diff options
| author | Tim Steinbach <tim@nequissimus.com> | 2018-08-12 19:42:11 -0400 |
|---|---|---|
| committer | Tim Steinbach <tim@nequissimus.com> | 2018-08-12 19:42:31 -0400 |
| commit | 92369900575c581ce9e9d70f23d39cf08943ad2f (patch) | |
| tree | 9f9cb5a7852edb126515f7fc6ff67a4160fa6d38 /pkgs/os-specific | |
| parent | c9035c6e12e3ea532343d646a30361ca466e7e4b (diff) | |
| download | nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.gz nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.bz2 nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.lz nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.xz nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.tar.zst nixlib-92369900575c581ce9e9d70f23d39cf08943ad2f.zip | |
linux: Init 4.18
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 25 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.18.nix | 18 |
2 files changed, 32 insertions, 11 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 7e277617b61a..309b5f6c74e8 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -103,16 +103,17 @@ PAGE_POISONING_ZERO y PANIC_ON_OOPS y PANIC_TIMEOUT -1 -GCC_PLUGINS y # Enable gcc plugin options +${optionalString (versionOlder version "4.18") '' + GCC_PLUGINS y # Enable gcc plugin options + # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. + GCC_PLUGIN_LATENT_ENTROPY y -# Gather additional entropy at boot time for systems that may not have appropriate entropy sources. -GCC_PLUGIN_LATENT_ENTROPY y - -${optionalString (versionAtLeast version "4.11") '' - GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin -''} -${optionalString (versionAtLeast version "4.14") '' - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address + ${optionalString (versionAtLeast version "4.11") '' + GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin + ''} + ${optionalString (versionAtLeast version "4.14") '' + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address + ''} ''} # Disable various dangerous settings @@ -121,8 +122,10 @@ PROC_KCORE n # Exposes kernel text image layout INET_DIAG n # Has been used for heap based attacks in the past # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. -CC_STACKPROTECTOR_REGULAR n -CC_STACKPROTECTOR_STRONG y +${optionalString (versionOlder version "4.18") '' + CC_STACKPROTECTOR_REGULAR n + CC_STACKPROTECTOR_STRONG y +''} # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE ${optionalString (versionAtLeast version "4.13") '' diff --git a/pkgs/os-specific/linux/kernel/linux-4.18.nix b/pkgs/os-specific/linux/kernel/linux-4.18.nix new file mode 100644 index 000000000000..4f183b696cc0 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-4.18.nix @@ -0,0 +1,18 @@ +{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: + +with stdenv.lib; + +buildLinux (args // rec { + version = "4.18"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; + + # branchVersion needs to be x.y + extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version))); + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "1wgay4k8wj08fc711j290fvi81x75yib8iaa6r7csc7mkvsbrn0r"; + }; +} // (args.argsOverride or {})) |