diff --git a/pkgs/by-name/au/audit/musl.patch b/pkgs/by-name/au/audit/musl.patch new file mode 100644 index 0000000000000..8485a0759548d --- /dev/null +++ b/pkgs/by-name/au/audit/musl.patch @@ -0,0 +1,76 @@ +From 87c782153deb10bd8c3345723a8bcee343826e78 Mon Sep 17 00:00:00 2001 +From: Grimmauld +Date: Thu, 10 Jul 2025 18:58:31 +0200 +Subject: [PATCH 1/2] lib/audit_logging.h: fix includes for musl + +`sys/types.h` is indirectly included with `glibc`, +but needs to be specified explicitly on musl. +--- + lib/audit_logging.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/audit_logging.h b/lib/audit_logging.h +index 9082a2720..c58861b1e 100644 +--- a/lib/audit_logging.h ++++ b/lib/audit_logging.h +@@ -25,6 +25,7 @@ + + // Next include is to pick up the function attribute macros + #include ++#include + #include + + #ifdef __cplusplus + +From 98adfcc4bfa66ac25db0b609d7172d7d40c4f85f Mon Sep 17 00:00:00 2001 +From: Grimmauld +Date: Fri, 11 Jul 2025 08:11:21 +0200 +Subject: [PATCH 2/2] Guard __attr_dealloc_free seperately from __attr_dealloc + +Otherwise, header include order matters when building against a libc that +does not itself define __attr_dealloc_free, such as musl. +--- + auparse/auparse.h | 2 ++ + lib/audit_logging.h | 2 ++ + lib/libaudit.h | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/auparse/auparse.h b/auparse/auparse.h +index 48375e2c7..ba5139625 100644 +--- a/auparse/auparse.h ++++ b/auparse/auparse.h +@@ -31,6 +31,8 @@ + #endif + #ifndef __attr_dealloc + # define __attr_dealloc(dealloc, argno) ++#endif ++#ifndef __attr_dealloc_free + # define __attr_dealloc_free + #endif + #ifndef __attribute_malloc__ +diff --git a/lib/audit_logging.h b/lib/audit_logging.h +index c58861b1e..fab7e75d1 100644 +--- a/lib/audit_logging.h ++++ b/lib/audit_logging.h +@@ -40,6 +40,8 @@ extern "C" { + #endif + #ifndef __attr_dealloc + # define __attr_dealloc(dealloc, argno) ++#endif ++#ifndef __attr_dealloc_free + # define __attr_dealloc_free + #endif + // Warn unused result +diff --git a/lib/libaudit.h b/lib/libaudit.h +index 2c51853b7..cce5dc493 100644 +--- a/lib/libaudit.h ++++ b/lib/libaudit.h +@@ -43,6 +43,8 @@ + // malloc and free assignments + #ifndef __attr_dealloc + # define __attr_dealloc(dealloc, argno) ++#endif ++#ifndef __attr_dealloc_free + # define __attr_dealloc_free + #endif + #ifndef __attribute_malloc__ diff --git a/pkgs/by-name/au/audit/package.nix b/pkgs/by-name/au/audit/package.nix index 62732842d66a8..0f8f600251daf 100644 --- a/pkgs/by-name/au/audit/package.nix +++ b/pkgs/by-name/au/audit/package.nix @@ -2,7 +2,6 @@ lib, stdenv, fetchFromGitHub, - fetchpatch, autoreconfHook, bash, buildPackages, @@ -21,31 +20,18 @@ }: stdenv.mkDerivation (finalAttrs: { pname = "audit"; - version = "4.0.5"; + version = "4.1.0"; src = fetchFromGitHub { owner = "linux-audit"; repo = "audit-userspace"; tag = "v${finalAttrs.version}"; - hash = "sha256-SgMt1MmcH7r7O6bmJCetRg3IdoZXAXjVJyeu0HRfyf8="; + hash = "sha256-MWlHaGue7Ca8ks34KNg74n4Rfj8ivqAhLOJHeyE2Q04="; }; patches = [ - # nix configures most stuff by symlinks, e.g. in /etc - # thus, for plugins to be picked up, symlinks must be allowed - # https://github.com/linux-audit/audit-userspace/pull/467 - (fetchpatch { - url = "https://github.com/linux-audit/audit-userspace/pull/467/commits/dbefc642b3bd0cafe599fcd18c6c88cb672397ee.patch?full_index=1"; - hash = "sha256-Ksn/qKBQYFAjvs1OVuWhgWCdf4Bdp9/a+MrhyJAT+Bw="; - }) - (fetchpatch { - url = "https://github.com/linux-audit/audit-userspace/pull/467/commits/50094f56fefc0b9033ef65e8c4f108ed52ef5de5.patch?full_index=1"; - hash = "sha256-CJKDLdlpsCd+bG6j5agcnxY1+vMCImHwHGN6BXURa4c="; - }) - (fetchpatch { - url = "https://github.com/linux-audit/audit-userspace/pull/467/commits/5e75091abd297807b71b3cfe54345c2ef223939a.patch?full_index=1"; - hash = "sha256-LPpO4PH/3MyCJq2xhmhhcnFeK3yh7LK6Mjypuvhacu4="; - }) + # https://github.com/linux-audit/audit-userspace/pull/476 + ./musl.patch ]; postPatch = '' @@ -54,6 +40,10 @@ stdenv.mkDerivation (finalAttrs: { "${linuxHeaders}/include/linux/audit.h" ''; + # https://github.com/linux-audit/audit-userspace/issues/474 + # building databuf_test fails otherwise, as that uses hidden symbols only available in the static builds + dontDisableStatic = true; + outputs = [ "bin" "lib"