Daniel Lundin
323f5daf2b
Some checks are pending
ci/woodpecker/pr/ci Pipeline is pending
An experiment to see if we can minimize the PatOS project even further, and not have to adapt NixOS packages and config for our needs.
251 lines
6.3 KiB
Nix
251 lines
6.3 KiB
Nix
{
|
|
fetchFromGitHub,
|
|
lib,
|
|
pkgs,
|
|
stdenv,
|
|
...
|
|
}:
|
|
let
|
|
version = "257.3";
|
|
|
|
# Use the command below to update `releaseTimestamp` on every (major) version
|
|
# change. More details in the commentary at mesonFlags.
|
|
# command:
|
|
# $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \
|
|
# jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime'
|
|
releaseTimestamp = "1734643670";
|
|
|
|
pname = "systemd";
|
|
in
|
|
stdenv.mkDerivation (finalAttrs: {
|
|
inherit version;
|
|
|
|
pname = pname;
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "systemd";
|
|
repo = "systemd";
|
|
rev = "v${version}";
|
|
hash = "sha256-GvRn55grHWR6M+tA86RMzqinuXNpPZzRB4ApuGN/ZvU=";
|
|
};
|
|
|
|
nativeBuildInputs = with pkgs; [
|
|
pkg-config
|
|
makeBinaryWrapper
|
|
gperf
|
|
ninja
|
|
meson
|
|
glibcLocales
|
|
getent
|
|
m4
|
|
autoPatchelfHook
|
|
|
|
intltool
|
|
gettext
|
|
|
|
libxslt
|
|
docbook_xsl
|
|
docbook_xml_dtd_42
|
|
docbook_xml_dtd_45
|
|
bash
|
|
(buildPackages.python3Packages.python.withPackages (
|
|
ps: with ps; [
|
|
lxml
|
|
jinja2
|
|
ps.pyelftools
|
|
]
|
|
))
|
|
|
|
bpftools
|
|
buildPackages.llvmPackages.clang
|
|
buildPackages.llvmPackages.libllvm
|
|
];
|
|
|
|
autoPatchelfFlags = [ "--keep-libc" ];
|
|
|
|
hardeningDisable = [
|
|
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111523
|
|
"trivialautovarinit"
|
|
# breaks clang -target bpf; should be fixed to filter target?
|
|
"zerocallusedregs"
|
|
"shadowstack"
|
|
];
|
|
|
|
buildInputs = with pkgs; [
|
|
libxcrypt
|
|
libcap
|
|
libuuid
|
|
linuxHeaders
|
|
bashInteractive # for patch shebangs
|
|
libgcrypt
|
|
libgpg-error
|
|
openssl
|
|
acl
|
|
libapparmor
|
|
audit
|
|
zlib
|
|
bzip2
|
|
lz4
|
|
xz
|
|
zstd
|
|
elfutils
|
|
kexec-tools
|
|
kmod
|
|
libidn2
|
|
libseccomp
|
|
libselinux
|
|
iptables
|
|
p11-kit
|
|
libfido2
|
|
pam
|
|
pcre2
|
|
libbpf
|
|
tpm2-tss
|
|
qrencode
|
|
libarchive
|
|
(lib.getDev curl)
|
|
(lib.getDev cryptsetup.dev)
|
|
(python3Packages.python.withPackages (ps: with ps; [ pefile ]))
|
|
(llvmPackages.compiler-rt.override {
|
|
doFakeLibgcc = true;
|
|
})
|
|
];
|
|
|
|
mesonBuildType = "release";
|
|
|
|
mesonFlags = [
|
|
# Options
|
|
|
|
# We bump this attribute on every (major) version change to ensure that we
|
|
# have known-good value for a timestamp that is in the (not so distant)
|
|
# past. This serves as a lower bound for valid system timestamps during
|
|
# startup. Systemd will reset the system timestamp if this date is +- 15
|
|
# years from the system time.
|
|
# See the systemd v250 release notes for further details:
|
|
# https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266
|
|
(lib.mesonOption "time-epoch" releaseTimestamp)
|
|
|
|
(lib.mesonOption "version-tag" version)
|
|
(lib.mesonOption "mode" "release")
|
|
(lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3
|
|
|
|
# SBAT
|
|
(lib.mesonOption "sbat-distro" "patos")
|
|
(lib.mesonOption "sbat-distro-summary" "PatOS")
|
|
(lib.mesonOption "sbat-distro-url" "https://patagia.io/")
|
|
(lib.mesonOption "sbat-distro-pkgname" pname)
|
|
(lib.mesonOption "sbat-distro-version" version)
|
|
|
|
# Users
|
|
(lib.mesonOption "system-uid-max" "999")
|
|
(lib.mesonOption "system-gid-max" "999")
|
|
|
|
# SysVinit
|
|
(lib.mesonOption "sysvinit-path" "")
|
|
(lib.mesonOption "sysvrcnd-path" "")
|
|
|
|
# SSH
|
|
# Disabled for now until someone makes this work.
|
|
(lib.mesonOption "sshconfdir" "no")
|
|
(lib.mesonOption "sshdconfdir" "no")
|
|
|
|
# Features
|
|
|
|
# Tests
|
|
(lib.mesonBool "tests" false)
|
|
(lib.mesonEnable "glib" false)
|
|
(lib.mesonEnable "dbus" false)
|
|
|
|
# Compression
|
|
(lib.mesonEnable "bzip2" true)
|
|
(lib.mesonEnable "lz4" true)
|
|
(lib.mesonEnable "xz" true)
|
|
(lib.mesonEnable "zstd" true)
|
|
(lib.mesonEnable "zlib" true)
|
|
|
|
# NSS
|
|
(lib.mesonEnable "nss-resolve" true)
|
|
(lib.mesonBool "nss-myhostname" true)
|
|
(lib.mesonBool "nss-systemd" true)
|
|
|
|
# Cryptsetup
|
|
(lib.mesonEnable "libcryptsetup" true)
|
|
(lib.mesonEnable "libcryptsetup-plugins" true)
|
|
(lib.mesonEnable "p11kit" true)
|
|
|
|
# FIDO2
|
|
(lib.mesonEnable "libfido2" true)
|
|
(lib.mesonEnable "openssl" true)
|
|
|
|
# Password Quality
|
|
(lib.mesonEnable "pwquality" false)
|
|
(lib.mesonEnable "passwdqc" false)
|
|
|
|
# Remote
|
|
(lib.mesonEnable "remote" false)
|
|
(lib.mesonEnable "microhttpd" false)
|
|
|
|
(lib.mesonEnable "pam" true)
|
|
(lib.mesonEnable "acl" true)
|
|
(lib.mesonEnable "audit" true)
|
|
(lib.mesonEnable "apparmor" true)
|
|
(lib.mesonEnable "gcrypt" true)
|
|
(lib.mesonEnable "importd" true)
|
|
(lib.mesonEnable "homed" true)
|
|
(lib.mesonEnable "polkit" true)
|
|
(lib.mesonEnable "elfutils" true)
|
|
(lib.mesonEnable "libcurl" true)
|
|
(lib.mesonEnable "libidn" false)
|
|
(lib.mesonEnable "libidn2" true)
|
|
(lib.mesonEnable "libiptc" true)
|
|
(lib.mesonEnable "repart" true)
|
|
(lib.mesonEnable "sysupdate" true)
|
|
(lib.mesonEnable "seccomp" true)
|
|
(lib.mesonEnable "selinux" true)
|
|
(lib.mesonEnable "tpm2" true)
|
|
(lib.mesonEnable "pcre2" true)
|
|
(lib.mesonEnable "bpf-framework" true)
|
|
(lib.mesonEnable "bootloader" true)
|
|
(lib.mesonEnable "ukify" true)
|
|
(lib.mesonEnable "kmod" true)
|
|
(lib.mesonEnable "qrencode" true)
|
|
(lib.mesonEnable "vmspawn" true)
|
|
(lib.mesonEnable "libarchive" true)
|
|
(lib.mesonEnable "xenctrl" false)
|
|
(lib.mesonEnable "gnutls" false)
|
|
(lib.mesonEnable "xkbcommon" false)
|
|
(lib.mesonEnable "man" true)
|
|
|
|
(lib.mesonBool "analyze" true)
|
|
(lib.mesonBool "logind" true)
|
|
(lib.mesonBool "localed" true)
|
|
(lib.mesonBool "hostnamed" true)
|
|
(lib.mesonBool "machined" true)
|
|
(lib.mesonBool "networkd" true)
|
|
(lib.mesonBool "oomd" true)
|
|
(lib.mesonBool "portabled" true)
|
|
(lib.mesonBool "hwdb" true)
|
|
(lib.mesonBool "timedated" true)
|
|
(lib.mesonBool "timesyncd" true)
|
|
(lib.mesonBool "userdb" true)
|
|
(lib.mesonBool "coredump" true)
|
|
(lib.mesonBool "firstboot" true)
|
|
(lib.mesonBool "resolve" true)
|
|
(lib.mesonBool "sysusers" true)
|
|
(lib.mesonBool "efi" true)
|
|
(lib.mesonBool "utmp" true)
|
|
(lib.mesonBool "log-trace" true)
|
|
|
|
(lib.mesonBool "kernel-install" true)
|
|
(lib.mesonBool "quotacheck" false)
|
|
(lib.mesonBool "ldconfig" false)
|
|
(lib.mesonBool "install-sysconfdir" false)
|
|
(lib.mesonBool "create-log-dirs" false)
|
|
(lib.mesonBool "smack" true)
|
|
(lib.mesonBool "b_pie" true)
|
|
|
|
(lib.mesonOption "bashcompletiondir" "no")
|
|
(lib.mesonOption "zshcompletiondir" "no")
|
|
];
|
|
|
|
})
|