diff options
| author | Joachim F <joachifm@users.noreply.github.com> | 2019-04-16 17:49:19 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-04-16 17:49:19 +0000 |
| commit | d7da5e2af2ddcde1aee2030f0264c4b596bd200f (patch) | |
| tree | ab080d5d99a156c4e4b9984374816c2358a07bc6 /pkgs/os-specific/linux | |
| parent | a165e6c672cab0049959914e9bad94834c2bda23 (diff) | |
| parent | 8769d2d58cb3ae0c0b66f5de6a4423109a2613e2 (diff) | |
| download | nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.tar nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.tar.gz nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.tar.bz2 nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.tar.lz nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.tar.xz nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.tar.zst nixlib-d7da5e2af2ddcde1aee2030f0264c4b596bd200f.zip | |
Merge pull request #53826 from delroth/randstruct-custom-seed
nixos: allow customizing the kernel RANDSTRUCT seed
Diffstat (limited to 'pkgs/os-specific/linux')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/generic.nix | 6 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/manual-config.nix | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index df9a628f83da..5a086612925d 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -33,6 +33,10 @@ # NixOS to implement kernel-specific behaviour. features ? {} +, # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is + # automatically extended with extra per-version and per-config values. + randstructSeed ? "" + , # A list of patches to apply to the kernel. Each element of this list # should be an attribute set {name, patch} where `name' is a # symbolic name and `patch' is the actual patch. The patch may @@ -162,7 +166,7 @@ let }; # end of configfile derivation kernel = (callPackage ./manual-config.nix {}) { - inherit version modDirVersion src kernelPatches stdenv extraMeta configfile; + inherit version modDirVersion src kernelPatches randstructSeed stdenv extraMeta configfile; config = { CONFIG_MODULES = "y"; CONFIG_FW_LOADER = "m"; }; }; diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 4b570c1fe940..1512f47ade40 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -30,6 +30,9 @@ in { # Manually specified nixexpr representing the config # If unspecified, this will be autodetected from the .config config ? stdenv.lib.optionalAttrs allowImportFromDerivation (readConfig configfile), + # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is + # automatically extended with extra per-version and per-config values. + randstructSeed ? "", # Use defaultMeta // extraMeta extraMeta ? {}, # Whether to utilize the controversial import-from-derivation feature to parse the config @@ -111,7 +114,7 @@ let if [ -f scripts/gcc-plugins/gen-random-seed.sh ]; then substituteInPlace scripts/gcc-plugins/gen-random-seed.sh \ --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') + $(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') fi ''; |