systemd v249

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

@@ -53,6 +53,11 @@
           bash now defaults to major version 5.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          Systemd was updated to version 249 (from 247).
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-21.11-new-services">

nixos/doc/manual/release-notes/rl-2111.section.md

@@ -20,6 +20,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - bash now defaults to major version 5.
 
+- Systemd was updated to version 249 (from 247).
+
 ## New Services {#sec-release-21.11-new-services}
 
 - [btrbk](https://digint.ch/btrbk/index.html), a backup tool for btrfs subvolumes, taking advantage of btrfs specific capabilities to create atomic snapshots and transfer them incrementally to your backup locations. Available as [services.btrbk](options.html#opt-services.brtbk.instances).

nixos/modules/services/ttys/getty.nix

@@ -131,6 +131,14 @@ in
         restartIfChanged = false;
       };
 
+    systemd.services."autovt@" =
+      { serviceConfig.ExecStart = [
+          "" # override upstream default with an empty ExecStart
+          (gettyCmd "--noclear %I $TERM")
+        ];
+        restartIfChanged = false;
+      };
+
     systemd.services."container-getty@" =
       { serviceConfig.ExecStart = [
           "" # override upstream default with an empty ExecStart

nixos/tests/herbstluftwm.nix

@@ -3,7 +3,6 @@ import ./make-test-python.nix ({ lib, ...} : {
 
   meta = {
     maintainers = with lib.maintainers; [ thibautmarty ];
-    timeout = 30;
   };
 
   machine = { pkgs, lib, ... }: {

nixos/tests/prometheus-exporters.nix

@@ -280,6 +280,7 @@ let
       };
       exporterTest = ''
         wait_for_unit("prometheus-influxdb-exporter.service")
+        wait_for_open_port(9122)
         succeed(
           "curl -XPOST http://localhost:9122/write --data-binary 'influxdb_exporter,distro=nixos,added_in=21.09 value=1'"
         )

nixos/tests/systemd-confinement.nix

@@ -44,38 +44,35 @@ import ./make-test-python.nix {
       { config.confinement.mode = "chroot-only";
         testScript = ''
           with subtest("chroot-only confinement"):
-              machine.succeed(
-                  'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix',
-                  'test "$(chroot-exec id -u)" = 0',
-                  "chroot-exec chown 65534 /bin",
-              )
+              paths = machine.succeed('chroot-exec ls -1 / | paste -sd,').strip()
+              assert_eq(paths, "bin,nix,run")
+              uid = machine.succeed('chroot-exec id -u').strip()
+              assert_eq(uid, "0")
+              machine.succeed("chroot-exec chown 65534 /bin")
         '';
       }
       { testScript = ''
           with subtest("full confinement with APIVFS"):
-              machine.fail(
-                  "chroot-exec ls -l /etc",
-                  "chroot-exec ls -l /run",
-                  "chroot-exec chown 65534 /bin",
-              )
-              machine.succeed(
-                  'test "$(chroot-exec id -u)" = 0',
-                  "chroot-exec chown 0 /bin",
-              )
+              machine.fail("chroot-exec ls -l /etc")
+              machine.fail("chroot-exec chown 65534 /bin")
+              assert_eq(machine.succeed('chroot-exec id -u').strip(), "0")
+              machine.succeed("chroot-exec chown 0 /bin")
         '';
       }
       { config.serviceConfig.BindReadOnlyPaths = [ "/etc" ];
         testScript = ''
           with subtest("check existence of bind-mounted /etc"):
-              machine.succeed('test -n "$(chroot-exec cat /etc/passwd)"')
+              passwd = machine.succeed('chroot-exec cat /etc/passwd').strip()
+              assert len(passwd) > 0, "/etc/passwd must not be empty"
         '';
       }
       { config.serviceConfig.User = "chroot-testuser";
         config.serviceConfig.Group = "chroot-testgroup";
         testScript = ''
           with subtest("check if User/Group really runs as non-root"):
               machine.succeed("chroot-exec ls -l /dev")
-              machine.succeed('test "$(chroot-exec id -u)" != 0')
+              uid = machine.succeed('chroot-exec id -u').strip()
+              assert uid != "0", "UID of chroot-testuser shouldn't be 0"
               machine.fail("chroot-exec touch /bin/test")
         '';
       }
@@ -88,10 +85,8 @@ import ./make-test-python.nix {
         testScript = ''
           with subtest("check if symlinks are properly bind-mounted"):
               machine.fail("chroot-exec test -e /etc")
-              machine.succeed(
-                  "chroot-exec cat ${symlink} >&2",
-                  'test "$(chroot-exec cat ${symlink})" = "got me"',
-              )
+              text = machine.succeed('chroot-exec cat ${symlink}').strip()
+              assert_eq(text, "got me")
         '';
       })
       { config.serviceConfig.User = "chroot-testuser";
@@ -158,6 +153,9 @@ import ./make-test-python.nix {
   };
 
   testScript = { nodes, ... }: ''
+    def assert_eq(a, b):
+        assert a == b, f"{a} != {b}"
+
     machine.wait_for_unit("multi-user.target")
   '' + nodes.machine.config.__testSteps;
 }

pkgs/development/libraries/tpm2-tss/default.nix

@@ -3,6 +3,14 @@
 , openssl, json_c, curl, libgcrypt
 , cmocka, uthash, ibm-sw-tpm2, iproute2, procps, which
 }:
+let
+  # Avoid a circular dependency on Linux systems (systemd depends on tpm2-tss,
+  # tpm2-tss tests depend on procps, procps depends on systemd by default). This
+  # needs to be conditional based on isLinux because procps for other systems
+  # might not support the withSystemd option.
+  procpsWithoutSystemd = procps.override { withSystemd = false; };
+  procps_pkg = if stdenv.isLinux then procpsWithoutSystemd else procps;
+in
 
 stdenv.mkDerivation rec {
   pname = "tpm2-tss";
@@ -20,7 +28,7 @@ stdenv.mkDerivation rec {
   ];
   buildInputs = [ openssl json_c curl libgcrypt ];
   checkInputs = [
-    cmocka uthash ibm-sw-tpm2 iproute2 procps which
+    cmocka uthash ibm-sw-tpm2 iproute2 procps_pkg which
   ];
 
   preAutoreconf = "./bootstrap";

pkgs/os-specific/linux/libbpf/default.nix

@@ -7,30 +7,15 @@ with builtins;
 
 stdenv.mkDerivation rec {
   pname = "libbpf";
-  version = "0.1.1";
+  version = "0.4.0";
 
   src = fetchFromGitHub {
     owner  = "libbpf";
     repo   = "libbpf";
     rev    = "v${version}";
-    sha256 = "0ilnnm4q22f8fagwp8kb37licy4ks861i2iqh2djsypqhnxvx3fv";
+    sha256 = "1by5w7g3i2fc10bi6f0j8jqi2nq0x8r973j2qx7qlfryjxr7b2v3";
   };
 
-  patches = [
-    (fetchpatch { # included upstream for > 0.1.0
-      name = "link-zlib.patch";
-      url = "https://github.com/libbpf/libbpf/commit/8b14cb43ff837.diff";
-      sha256 = "17mvjrs7s727drz013a8qlyj0345ldi2kph6pazcmxv6kl1qrz2z";
-    })
-  ];
-  patchFlags = "-p2";
-  # https://github.com/libbpf/libbpf/pull/201#issuecomment-689174740
-  postPatch = ''
-    substituteInPlace ../scripts/check-reallocarray.sh \
-      --replace 'mktemp /tmp/' 'mktemp ' \
-      --replace '/bin/rm' 'rm'
-  '';
-
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ libelf zlib ];
 

pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch

@@ -1,4 +1,4 @@
-From 2f4a5e9c9ef1cd57662e8bd4c24e1029a00d55b5 Mon Sep 17 00:00:00 2001
+From 57e31a2d4a5d5bd7a9e1cd8a0d8bc6a00624ad68 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Tue, 8 Jan 2013 15:46:30 +0100
 Subject: [PATCH 01/19] Start device units for uninitialised encrypted devices
@@ -13,7 +13,7 @@ unit.  (However, this ignores the fsck unit, so it's not perfect...)
  1 file changed, 4 deletions(-)
 
 diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
-index 7c22eefdb7..e3a55e00b5 100644
+index 25b8a590a6..d18999ea87 100644
 --- a/rules.d/99-systemd.rules.in
 +++ b/rules.d/99-systemd.rules.in
 @@ -17,10 +17,6 @@ SUBSYSTEM=="ubi", TAG+="systemd"
@@ -28,5 +28,5 @@ index 7c22eefdb7..e3a55e00b5 100644
  SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
  SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"
 -- 
-2.30.1
+2.32.0
 

pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch

@@ -1,4 +1,4 @@
-From 4e96b2e074c4a4f4ce900409872ce2f86704ee5b Mon Sep 17 00:00:00 2001
+From 43465a392b47238a32f8719f603ed9e2c9bb0363 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Fri, 12 Apr 2013 13:16:57 +0200
 Subject: [PATCH 02/19] Don't try to unmount /nix or /nix/store
@@ -12,7 +12,7 @@ https://github.com/NixOS/nixos/issues/126
  2 files changed, 4 insertions(+)
 
 diff --git a/src/shared/fstab-util.c b/src/shared/fstab-util.c
-index 292b97cd69..791b8e6b7e 100644
+index f683f05981..5a04c2c2a6 100644
 --- a/src/shared/fstab-util.c
 +++ b/src/shared/fstab-util.c
 @@ -40,6 +40,8 @@ bool fstab_is_extrinsic(const char *mount, const char *opts) {
@@ -25,10 +25,10 @@ index 292b97cd69..791b8e6b7e 100644
                          "/etc"))
                  return true;
 diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
-index 3a72a13e1a..541320dc9d 100644
+index c2a26242c0..9936398f32 100644
 --- a/src/shutdown/umount.c
 +++ b/src/shutdown/umount.c
-@@ -500,6 +500,8 @@ static int delete_md(MountPoint *m) {
+@@ -496,6 +496,8 @@ static int delete_md(MountPoint *m) {
 
  static bool nonunmountable_path(const char *path) {
          return path_equal(path, "/")
@@ -38,5 +38,5 @@ index 3a72a13e1a..541320dc9d 100644
                  || path_equal(path, "/usr")
  #endif
 -- 
-2.30.1
+2.32.0
 

pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch

@@ -1,4 +1,4 @@
-From 3d1b2e56a6ed6cc86a64f6f89765a2900e576402 Mon Sep 17 00:00:00 2001
+From a99666d3d7012c2162fdacf84a57fc0b848fd957 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Wed, 16 Apr 2014 10:59:28 +0200
 Subject: [PATCH 03/19] Fix NixOS containers
@@ -10,18 +10,18 @@ container, so checking early whether it exists will fail.
  1 file changed, 2 insertions(+)
 
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 7515380fcd..14f8a82eb8 100644
+index 04685fecba..0e5ece5f91 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
-@@ -5323,6 +5323,7 @@ static int run(int argc, char *argv[]) {
+@@ -5590,6 +5590,7 @@ static int run(int argc, char *argv[]) {
                                  goto finish;
                          }
                  } else {
 +#if 0
                          const char *p, *q;
 
                          if (arg_pivot_root_new)
-@@ -5337,6 +5338,7 @@ static int run(int argc, char *argv[]) {
+@@ -5604,6 +5605,7 @@ static int run(int argc, char *argv[]) {
                                  r = -EINVAL;
                                  goto finish;
                          }
@@ -30,5 +30,5 @@ index 7515380fcd..14f8a82eb8 100644
 
          } else {
 -- 
-2.30.1
+2.32.0
 

pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch

@@ -1,4 +1,4 @@
-From 3a721cf70e952e933ef5374006bbb11a3a0ad36a Mon Sep 17 00:00:00 2001
+From 3f0780b25bdbe4156a2f761c90083bbba5f4d473 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Thu, 1 May 2014 14:10:10 +0200
 Subject: [PATCH 04/19] Look for fsck in the right place
@@ -8,7 +8,7 @@ Subject: [PATCH 04/19] Look for fsck in the right place
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
-index 510689f3b7..25cab5acae 100644
+index cd7adfaeb9..68cebdd158 100644
 --- a/src/fsck/fsck.c
 +++ b/src/fsck/fsck.c
 @@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) {
@@ -21,5 +21,5 @@ index 510689f3b7..25cab5acae 100644
                  cmdline[i++] = "-T";
 
 -- 
-2.30.1
+2.32.0