:01 +00:00
++ lib . optional withTpm2Tss tpm2-tss
2020-11-30 08:33:03 +00:00
;
2020-04-24 23:36:52 +00:00
#dontAddPrefix = true;
mesonFlags = [
2021-09-26 12:46:18 +00:00
" - D v e r s i o n - t a g = ${ version } "
2022-04-15 01:41:22 +00:00
# We bump this variable on every (major) version change to ensure
# that we have known-good value for a timestamp that is in the (not so distant) past.
# This serves as a lower bound for valid system timestamps during startup. Systemd will
# reset the system timestamp if this date is +- 15 years from the system time.
# See the systemd v250 release notes for further details:
# https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266
" - D t i m e - e p o c h = ${ releaseTimestamp } "
2022-12-17 10:02:37 +00:00
" - D m o d e = r e l e a s e "
2020-04-24 23:36:52 +00:00
" - D d b u s p o l i c y d i r = ${ placeholder " o u t " } / s h a r e / d b u s - 1 / s y s t e m . d "
" - D d b u s s e s s i o n s e r v i c e d i r = ${ placeholder " o u t " } / s h a r e / d b u s - 1 / s e r v i c e s "
" - D d b u s s y s t e m s e r v i c e d i r = ${ placeholder " o u t " } / s h a r e / d b u s - 1 / s y s t e m - s e r v i c e s "
" - D p a m c o n f d i r = ${ placeholder " o u t " } / e t c / p a m . d "
" - D r o o t p r e f i x = ${ placeholder " o u t " } "
" - D p k g c o n f i g l i b d i r = ${ placeholder " d e v " } / l i b / p k g c o n f i g "
" - D p k g c o n f i g d a t a d i r = ${ placeholder " d e v " } / s h a r e / p k g c o n f i g "
" - D l o a d k e y s - p a t h = ${ kbd } / b i n / l o a d k e y s "
" - D s e t f o n t - p a t h = ${ kbd } / b i n / s e t f o n t "
" - D t t y - g i d = 3 " # tty in NixOS has gid 3
" - D d e b u g - s h e l l = ${ bashInteractive } / b i n / b a s h "
2022-04-15 01:41:22 +00:00
" - D g l i b = ${ lib . boolToString withTests } "
2020-04-24 23:36:52 +00:00
# while we do not run tests we should also not build them. Removes about 600 targets
" - D t e s t s = f a l s e "
2020-11-12 09:05:59 +00:00
" - D a n a l y z e = ${ lib . boolToString withAnalyze } "
2022-04-15 01:41:22 +00:00
" - D g c r y p t = ${ lib . boolToString wantGcrypt } "
2020-11-12 09:05:59 +00:00
" - D i m p o r t d = ${ lib . boolToString withImportd } "
" - D l z 4 = ${ lib . boolToString withCompression } "
2021-02-05 17:12:51 +00:00
" - D h o m e d = ${ lib . boolToString withHomed } "
2020-11-12 09:05:59 +00:00
" - D l o g i n d = ${ lib . boolToString withLogind } "
" - D l o c a l e d = ${ lib . boolToString withLocaled } "
" - D h o s t n a m e d = ${ lib . boolToString withHostnamed } "
" - D m a c h i n e d = ${ lib . boolToString withMachined } "
" - D n e t w o r k d = ${ lib . boolToString withNetworkd } "
2020-12-25 13:55:36 +00:00
" - D o o m d = ${ lib . boolToString withOomd } "
2020-11-12 09:05:59 +00:00
" - D p o l k i t = ${ lib . boolToString withPolkit } "
2022-01-26 04:04:25 +00:00
" - D l i b c r y p t s e t u p = ${ lib . boolToString withCryptsetup } "
2020-11-30 08:33:03 +00:00
" - D p o r t a b l e d = ${ lib . boolToString withPortabled } "
2020-11-12 09:05:59 +00:00
" - D h w d b = ${ lib . boolToString withHwdb } "
" - D r e m o t e = ${ lib . boolToString withRemote } "
2020-04-24 23:36:52 +00:00
" - D s y s u s e r s = f a l s e "
2020-11-12 09:05:59 +00:00
" - D t i m e d a t e d = ${ lib . boolToString withTimedated } "
" - D t i m e s y n c d = ${ lib . boolToString withTimesyncd } "
" - D u s e r d b = ${ lib . boolToString withUserDb } "
" - D c o r e d u m p = ${ lib . boolToString withCoredump } "
2020-04-24 23:36:52 +00:00
" - D f i r s t b o o t = f a l s e "
2020-11-12 09:05:59 +00:00
" - D r e s o l v e = ${ lib . boolToString withResolved } "
2020-04-24 23:36:52 +00:00
" - D s p l i t - u s r = f a l s e "
2020-11-12 09:05:59 +00:00
" - D l i b c u r l = ${ lib . boolToString wantCurl } "
2020-04-24 23:36:52 +00:00
" - D l i b i d n = f a l s e "
" - D l i b i d n 2 = t r u e "
" - D q u o t a c h e c k = f a l s e "
" - D l d c o n f i g = f a l s e "
" - D s m a c k = t r u e "
" - D b _ p i e = t r u e "
2020-12-25 13:55:36 +00:00
" - D i n s t a l l - s y s c o n f d i r = f a l s e "
2022-04-15 01:41:22 +00:00
" - D s b a t - d i s t r o = n i x o s "
" - D s b a t - d i s t r o - s u m m a r y = N i x O S "
" - D s b a t - d i s t r o - u r l = h t t p s : / / n i x o s . o r g / "
" - D s b a t - d i s t r o - p k g n a m e = ${ pname } "
" - D s b a t - d i s t r o - v e r s i o n = ${ version } "
2020-04-24 23:36:52 +00:00
/*
2021-09-18 10:52:07 +00:00
As of now , systemd doesn't allow runtime configuration of these values . So
the settings in /etc/login.defs have no effect on it . Many people think this
should be supported however , see
- https://github.com/systemd/systemd/issues/3855
- https://github.com/systemd/systemd/issues/4850
- https://github.com/systemd/systemd/issues/9769
- https://github.com/systemd/systemd/issues/9843
- https://github.com/systemd/systemd/issues/10184
2020-04-24 23:36:52 +00:00
* /
" - D s y s t e m - u i d - m a x = 9 9 9 "
" - D s y s t e m - g i d - m a x = 9 9 9 "
" - D s y s v i n i t - p a t h = "
" - D s y s v r c n d - p a t h = "
" - D k m o d - p a t h = ${ kmod } / b i n / k m o d "
2020-11-24 20:58:05 +00:00
" - D s u l o g i n - p a t h = ${ util-linux } / b i n / s u l o g i n "
" - D m o u n t - p a t h = ${ util-linux } / b i n / m o u n t "
" - D u m o u n t - p a t h = ${ util-linux } / b i n / u m o u n t "
2020-04-24 23:36:52 +00:00
" - D c r e a t e - l o g - d i r s = f a l s e "
2020-12-03 08:41:04 +00:00
# Use cgroupsv2. This is already the upstream default, but better be explicit.
" - D d e f a u l t - h i e r a r c h y = u n i f i e d "
2020-04-24 23:36:52 +00:00
# Upstream defaulted to disable manpages since they optimize for the much
# more frequent development builds
" - D m a n = t r u e "
2020-11-06 00:33:48 +00:00
2020-11-12 09:05:59 +00:00
" - D e f i = ${ lib . boolToString withEfi } "
" - D g n u - e f i = ${ lib . boolToString withEfi } "
] ++ lib . optionals withEfi [
2020-11-06 00:33:48 +00:00
" - D e f i - l i b d i r = ${ toString gnu-efi } / l i b "
" - D e f i - i n c l u d e d i r = ${ toString gnu-efi } / i n c l u d e / e f i "
2020-11-12 09:05:59 +00:00
] ++ lib . optionals ( withShellCompletions == false ) [
" - D b a s h c o m p l e t i o n d i r = n o "
" - D z s h c o m p l e t i o n d i r = n o "
] ++ lib . optionals ( ! withNss ) [
" - D n s s - m y h o s t n a m e = f a l s e "
" - D n s s - m y m a c h i n e s = f a l s e "
" - D n s s - r e s o l v e = f a l s e "
" - D n s s - s y s t e m d = f a l s e "
2021-09-26 12:46:18 +00:00
] ++ lib . optionals withLibBPF [
" - D b p f - f r a m e w o r k = t r u e "
2021-12-06 16:07:01 +00:00
] ++ lib . optionals withTpm2Tss [
" - D t p m 2 = t r u e "
2022-09-14 18:05:37 +00:00
] ++ lib . optionals ( ! withUtmp ) [
" - D u t m p = f a l s e "
2021-12-06 16:07:01 +00:00
] ++ lib . optionals stdenv . hostPlatform . isMusl [
" - D g s h a d o w = f a l s e "
" - D i d n = f a l s e "
2020-04-24 23:36:52 +00:00
] ;
2022-04-15 01:41:22 +00:00
preConfigure =
let
2022-12-28 21:21:41 +00:00
# A list of all the runtime binaries that the systemd executables, tests and libraries are referencing in their source code, scripts and unit files.
2022-04-15 01:41:22 +00:00
# As soon as a dependency isn't required anymore we should remove it from the list. The `where` attribute for each of the replacement patterns must be exhaustive. If another (unhandled) case is found in the source code the build fails with an error message.
binaryReplacements = [
{ search = " / u s r / b i n / g e t e n t " ; replacement = " ${ getent } / b i n / g e t e n t " ; where = [ " s r c / n s p a w n / n s p a w n - s e t u i d . c " ] ; }
{
search = " / s b i n / m k s w a p " ;
replacement = " ${ lib . getBin util-linux } / s b i n / m k s w a p " ;
where = [
" m a n / s y s t e m d - m a k e f s @ . s e r v i c e . x m l "
] ;
}
{ search = " / s b i n / s w a p o n " ; replacement = " ${ lib . getBin util-linux } / s b i n / s w a p o n " ; where = [ " s r c / c o r e / s w a p . c " " s r c / b a s i c / u n i t - d e f . h " ] ; }
{ search = " / s b i n / s w a p o f f " ; replacement = " ${ lib . getBin util-linux } / s b i n / s w a p o f f " ; where = [ " s r c / c o r e / s w a p . c " ] ; }
{
search = " / b i n / e c h o " ;
replacement = " ${ coreutils } / b i n / e c h o " ;
where = [
" m a n / s y s t e m d - a n a l y z e . x m l "
" m a n / s y s t e m d . s e r v i c e . x m l "
" s r c / a n a l y z e / t e s t - v e r i f y . c "
" s r c / t e s t / t e s t - e n v - f i l e . c "
" s r c / t e s t / t e s t - f i l e i o . c "
2022-08-12 12:06:08 +00:00
" s r c / t e s t / t e s t - l o a d - f r a g m e n t . c "
2022-04-15 01:41:22 +00:00
] ;
}
{
search = " / b i n / c a t " ;
replacement = " ${ coreutils } / b i n / c a t " ;
where = [ " t e s t / c r e a t e - b u s y b o x - c o n t a i n e r " " t e s t / t e s t - e x e c u t e / e x e c - n o e x e c p a t h s - s i m p l e . s e r v i c e " " s r c / j o u r n a l / c a t . c " ] ;
}
{ search = " / s b i n / m o d p r o b e " ; replacement = " ${ lib . getBin kmod } / s b i n / m o d p r o b e " ; where = [ " u n i t s / m o d p r o b e @ . s e r v i c e " ] ; }
{
search = " / u s r / l i b / s y s t e m d / s y s t e m d - f s c k " ;
replacement = " $ o u t / l i b / s y s t e m d / s y s t e m d - f s c k " ;
where = [
" m a n / s y s t e m d - f s c k @ . s e r v i c e . x m l "
] ;
}
] ++ lib . optionals withImportd [
{
search = " \" g p g \" " ;
replacement = " \\ \" ${ gnupg } / b i n / g p g \\ \" " ;
where = [ " s r c / i m p o r t / p u l l - c o m m o n . c " ] ;
}
{
search = " \" t a r \" " ;
replacement = " \\ \" ${ gnutar } / b i n / t a r \\ \" " ;
where = [
" s r c / i m p o r t / e x p o r t - t a r . c "
" s r c / i m p o r t / i m p o r t - c o m m o n . c "
" s r c / i m p o r t / i m p o r t - t a r . c "
2022-08-12 12:06:08 +00:00
] ;
ignore = [
2022-12-28 21:21:41 +00:00
# occurrences here refer to the tar sub command
2022-08-12 12:06:08 +00:00
" s r c / s y s u p d a t e / s y s u p d a t e - r e s o u r c e . c "
" s r c / s y s u p d a t e / s y s u p d a t e - t r a n s f e r . c "
" s r c / i m p o r t / p u l l . c "
" s r c / i m p o r t / e x p o r t . c "
2022-04-15 01:41:22 +00:00
" s r c / i m p o r t / i m p o r t . c "
" s r c / i m p o r t / i m p o r t d . c "
2022-08-12 12:06:08 +00:00
# runs `tar` but also also creates a temporary directory with the string
2022-04-15 01:41:22 +00:00
" s r c / i m p o r t / p u l l - t a r . c "
] ;
}
] ;
# { replacement, search, where } -> List[str]
2022-10-30 15:09:59 +00:00
mkSubstitute = { replacement , search , where , ignore ? [ ] }:
2022-04-15 01:41:22 +00:00
map ( path : " s u b s t i t u t e I n P l a c e ${ path } - - r e p l a c e ' ${ search } ' \" ${ replacement } \" " ) where ;
2022-10-30 15:09:59 +00:00
mkEnsureSubstituted = { replacement , search , where , ignore ? [ ] }:
let
ignore' = lib . concatStringsSep " | " ( ignore ++ [ " ^ t e s t " " N E W S " ] ) ;
in
''
set + e
search = $ ( grep ' $ { search } ' - r | grep - v " ${ replacement } " | grep - Ev " ${ ignore' } " )
set - e
if [ [ - n " $ s e a r c h " ] ] ; then
echo " N o t a l l r e f e r e n c e s t o ' ${ search } ' h a v e b e e n r e p l a c e d . F o u n d t h e f o l l o w i n g m a t c h e s : "
echo " $ s e a r c h "
exit 1
fi
'' ;
2022-04-15 01:41:22 +00:00
in
''
mesonFlagsArray + = ( - Dntp-servers = " 0 . n i x o s . p o o l . n t p . o r g 1 . n i x o s . p o o l . n t p . o r g 2 . n i x o s . p o o l . n t p . o r g 3 . n i x o s . p o o l . n t p . o r g " )
export LC_ALL = " e n _ U S . U T F - 8 " ;
2020-04-24 23:36:52 +00:00
2022-04-15 01:41:22 +00:00
$ { lib . concatStringsSep " \n " ( lib . flatten ( map mkSubstitute binaryReplacements ) ) }
$ { lib . concatMapStringsSep " \n " mkEnsureSubstituted binaryReplacements }
2020-04-24 23:36:52 +00:00
2022-04-15 01:41:22 +00:00
substituteInPlace src/libsystemd/sd-journal/catalog.c \
- - replace /usr/lib/systemd/catalog / $ out/lib/systemd/catalog /
2022-08-12 12:06:08 +00:00
substituteInPlace src/import/pull-tar.c \
- - replace ' wait_for_terminate_and_check ( " t a r " ' ' wait_for_terminate_and_check ( " ${ gnutar } / b i n / t a r " '
2022-04-15 01:41:22 +00:00
'' ;
2020-04-24 23:36:52 +00:00
# These defines are overridden by CFLAGS and would trigger annoying
# warning messages
postConfigure = ''
substituteInPlace config . h \
- - replace " P O L K I T _ A G E N T _ B I N A R Y _ P A T H " " _ P O L K I T _ A G E N T _ B I N A R Y _ P A T H " \
- - replace " S Y S T E M D _ B I N A R Y _ P A T H " " _ S Y S T E M D _ B I N A R Y _ P A T H " \
2022-04-15 01:41:22 +00:00
- - replace " S Y S T E M D _ C G R O U P _ A G E N T S _ P A T H " " _ S Y S T E M D _ C G R O U P _ A G E N T _ P A T H "
2020-04-24 23:36:52 +00:00
'' ;
2021-12-06 16:07:01 +00:00
NIX_CFLAGS_COMPILE = toString ( [
2020-04-24 23:36:52 +00:00
# Can't say ${polkit.bin}/bin/pkttyagent here because that would
# lead to a cyclic dependency.
2020-11-12 09:05:59 +00:00
" - U P O L K I T _ A G E N T _ B I N A R Y _ P A T H "
" - D P O L K I T _ A G E N T _ B I N A R Y _ P A T H = \" / r u n / c u r r e n t - s y s t e m / s w / b i n / p k t t y a g e n t \" "
2020-04-24 23:36:52 +00:00
# Set the release_agent on /sys/fs/cgroup/systemd to the
# currently running systemd (/run/current-system/systemd) so
# that we don't use an obsolete/garbage-collected release agent.
2022-04-15 01:41:22 +00:00
" - U S Y S T E M D _ C G R O U P _ A G E N T S _ P A T H "
" - D S Y S T E M D _ C G R O U P _ A G E N T S _ P A T H = \" / r u n / c u r r e n t - s y s t e m / s y s t e m d / l i b / s y s t e m d / s y s t e m d - c g r o u p s - a g e n t \" "
2020-04-24 23:36:52 +00:00
2020-11-12 09:05:59 +00:00
" - U S Y S T E M D _ B I N A R Y _ P A T H "
" - D S Y S T E M D _ B I N A R Y _ P A T H = \" / r u n / c u r r e n t - s y s t e m / s y s t e m d / l i b / s y s t e m d / s y s t e m d \" "
2021-12-06 16:07:01 +00:00
] ++ lib . optionals stdenv . hostPlatform . isMusl [
" - D _ _ U A P I _ D E F _ E T H H D R = 0 "
] ) ;
2020-04-24 23:36:52 +00:00
doCheck = false ; # fails a bunch of tests
# trigger the test -n "$DESTDIR" || mutate in upstreams build system
preInstall = ''
export DESTDIR = /
'' ;
postInstall = ''
mkdir - p $ out/example/systemd
mv $ out/lib / { modules-load . d , binfmt . d , sysctl . d , tmpfiles . d } $ out/example
mv $ out/lib/systemd / { system , user } $ out/example/systemd
rm - rf $ out/etc/systemd/system
# Fix reference to /bin/false in the D-Bus services.
for i in $ out/share/dbus-1/system-services /* . s e r v i c e ; d o
substituteInPlace $ i - - replace /bin/false $ { coreutils } /bin/false
done
rm - rf $ out/etc/rpm
# "kernel-install" shouldn't be used on NixOS.
find $ out - name " * k e r n e l - i n s t a l l * " - exec rm { } \ ;
2020-11-12 09:05:59 +00:00
'' + l i b . o p t i o n a l S t r i n g ( ! w i t h D o c u m e n t a t i o n ) ''
rm - rf $ out/share/doc
'' ;
2020-04-24 23:36:52 +00:00
2022-05-18 14:49:53 +00:00
# Avoid *.EFI binary stripping. At least on aarch64-linux strip
# removes too much from PE32+ files:
# https://github.com/NixOS/nixpkgs/issues/169693
# The hack is to move EFI file out of lib/ before doStrip
# run and return it after doStrip run.
preFixup = lib . optionalString withEfi ''
mv $ out/lib/systemd/boot/efi $ out/dont-strip-me
'' ;
2022-10-30 15:09:59 +00:00
# Wrap in the correct path for LUKS2 tokens.
postFixup = lib . optionalString withCryptsetup ''
for f in lib/systemd/systemd-cryptsetup bin/systemd-cryptenroll ; do
# This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so`
wrapProgram $ out / $ f - - prefix LD_LIBRARY_PATH : $ { placeholder " o u t " } /lib/cryptsetup
done
'' + l i b . o p t i o n a l S t r i n g w i t h E f i ''
2022-05-18 14:49:53 +00:00
mv $ out/dont-strip-me $ out/lib/systemd/boot/efi
'' ;
2022-02-10 20:34:41 +00:00
passthru = {
# The interface version prevents NixOS from switching to an
# incompatible systemd at runtime. (Switching across reboots is
# fine, of course.) It should be increased whenever systemd changes
# in a backwards-incompatible way. If the interface version of two
# systemd builds is the same, then we can switch between them at
# runtime; otherwise we can't and we need to reboot.
interfaceVersion = 2 ;
2022-10-30 15:09:59 +00:00
inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withPortabled withTimedated withUtmp util-linux kmod kbd ;
2022-02-10 20:34:41 +00:00
tests = {
inherit ( nixosTests ) switchTest ;
} ;
2021-12-19 01:06:50 +00:00
} ;
2020-11-12 09:05:59 +00:00
meta = with lib ; {
2020-04-24 23:36:52 +00:00
homepage = " h t t p s : / / w w w . f r e e d e s k t o p . o r g / w i k i / S o f t w a r e / s y s t e m d / " ;
description = " A s y s t e m a n d s e r v i c e m a n a g e r f o r L i n u x " ;
license = licenses . lgpl21Plus ;
platforms = platforms . linux ;
2023-02-02 18:25:31 +00:00
badPlatforms = [ lib . systems . inspect . platformPatterns . isStatic ] ;
2022-05-18 14:49:53 +00:00
# https://github.com/systemd/systemd/issues/20600#issuecomment-912338965
broken = stdenv . hostPlatform . isStatic ;
2020-04-24 23:36:52 +00:00
priority = 10 ;
2022-02-10 20:34:41 +00:00
maintainers = with maintainers ; [ flokli kloenk mic92 ] ;
2020-04-24 23:36:52 +00:00
} ;
}