| blob | 425775e9dd163be0d6a2cf41828cc10b9537aac8 |
1 # NOTE: Make sure to (re-)format this file on changes with `nixpkgs-fmt`!
3 { stdenv
4 , lib
5 , nixosTests
6 , pkgsCross
7 , testers
8 , fetchFromGitHub
9 , fetchzip
10 , fetchpatch2
11 , buildPackages
12 , makeBinaryWrapper
13 , ninja
14 , meson
15 , m4
16 , pkg-config
17 , coreutils
18 , gperf
19 , getent
20 , glibcLocales
21 , autoPatchelfHook
23 # glib is only used during tests (test-bus-gvariant, test-bus-marshal)
24 , glib
25 , gettext
26 , python3Packages
28 # Mandatory dependencies
29 , libcap
30 , util-linux
31 , kbd
32 , kmod
33 , libxcrypt
35 # Optional dependencies
36 , pam
37 , cryptsetup
38 , audit
39 , acl
40 , lz4
41 , libgcrypt
42 , libgpg-error
43 , libidn2
44 , curl
45 , gnutar
46 , gnupg
47 , zlib
48 , xz
49 , zstd
50 , tpm2-tss
51 , libuuid
52 , libapparmor
53 , intltool
54 , bzip2
55 , pcre2
56 , elfutils
57 , linuxHeaders ? stdenv.cc.libc.linuxHeaders
58 , gnutls
59 , iptables
60 , withSelinux ? false
61 , libselinux
62 , withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp
63 , libseccomp
64 , withKexectools ? lib.meta.availableOn stdenv.hostPlatform kexec-tools
65 , kexec-tools
66 , bashInteractive
67 , bash
68 , libmicrohttpd
69 , libfido2
70 , p11-kit
71 , libpwquality
72 , qrencode
73 , libarchive
74 , llvmPackages
76 # the (optional) BPF feature requires bpftool, libbpf, clang and llvm-strip to
77 # be available during build time.
78 # Only libbpf should be a runtime dependency.
79 # Note: llvmPackages is explicitly taken from buildPackages instead of relying
80 # on splicing. Splicing will evaluate the adjacent (pkgsHostTarget) llvmPackages
81 # which is sometimes problematic: llvmPackages.clang looks at targetPackages.stdenv.cc
82 # which, in the unfortunate case of pkgsCross.ghcjs, `throw`s. If we
83 # explicitly take buildPackages.llvmPackages, this is no problem because
84 # `buildPackages.targetPackages.stdenv.cc == stdenv.cc` relative to
85 # us. Working around this is important, because systemd is in the dependency
86 # closure of GHC via emscripten and jdk.
87 , bpftools
88 , libbpf
90 # Needed to produce a ukify that works for cross compiling UKIs.
91 , targetPackages
93 , withAcl ? true
94 , withAnalyze ? true
95 , withApparmor ? true
96 , withAudit ? true
97 # compiles systemd-boot, assumes EFI is available.
98 , withBootloader ? withEfi
99 && !stdenv.hostPlatform.isMusl
100 # "Unknown 64-bit data model"
101 && !stdenv.hostPlatform.isRiscV32
102 # adds bzip2, lz4, xz and zstd
103 , withCompression ? true
104 , withCoredump ? true
105 , withCryptsetup ? true
106 , withRepart ? true
107 , withDocumentation ? true
108 , withEfi ? stdenv.hostPlatform.isEfi
109 , withFido2 ? true
110 # conflicts with the NixOS /etc management
111 , withFirstboot ? false
112 , withHomed ? !stdenv.hostPlatform.isMusl
113 , withHostnamed ? true
114 , withHwdb ? true
115 , withImportd ? !stdenv.hostPlatform.isMusl
116 , withIptables ? true
117 , withKmod ? true
118 , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0"
119 # assumes hard floats
120 && (stdenv.hostPlatform.isAarch -> lib.versionAtLeast stdenv.hostPlatform.parsed.cpu.version "6")
121 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211
122 && !stdenv.hostPlatform.isMips64
123 # can't find gnu/stubs-32.h
124 && (stdenv.hostPlatform.isPower64 -> stdenv.hostPlatform.isBigEndian)
125 # https://reviews.llvm.org/D43106#1019077
126 && (stdenv.hostPlatform.isRiscV32 -> stdenv.cc.isClang)
127 # buildPackages.targetPackages.llvmPackages is the same as llvmPackages,
128 # but we do it this way to avoid taking llvmPackages as an input, and
129 # risking making it too easy to ignore the above comment about llvmPackages.
130 && lib.meta.availableOn stdenv.hostPlatform buildPackages.targetPackages.llvmPackages.compiler-rt
131 , withLibidn2 ? true
132 , withLocaled ? true
133 , withLogind ? true
134 , withMachined ? true
135 , withNetworkd ? true
136 , withNss ? !stdenv.hostPlatform.isMusl
137 , withOomd ? true
138 , withPam ? true
139 , withPasswordQuality ? true
140 , withPCRE2 ? true
141 , withPolkit ? true
142 , withPortabled ? !stdenv.hostPlatform.isMusl
143 , withQrencode ? true
144 , withRemote ? !stdenv.hostPlatform.isMusl
145 , withResolved ? true
146 , withShellCompletions ? true
147 , withSysusers ? true
148 , withSysupdate ? true
149 , withTimedated ? true
150 , withTimesyncd ? true
151 , withTpm2Tss ? true
152 # adds python to closure which is too much by default
153 , withUkify ? false
154 , withUserDb ? true
155 , withUtmp ? !stdenv.hostPlatform.isMusl
156 , withVmspawn ? true
157 # kernel-install shouldn't usually be used on NixOS, but can be useful, e.g. for
158 # building disk images for non-NixOS systems. To save users from trying to use it
159 # on their live NixOS system, we disable it by default.
160 , withKernelInstall ? false
161 , withLibarchive ? true
162 # tests assume too much system access for them to be feasible for us right now
163 , withTests ? false
164 # build only libudev and libsystemd
165 , buildLibsOnly ? false
167 # yes, pname is an argument here
168 , pname ? "systemd"
170 , libxslt
171 , docbook_xsl
172 , docbook_xml_dtd_42
173 , docbook_xml_dtd_45
174 , withLogTrace ? false
175 }:
177 assert withImportd -> withCompression;
178 assert withCoredump -> withCompression;
179 assert withHomed -> withCryptsetup;
180 assert withHomed -> withPam;
181 assert withUkify -> (withEfi && withBootloader);
182 assert withRepart -> withCryptsetup;
183 assert withBootloader -> withEfi;
185 let
186 wantCurl = withRemote || withImportd;
187 wantGcrypt = withResolved || withImportd;
188 version = "256.8";
190 # Use the command below to update `releaseTimestamp` on every (major) version
191 # change. More details in the commentary at mesonFlags.
192 # command:
193 # $ curl -s https://api.github.com/repos/systemd/systemd/releases/latest | \
194 # jq '.created_at|strptime("%Y-%m-%dT%H:%M:%SZ")|mktime'
195 releaseTimestamp = "1720202583";
196 in
197 stdenv.mkDerivation (finalAttrs: {
198 inherit pname version;
200 # We use systemd/systemd-stable for src, and ship NixOS-specific patches inside nixpkgs directly
201 # This has proven to be less error-prone than the previous systemd fork.
202 src = fetchFromGitHub {
203 owner = "systemd";
204 repo = "systemd";
205 rev = "v${version}";
206 hash = "sha256-L/MCsCCMVvK7LgxlaLFpnmsJuTu33cPaiMxIpHU7Tzg=";
207 };
209 # On major changes, or when otherwise required, you *must* :
210 # 1. reformat the patches,
211 # 2. `git am path/to/00*.patch` them into a systemd worktree,
212 # 3. rebase to the more recent systemd version,
213 # 4. and export the patches again via
214 # `git -c format.signoff=false format-patch v${version} --no-numbered --zero-commit --no-signature`.
215 # Use `find . -name "*.patch" | sort` to get an up-to-date listing of all
216 # patches
217 patches = [
218 ./0001-Start-device-units-for-uninitialised-encrypted-devic.patch
219 ./0002-Don-t-try-to-unmount-nix-or-nix-store.patch
220 ./0003-Fix-NixOS-containers.patch
221 ./0004-Add-some-NixOS-specific-unit-directories.patch
222 ./0005-Get-rid-of-a-useless-message-in-user-sessions.patch
223 ./0006-hostnamed-localed-timedated-disable-methods-that-cha.patch
224 ./0007-Change-usr-share-zoneinfo-to-etc-zoneinfo.patch
225 ./0008-localectl-use-etc-X11-xkb-for-list-x11.patch
226 ./0009-add-rootprefix-to-lookup-dir-paths.patch
227 ./0010-systemd-shutdown-execute-scripts-in-etc-systemd-syst.patch
228 ./0011-systemd-sleep-execute-scripts-in-etc-systemd-system-.patch
229 ./0012-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch
230 ./0013-inherit-systemd-environment-when-calling-generators.patch
231 ./0014-core-don-t-taint-on-unmerged-usr.patch
232 ./0015-tpm2_context_init-fix-driver-name-checking.patch
233 ./0016-systemctl-edit-suggest-systemdctl-edit-runtime-on-sy.patch
234 ./0017-meson.build-do-not-create-systemdstatedir.patch
236 # https://github.com/systemd/systemd/issues/33392
237 (fetchpatch2 {
238 url = "https://github.com/systemd/systemd/commit/f8b02a56febf14adf2474875a1b6625f1f346a6f.patch?full_index=1";
239 hash = "sha256-qRW92gPtACjk+ifptkw5mujhHlkCF56M3azGIjLiMKE=";
240 revert = true;
241 })
242 ] ++ lib.optional (stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isGnu) [
243 ./0018-timesyncd-disable-NSCD-when-DNSSEC-validation-is-dis.patch
244 ] ++ lib.optional stdenv.hostPlatform.isMusl (
245 let
246 oe-core = fetchzip {
247 url = "https://git.openembedded.org/openembedded-core/snapshot/openembedded-core-89b75b46371d5e9172cb496b461824d8551a2af5.tar.gz";
248 hash = "sha256-etdIIdo3FezVafEYP5uAS9pO36Rdea2A+Da1P44cPXg=";
249 };
250 musl-patches = oe-core + "/meta/recipes-core/systemd/systemd";
251 in
252 [
253 (musl-patches + "/0004-missing_type.h-add-comparison_fn_t.patch")
254 (musl-patches + "/0005-add-fallback-parse_printf_format-implementation.patch")
255 (musl-patches + "/0006-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch")
256 (musl-patches + "/0007-add-missing-FTW_-macros-for-musl.patch")
257 (musl-patches + "/0008-Use-uintmax_t-for-handling-rlim_t.patch")
258 (musl-patches + "/0009-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch")
259 (musl-patches + "/0010-Define-glibc-compatible-basename-for-non-glibc-syste.patch")
260 (musl-patches + "/0011-Do-not-disable-buffering-when-writing-to-oom_score_a.patch")
261 (musl-patches + "/0012-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch")
262 (musl-patches + "/0013-avoid-redefinition-of-prctl_mm_map-structure.patch")
263 (musl-patches + "/0014-do-not-disable-buffer-in-writing-files.patch")
264 (musl-patches + "/0015-Handle-__cpu_mask-usage.patch")
265 (musl-patches + "/0016-Handle-missing-gshadow.patch")
266 (musl-patches + "/0017-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch")
267 (musl-patches + "/0018-pass-correct-parameters-to-getdents64.patch")
268 (musl-patches + "/0019-Adjust-for-musl-headers.patch")
269 (musl-patches + "/0020-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch")
270 (musl-patches + "/0021-errno-util-Make-STRERROR-portable-for-musl.patch")
271 (musl-patches + "/0022-sd-event-Make-malloc_trim-conditional-on-glibc.patch")
272 (musl-patches + "/0023-shared-Do-not-use-malloc_info-on-musl.patch")
273 (musl-patches + "/0024-avoid-missing-LOCK_EX-declaration.patch")
274 (musl-patches + "/0025-include-signal.h-to-avoid-the-undeclared-error.patch")
275 (musl-patches + "/0026-undef-stdin-for-references-using-stdin-as-a-struct-m.patch")
276 (musl-patches + "/0027-adjust-header-inclusion-order-to-avoid-redeclaration.patch")
277 (musl-patches + "/0028-build-path.c-avoid-boot-time-segfault-for-musl.patch")
278 ]
279 );
281 postPatch = ''
282 substituteInPlace src/basic/path-util.h --replace "@defaultPathNormal@" "${placeholder "out"}/bin/"
283 '' + lib.optionalString withLibBPF ''
284 substituteInPlace meson.build \
285 --replace "find_program('clang'" "find_program('${stdenv.cc.targetPrefix}clang'"
286 '' + lib.optionalString withUkify ''
287 substituteInPlace src/ukify/ukify.py \
288 --replace \
289 "'readelf'" \
290 "'${targetPackages.stdenv.cc.bintools.targetPrefix}readelf'" \
291 --replace \
292 "/usr/lib/systemd/boot/efi" \
293 "$out/lib/systemd/boot/efi"
294 ''
295 # Finally, patch shebangs in scripts used at build time. This must not patch
296 # scripts that will end up in the output, to avoid build platform references
297 # when cross-compiling.
298 + ''
299 shopt -s extglob
300 patchShebangs tools test src/!(rpm|kernel-install|ukify) src/kernel-install/test-kernel-install.sh
301 '';
303 outputs = [ "out" "dev" ] ++ (lib.optional (!buildLibsOnly) "man");
304 separateDebugInfo = true;
306 hardeningDisable = [
307 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111523
308 "trivialautovarinit"
309 # breaks clang -target bpf; should be fixed to filter target?
310 ] ++ (lib.optionals withLibBPF ["zerocallusedregs" "shadowstack"]);
312 nativeBuildInputs =
313 [
314 pkg-config
315 makeBinaryWrapper
316 gperf
317 ninja
318 meson
319 glibcLocales
320 getent
321 m4
322 autoPatchelfHook
324 intltool
325 gettext
327 libxslt
328 docbook_xsl
329 docbook_xml_dtd_42
330 docbook_xml_dtd_45
331 bash
332 (buildPackages.python3Packages.python.withPackages (ps: with ps; [ lxml jinja2 ] ++ lib.optional withEfi ps.pyelftools))
333 ]
334 ++ lib.optionals withLibBPF [
335 bpftools
336 buildPackages.llvmPackages.clang
337 buildPackages.llvmPackages.libllvm
338 ]
339 ;
341 autoPatchelfFlags = [ "--keep-libc" ];
343 buildInputs =
344 [
345 libxcrypt
346 libcap
347 libuuid
348 linuxHeaders
349 bashInteractive # for patch shebangs
350 ]
352 ++ lib.optionals wantGcrypt [ libgcrypt libgpg-error ]
353 ++ lib.optional withTests glib
354 ++ lib.optional withAcl acl
355 ++ lib.optional withApparmor libapparmor
356 ++ lib.optional withAudit audit
357 ++ lib.optional wantCurl (lib.getDev curl)
358 ++ lib.optionals withCompression [ zlib bzip2 lz4 xz zstd ]
359 ++ lib.optional withCoredump elfutils
360 ++ lib.optional withCryptsetup (lib.getDev cryptsetup.dev)
361 ++ lib.optional withKexectools kexec-tools
362 ++ lib.optional withKmod kmod
363 ++ lib.optional withLibidn2 libidn2
364 ++ lib.optional withLibseccomp libseccomp
365 ++ lib.optional withIptables iptables
366 ++ lib.optional withPam pam
367 ++ lib.optional withPCRE2 pcre2
368 ++ lib.optional withSelinux libselinux
369 ++ lib.optionals withRemote [ libmicrohttpd gnutls ]
370 ++ lib.optionals (withHomed || withCryptsetup) [ p11-kit ]
371 ++ lib.optionals (withHomed || withCryptsetup) [ libfido2 ]
372 ++ lib.optionals withLibBPF [ libbpf ]
373 ++ lib.optional withTpm2Tss tpm2-tss
374 ++ lib.optional withUkify (python3Packages.python.withPackages (ps: with ps; [ pefile ]))
375 ++ lib.optionals withPasswordQuality [ libpwquality ]
376 ++ lib.optionals withQrencode [ qrencode ]
377 ++ lib.optionals withLibarchive [ libarchive ]
378 ++ lib.optional (withBootloader && stdenv.targetPlatform.useLLVM or false) (llvmPackages.compiler-rt.override {
379 doFakeLibgcc = true;
380 })
381 ;
383 mesonBuildType = "release";
385 mesonFlags = [
386 # Options
388 # We bump this attribute on every (major) version change to ensure that we
389 # have known-good value for a timestamp that is in the (not so distant)
390 # past. This serves as a lower bound for valid system timestamps during
391 # startup. Systemd will reset the system timestamp if this date is +- 15
392 # years from the system time.
393 # See the systemd v250 release notes for further details:
394 # https://github.com/systemd/systemd/blob/60e930fc3e6eb8a36fbc184773119eb8d2f30364/NEWS#L258-L266
395 (lib.mesonOption "time-epoch" releaseTimestamp)
397 (lib.mesonOption "version-tag" version)
398 (lib.mesonOption "mode" "release")
399 (lib.mesonOption "tty-gid" "3") # tty in NixOS has gid 3
400 (lib.mesonOption "debug-shell" "${bashInteractive}/bin/bash")
401 (lib.mesonOption "pamconfdir" "${placeholder "out"}/etc/pam.d")
402 (lib.mesonOption "kmod-path" "${kmod}/bin/kmod")
404 # Attempts to check /usr/sbin and that fails in macOS sandbox because
405 # permission is denied. If /usr/sbin is not a symlink, it defaults to true.
406 # We set it to false since stdenv moves sbin/* to bin and creates a symlink,
407 # that is, we do not have split bin.
408 (lib.mesonOption "split-bin" "false")
410 # D-Bus
411 (lib.mesonOption "dbuspolicydir" "${placeholder "out"}/share/dbus-1/system.d")
412 (lib.mesonOption "dbussessionservicedir" "${placeholder "out"}/share/dbus-1/services")
413 (lib.mesonOption "dbussystemservicedir" "${placeholder "out"}/share/dbus-1/system-services")
415 # pkgconfig
416 (lib.mesonOption "pkgconfiglibdir" "${placeholder "dev"}/lib/pkgconfig")
417 (lib.mesonOption "pkgconfigdatadir" "${placeholder "dev"}/share/pkgconfig")
419 # Keyboard
420 (lib.mesonOption "loadkeys-path" "${kbd}/bin/loadkeys")
421 (lib.mesonOption "setfont-path" "${kbd}/bin/setfont")
423 # SBAT
424 (lib.mesonOption "sbat-distro" "nixos")
425 (lib.mesonOption "sbat-distro-summary" "NixOS")
426 (lib.mesonOption "sbat-distro-url" "https://nixos.org/")
427 (lib.mesonOption "sbat-distro-pkgname" pname)
428 (lib.mesonOption "sbat-distro-version" version)
430 # Users
431 (lib.mesonOption "system-uid-max" "999")
432 (lib.mesonOption "system-gid-max" "999")
434 # SysVinit
435 (lib.mesonOption "sysvinit-path" "")
436 (lib.mesonOption "sysvrcnd-path" "")
438 # Login
439 (lib.mesonOption "sulogin-path" "${util-linux.login}/bin/sulogin")
440 (lib.mesonOption "nologin-path" "${util-linux.login}/bin/nologin")
442 # Mount
443 (lib.mesonOption "mount-path" "${lib.getOutput "mount" util-linux}/bin/mount")
444 (lib.mesonOption "umount-path" "${lib.getOutput "mount" util-linux}/bin/umount")
446 # SSH
447 # Disabled for now until someone makes this work.
448 (lib.mesonOption "sshconfdir" "no")
449 (lib.mesonOption "sshdconfdir" "no")
452 # Features
454 # Tests
455 (lib.mesonBool "tests" withTests)
456 (lib.mesonEnable "glib" withTests)
457 (lib.mesonEnable "dbus" withTests)
459 # Compression
460 (lib.mesonEnable "bzip2" withCompression)
461 (lib.mesonEnable "lz4" withCompression)
462 (lib.mesonEnable "xz" withCompression)
463 (lib.mesonEnable "zstd" withCompression)
464 (lib.mesonEnable "zlib" withCompression)
466 # NSS
467 (lib.mesonEnable "nss-mymachines" (withNss && withMachined))
468 (lib.mesonEnable "nss-resolve" withNss)
469 (lib.mesonBool "nss-myhostname" withNss)
470 (lib.mesonBool "nss-systemd" withNss)
472 # Cryptsetup
473 (lib.mesonEnable "libcryptsetup" withCryptsetup)
474 (lib.mesonEnable "libcryptsetup-plugins" withCryptsetup)
475 (lib.mesonEnable "p11kit" (withHomed || withCryptsetup))
477 # FIDO2
478 (lib.mesonEnable "libfido2" withFido2)
479 (lib.mesonEnable "openssl" (withHomed || withFido2 || withSysupdate))
481 # Password Quality
482 (lib.mesonEnable "pwquality" withPasswordQuality)
483 (lib.mesonEnable "passwdqc" false)
485 # Remote
486 (lib.mesonEnable "remote" withRemote)
487 (lib.mesonEnable "microhttpd" withRemote)
489 (lib.mesonEnable "pam" withPam)
490 (lib.mesonEnable "acl" withAcl)
491 (lib.mesonEnable "audit" withAudit)
492 (lib.mesonEnable "apparmor" withApparmor)
493 (lib.mesonEnable "gcrypt" wantGcrypt)
494 (lib.mesonEnable "importd" withImportd)
495 (lib.mesonEnable "homed" withHomed)
496 (lib.mesonEnable "polkit" withPolkit)
497 (lib.mesonEnable "elfutils" withCoredump)
498 (lib.mesonEnable "libcurl" wantCurl)
499 (lib.mesonEnable "libidn" false)
500 (lib.mesonEnable "libidn2" withLibidn2)
501 (lib.mesonEnable "libiptc" withIptables)
502 (lib.mesonEnable "repart" withRepart)
503 (lib.mesonEnable "sysupdate" withSysupdate)
504 (lib.mesonEnable "seccomp" withLibseccomp)
505 (lib.mesonEnable "selinux" withSelinux)
506 (lib.mesonEnable "tpm2" withTpm2Tss)
507 (lib.mesonEnable "pcre2" withPCRE2)
508 (lib.mesonEnable "bpf-framework" withLibBPF)
509 (lib.mesonEnable "bootloader" withBootloader)
510 (lib.mesonEnable "ukify" withUkify)
511 (lib.mesonEnable "kmod" withKmod)
512 (lib.mesonEnable "qrencode" withQrencode)
513 (lib.mesonEnable "vmspawn" withVmspawn)
514 (lib.mesonEnable "libarchive" withLibarchive)
515 (lib.mesonEnable "xenctrl" false)
516 (lib.mesonEnable "gnutls" false)
517 (lib.mesonEnable "xkbcommon" false)
518 (lib.mesonEnable "man" true)
520 (lib.mesonBool "analyze" withAnalyze)
521 (lib.mesonBool "logind" withLogind)
522 (lib.mesonBool "localed" withLocaled)
523 (lib.mesonBool "hostnamed" withHostnamed)
524 (lib.mesonBool "machined" withMachined)
525 (lib.mesonBool "networkd" withNetworkd)
526 (lib.mesonBool "oomd" withOomd)
527 (lib.mesonBool "portabled" withPortabled)
528 (lib.mesonBool "hwdb" withHwdb)
529 (lib.mesonBool "timedated" withTimedated)
530 (lib.mesonBool "timesyncd" withTimesyncd)
531 (lib.mesonBool "userdb" withUserDb)
532 (lib.mesonBool "coredump" withCoredump)
533 (lib.mesonBool "firstboot" withFirstboot)
534 (lib.mesonBool "resolve" withResolved)
535 (lib.mesonBool "sysusers" withSysusers)
536 (lib.mesonBool "efi" withEfi)
537 (lib.mesonBool "utmp" withUtmp)
538 (lib.mesonBool "log-trace" withLogTrace)
539 (lib.mesonBool "kernel-install" withKernelInstall)
540 (lib.mesonBool "quotacheck" false)
541 (lib.mesonBool "ldconfig" false)
542 (lib.mesonBool "install-sysconfdir" false)
543 (lib.mesonBool "create-log-dirs" false)
544 (lib.mesonBool "smack" true)
545 (lib.mesonBool "b_pie" true)
547 ] ++ lib.optionals (withShellCompletions == false) [
548 (lib.mesonOption "bashcompletiondir" "no")
549 (lib.mesonOption "zshcompletiondir" "no")
550 ] ++ lib.optionals stdenv.hostPlatform.isMusl [
551 (lib.mesonBool "gshadow" false)
552 (lib.mesonBool "idn" false)
553 ];
554 preConfigure =
555 let
556 # A list of all the runtime binaries referenced by the source code (plus
557 # scripts and unit files) of systemd executables, tests and libraries.
558 # As soon as a dependency is lo longer required we should remove it from
559 # the list.
560 # The `where` attribute for each of the replacement patterns must be
561 # exhaustive. If another (unhandled) case is found in the source code the
562 # build fails with an error message.
563 binaryReplacements = [
564 {
565 search = "/usr/bin/getent";
566 replacement = "${getent}/bin/getent";
567 where = [ "src/nspawn/nspawn-setuid.c" ];
568 }
569 {
570 search = "/sbin/mkswap";
571 replacement = "${lib.getBin util-linux}/sbin/mkswap";
572 where = [
573 "man/systemd-makefs@.service.xml"
574 ];
575 }
576 {
577 search = "/sbin/swapon";
578 replacement = "${lib.getOutput "swap" util-linux}/sbin/swapon";
579 where = [
580 "src/core/swap.c"
581 "src/basic/unit-def.h"
582 ];
583 }
584 {
585 search = "/sbin/swapoff";
586 replacement = "${lib.getOutput "swap" util-linux}/sbin/swapoff";
587 where = [ "src/core/swap.c" ];
588 }
589 {
590 search = "/bin/echo";
591 replacement = "${coreutils}/bin/echo";
592 where = [
593 "man/systemd-analyze.xml"
594 "man/systemd.service.xml"
595 "man/systemd-run.xml"
596 "src/analyze/test-verify.c"
597 "src/test/test-env-file.c"
598 "src/test/test-fileio.c"
599 "src/test/test-load-fragment.c"
600 ];
601 }
602 {
603 search = "/bin/cat";
604 replacement = "${coreutils}/bin/cat";
605 where = [
606 "test/test-execute/exec-noexecpaths-simple.service"
607 "src/journal/cat.c"
608 ];
609 }
610 {
611 search = "/usr/lib/systemd/systemd-fsck";
612 replacement = "$out/lib/systemd/systemd-fsck";
613 where = [ "man/systemd-fsck@.service.xml" ];
614 }
615 ] ++ lib.optionals withImportd [
616 {
617 search = "\"gpg\"";
618 replacement = "\\\"${gnupg}/bin/gpg\\\"";
619 where = [ "src/import/pull-common.c" ];
620 }
621 {
622 search = "\"tar\"";
623 replacement = "\\\"${gnutar}/bin/tar\\\"";
624 where = [
625 "src/import/export-tar.c"
626 "src/import/import-common.c"
627 "src/import/import-tar.c"
628 ];
629 ignore = [
630 # occurrences here refer to the tar sub command
631 "src/sysupdate/sysupdate-resource.c"
632 "src/sysupdate/sysupdate-transfer.c"
633 "src/import/pull.c"
634 "src/import/export.c"
635 "src/import/import.c"
636 "src/import/importd.c"
637 # runs `tar` but also also creates a temporary directory with the string
638 "src/import/pull-tar.c"
639 ];
640 }
641 ] ++ lib.optionals withKmod [
642 {
643 search = "/sbin/modprobe";
644 replacement = "${lib.getBin kmod}/sbin/modprobe";
645 where = [ "units/modprobe@.service" ];
646 }
647 ];
649 # { replacement, search, where, ignore } -> List[str]
650 mkSubstitute = { replacement, search, where, ignore ? [ ] }:
651 map (path: "substituteInPlace ${path} --replace '${search}' \"${replacement}\"") where;
652 mkEnsureSubstituted = { replacement, search, where, ignore ? [ ] }:
653 let
654 ignore' = lib.concatStringsSep "|" (ignore ++ [ "^test" "NEWS" ]);
655 in
656 ''
657 set +e
658 search=$(grep '${search}' -r | grep -v "${replacement}" | grep -Ev "${ignore'}")
659 set -e
660 if [[ -n "$search" ]]; then
661 echo "Not all references to '${search}' have been replaced. Found the following matches:"
662 echo "$search"
663 exit 1
664 fi
665 '';
666 in
667 ''
668 mesonFlagsArray+=(-Dntp-servers="0.nixos.pool.ntp.org 1.nixos.pool.ntp.org 2.nixos.pool.ntp.org 3.nixos.pool.ntp.org")
669 export LC_ALL="en_US.UTF-8";
671 ${lib.concatStringsSep "\n" (lib.flatten (map mkSubstitute binaryReplacements))}
672 ${lib.concatMapStringsSep "\n" mkEnsureSubstituted binaryReplacements}
674 substituteInPlace src/libsystemd/sd-journal/catalog.c \
675 --replace /usr/lib/systemd/catalog/ $out/lib/systemd/catalog/
677 substituteInPlace src/import/pull-tar.c \
678 --replace 'wait_for_terminate_and_check("tar"' 'wait_for_terminate_and_check("${gnutar}/bin/tar"'
679 '';
681 # These defines are overridden by CFLAGS and would trigger annoying
682 # warning messages
683 postConfigure = ''
684 substituteInPlace config.h \
685 --replace "POLKIT_AGENT_BINARY_PATH" "_POLKIT_AGENT_BINARY_PATH" \
686 --replace "SYSTEMD_BINARY_PATH" "_SYSTEMD_BINARY_PATH" \
687 --replace "SYSTEMD_CGROUP_AGENTS_PATH" "_SYSTEMD_CGROUP_AGENT_PATH"
688 '';
690 env.NIX_CFLAGS_COMPILE = toString ([
691 # Can't say ${polkit.bin}/bin/pkttyagent here because that would
692 # lead to a cyclic dependency.
693 "-UPOLKIT_AGENT_BINARY_PATH"
694 "-DPOLKIT_AGENT_BINARY_PATH=\"/run/current-system/sw/bin/pkttyagent\""
696 # Set the release_agent on /sys/fs/cgroup/systemd to the
697 # currently running systemd (/run/current-system/systemd) so
698 # that we don't use an obsolete/garbage-collected release agent.
699 "-USYSTEMD_CGROUP_AGENTS_PATH"
700 "-DSYSTEMD_CGROUP_AGENTS_PATH=\"/run/current-system/systemd/lib/systemd/systemd-cgroups-agent\""
702 "-USYSTEMD_BINARY_PATH"
703 "-DSYSTEMD_BINARY_PATH=\"/run/current-system/systemd/lib/systemd/systemd\""
705 ] ++ lib.optionals stdenv.hostPlatform.isMusl [
706 "-D__UAPI_DEF_ETHHDR=0"
707 ]);
709 doCheck = false; # fails a bunch of tests
711 # trigger the test -n "$DESTDIR" || mutate in upstreams build system
712 preInstall = ''
713 export DESTDIR=/
714 '';
716 mesonInstallTags = lib.optionals buildLibsOnly [ "devel" "libudev" "libsystemd" ];
718 postInstall = lib.optionalString (!buildLibsOnly) ''
719 mkdir -p $out/example/systemd
720 mv $out/lib/{binfmt.d,sysctl.d,tmpfiles.d} $out/example
721 mv $out/lib/systemd/{system,user} $out/example/systemd
723 rm -rf $out/etc/systemd/system
725 # Fix reference to /bin/false in the D-Bus services.
726 for i in $out/share/dbus-1/system-services/*.service; do
727 substituteInPlace $i --replace /bin/false ${coreutils}/bin/false
728 done
730 # For compatibility with dependents that use sbin instead of bin.
731 ln -s bin "$out/sbin"
733 rm -rf $out/etc/rpm
734 '' + lib.optionalString (!withKernelInstall) ''
735 # "kernel-install" shouldn't be used on NixOS.
736 find $out -name "*kernel-install*" -exec rm {} \;
737 '' + lib.optionalString (!withDocumentation) ''
738 rm -rf $out/share/doc
739 '' + lib.optionalString (withKmod && !buildLibsOnly) ''
740 mv $out/lib/modules-load.d $out/example
741 '' + lib.optionalString withSysusers ''
742 mv $out/lib/sysusers.d $out/example
743 '';
745 # Avoid *.EFI binary stripping.
746 # At least on aarch64-linux strip removes too much from PE32+ files:
747 # https://github.com/NixOS/nixpkgs/issues/169693
748 # The hack is to move EFI file out of lib/ before doStrip run and return it
749 # after doStrip run.
750 preFixup = lib.optionalString withBootloader ''
751 mv $out/lib/systemd/boot/efi $out/dont-strip-me
752 '';
754 # Wrap in the correct path for LUKS2 tokens.
755 postFixup = lib.optionalString withCryptsetup ''
756 for f in bin/systemd-cryptsetup bin/systemd-cryptenroll; do
757 # This needs to be in LD_LIBRARY_PATH because rpath on a binary is not propagated to libraries using dlopen, in this case `libcryptsetup.so`
758 wrapProgram $out/$f --prefix LD_LIBRARY_PATH : ${placeholder "out"}/lib/cryptsetup
759 done
760 '' + lib.optionalString withBootloader ''
761 mv $out/dont-strip-me $out/lib/systemd/boot/efi
762 '' + lib.optionalString withUkify ''
763 # To cross compile a derivation that builds a UKI with ukify, we need to wrap
764 # ukify with the correct binutils. When wrapping, no splicing happens so we
765 # have to explicitly pull binutils from targetPackages.
766 wrapProgram $out/bin/ukify --prefix PATH : ${lib.makeBinPath [ targetPackages.stdenv.cc.bintools ] }:${placeholder "out"}/lib/systemd
767 '';
769 disallowedReferences = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform)
770 # 'or p' is for manually specified buildPackages as they dont have __spliced
771 (builtins.map (p: p.__spliced.buildHost or p) finalAttrs.nativeBuildInputs);
773 passthru = {
774 # The `interfaceVersion` attribute below points out the incompatibilities
775 # between systemd versions. When the new systemd build is
776 # backwards-compatible with the previous one, then they can be switched at
777 # runtime (the reboot being optional in this case); otherwise, a reboot is
778 # needed - and therefore `interfaceVersion` should be incremented.
779 interfaceVersion = 2;
781 inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod
782 withLocaled withMachined withPortabled withTimedated withTpm2Tss withUtmp
783 util-linux kmod kbd;
785 tests = {
786 inherit (nixosTests)
787 switchTest
788 systemd-journal
789 systemd-journal-gateway
790 systemd-journal-upload;
791 cross =
792 let
793 systemString =
794 if stdenv.buildPlatform.isAarch64
795 then "gnu64"
796 else "aarch64-multiplatform";
797 in
798 pkgsCross.${systemString}.systemd;
799 pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
800 };
801 };
803 meta = {
804 homepage = "https://www.freedesktop.org/wiki/Software/systemd/";
805 description = "System and service manager for Linux";
806 longDescription = ''
807 systemd is a suite of basic building blocks for a Linux system. It
808 provides a system and service manager that runs as PID 1 and starts the
809 rest of the system. systemd provides aggressive parallelization
810 capabilities, uses socket and D-Bus activation for starting services,
811 offers on-demand starting of daemons, keeps track of processes using Linux
812 control groups, maintains mount and automount points, and implements an
813 elaborate transactional dependency-based service control logic. systemd
814 supports SysV and LSB init scripts and works as a replacement for
815 sysvinit. Other parts include a logging daemon, utilities to control basic
816 system configuration like the hostname, date, locale, maintain a list of
817 logged-in users and running containers and virtual machines, system
818 accounts, runtime directories and settings, and daemons to manage simple
819 network configuration, network time synchronization, log forwarding, and
820 name resolution.
821 '';
822 license = with lib.licenses; [
823 # Taken from https://raw.githubusercontent.com/systemd/systemd-stable/${finalAttrs.src.rev}/LICENSES/README.md
824 bsd2
825 bsd3
826 cc0
827 lgpl21Plus
828 lgpl2Plus
829 mit
830 mit0
831 ofl
832 publicDomain
833 ];
834 maintainers = with lib.maintainers; [ flokli kloenk ];
835 pkgConfigModules = [ "libsystemd" "libudev" "systemd" "udev" ];
836 # See src/basic/missing_syscall_def.h
837 platforms = with lib.platforms; lib.intersectLists linux
838 (aarch ++ x86 ++ loongarch64 ++ m68k ++ mips ++ power ++ riscv ++ s390);
839 priority = 10;
840 badPlatforms = [
841 # https://github.com/systemd/systemd/issues/20600#issuecomment-912338965
842 lib.systems.inspect.platformPatterns.isStatic
843 ];
844 };
845 })