diff options
author | tg(x) <*@tg-x.net> | 2016-02-27 19:33:35 +0100 |
---|---|---|
committer | tg(x) <*@tg-x.net> | 2016-02-27 19:33:35 +0100 |
commit | 75f353ffbdbd5345005e6231a93dd1eae95f6785 (patch) | |
tree | a243ef226077f54a0dd64a12fa26e0cc02069265 /pkgs | |
parent | 75479605463a0319fa6af0dcd64c833138d38198 (diff) | |
download | nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.tar nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.tar.gz nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.tar.bz2 nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.tar.lz nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.tar.xz nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.tar.zst nixlib-75f353ffbdbd5345005e6231a93dd1eae95f6785.zip |
grsecurity: decouple from mainline
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-grsecurity-3.14.nix | 19 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix | 19 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 8 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 18 |
4 files changed, 61 insertions, 3 deletions
diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity-3.14.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity-3.14.nix new file mode 100644 index 000000000000..a67a91b4d0c4 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-grsecurity-3.14.nix @@ -0,0 +1,19 @@ +{ stdenv, fetchurl, perl, buildLinux, ... } @ args: + +import ./generic.nix (args // rec { + version = "3.14.51"; + extraMeta.branch = "3.14"; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; + sha256 = "1gqsd69cqijff4c4br4ydmcjl226d0yy6vrmgfvy16xiraavq1mk"; + }; + + kernelPatches = args.kernelPatches; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix new file mode 100644 index 000000000000..dff91095549c --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix @@ -0,0 +1,19 @@ +{ stdenv, fetchurl, perl, buildLinux, ... } @ args: + +import ./generic.nix (args // rec { + version = "4.4.2"; + extraMeta.branch = "4.4"; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "09l6y0nb8yv7l16arfwhy4i5h9pkxcbd7hlbw0015n7gm4i2mzc2"; + }; + + kernelPatches = args.kernelPatches; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 3e745d9f2b55..8ff83b2d7ee4 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -23,7 +23,9 @@ let { name = "grsecurity-${grversion}-${kversion}"; inherit grversion kernel kversion revision; patch = fetchurl { - url = "https://github.com/slashbeast/grsecurity-scrape/blob/master/${branch}/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true"; + url = if branch == "stable" + then "https://github.com/kdave/grsecurity-patches/blob/master/grsecurity_patches/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true" + else "https://github.com/slashbeast/grsecurity-scrape/blob/master/${branch}/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true"; inherit sha256; }; features.grsecurity = true; @@ -81,7 +83,7 @@ rec { }; grsecurity_stable = grsecPatch - { kernel = pkgs.linux_3_14; + { kernel = pkgs.linux_grsecurity_3_14; kversion = "3.14.51"; revision = "201508181951"; branch = "stable"; @@ -89,7 +91,7 @@ rec { }; grsecurity_testing = grsecPatch - { kernel = pkgs.linux_4_4; + { kernel = pkgs.linux_grsecurity_4_4; kversion = "4.4.2"; revision = "201602182048"; branch = "test"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 22dbfc41f438..d45c78d67a75 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10407,6 +10407,24 @@ let to EC2, where Xen is the Hypervisor. */ + linux_grsecurity_3_14 = callPackage ../os-specific/linux/kernel/linux-grsecurity-3.14.nix { + kernelPatches = [ kernelPatches.bridge_stp_helper ] + ++ lib.optionals ((platform.kernelArch or null) == "mips") + [ kernelPatches.mips_fpureg_emu + kernelPatches.mips_fpu_sigill + kernelPatches.mips_ext3_n32 + ]; + }; + + linux_grsecurity_4_4 = callPackage ../os-specific/linux/kernel/linux-grsecurity-4.4.nix { + kernelPatches = [ kernelPatches.bridge_stp_helper ] + ++ lib.optionals ((platform.kernelArch or null) == "mips") + [ kernelPatches.mips_fpureg_emu + kernelPatches.mips_fpu_sigill + kernelPatches.mips_ext3_n32 + ]; + }; + grFlavors = import ../build-support/grsecurity/flavors.nix; mkGrsecurity = opts: |