diff options
| author | Tim Steinbach <tim@nequissimus.com> | 2018-08-12 19:42:11 -0400 |
|---|---|---|
| committer | Tim Steinbach <tim@nequissimus.com> | 2018-08-12 19:42:31 -0400 |
| commit | 92369900575c581ce9e9d70f23d39cf08943ad2f (patch) | |
| tree | 9f9cb5a7852edb126515f7fc6ff67a4160fa6d38 | |
| parent | c9035c6e12e3ea532343d646a30361ca466e7e4b (diff) | |
| download | nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.gz nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.bz2 nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.lz nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.xz nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.zst nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.zip | |
linux: Init 4.18
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 25 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.18.nix | 18 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 13 |
3 files changed, 44 insertions, 12 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 7e277617b61a..309b5f6c74e8 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -103,16 +103,17 @@ PAGE_POISONING_ZERO y PANIC_ON_OOPS y PANIC_TIMEOUT -1 -GCC_PLUGINS y # Enable gcc plugin options +${optionalString (versionOlder version "4.18") '' + GCC_PLUGINS y # Enable gcc plugin options + # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. + GCC_PLUGIN_LATENT_ENTROPY y -# Gather additional entropy at boot time for systems that may not have appropriate entropy sources. -GCC_PLUGIN_LATENT_ENTROPY y - -${optionalString (versionAtLeast version "4.11") '' - GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin -''} -${optionalString (versionAtLeast version "4.14") '' - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address + ${optionalString (versionAtLeast version "4.11") '' + GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin + ''} + ${optionalString (versionAtLeast version "4.14") '' + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address + ''} ''} # Disable various dangerous settings @@ -121,8 +122,10 @@ PROC_KCORE n # Exposes kernel text image layout INET_DIAG n # Has been used for heap based attacks in the past # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. -CC_STACKPROTECTOR_REGULAR n -CC_STACKPROTECTOR_STRONG y +${optionalString (versionOlder version "4.18") '' + CC_STACKPROTECTOR_REGULAR n + CC_STACKPROTECTOR_STRONG y +''} # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE ${optionalString (versionAtLeast version "4.13") '' diff --git a/pkgs/os-specific/linux/kernel/linux-4.18.nix b/pkgs/os-specific/linux/kernel/linux-4.18.nix new file mode 100644 index 000000000000..4f183b696cc0 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-4.18.nix @@ -0,0 +1,18 @@ +{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: + +with stdenv.lib; + +buildLinux (args // rec { + version = "4.18"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; + + # branchVersion needs to be x.y + extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version))); + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "1wgay4k8wj08fc711j290fvi81x75yib8iaa6r7csc7mkvsbrn0r"; + }; +} // (args.argsOverride or {})) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3847fc55a99e..fce8a1f5b130 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -13863,6 +13863,16 @@ with pkgs; ]; }; + linux_4_18 = callPackage ../os-specific/linux/kernel/linux-4.18.nix { + kernelPatches = + [ kernelPatches.bridge_stp_helper + # See pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/README.md + # when adding a new linux version + # kernelPatches.cpu-cgroup-v2."4.11" + kernelPatches.modinst_arg_list_too_long + ]; + }; + linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix { kernelPatches = [ kernelPatches.bridge_stp_helper @@ -14056,7 +14066,7 @@ with pkgs; linux = linuxPackages.kernel; # Update this when adding the newest kernel major version! - linuxPackages_latest = linuxPackages_4_17; + linuxPackages_latest = linuxPackages_4_18; linux_latest = linuxPackages_latest.kernel; # Build the kernel modules for the some of the kernels. @@ -14067,6 +14077,7 @@ with pkgs; linuxPackages_4_9 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_9); linuxPackages_4_14 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_14); linuxPackages_4_17 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_17); + linuxPackages_4_18 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_18); # Don't forget to update linuxPackages_latest! # Intentionally lacks recurseIntoAttrs, as -rc kernels will quite likely break out-of-tree modules and cause failed Hydra builds. |