diff options
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/ell/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/hostapd/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/iwd/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-patches.json | 24 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libfabric/default.nix | 29 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libpsm2/default.nix | 42 | ||||
-rw-r--r-- | pkgs/os-specific/linux/wireguard/default.nix | 28 |
10 files changed, 115 insertions, 36 deletions
diff --git a/pkgs/os-specific/linux/ell/default.nix b/pkgs/os-specific/linux/ell/default.nix index 69c1f8de2ea9..cb971d452d61 100644 --- a/pkgs/os-specific/linux/ell/default.nix +++ b/pkgs/os-specific/linux/ell/default.nix @@ -7,14 +7,14 @@ stdenv.mkDerivation rec { pname = "ell"; - version = "0.30"; + version = "0.31"; outputs = [ "out" "dev" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/libs/${pname}/${pname}.git"; rev = version; - sha256 = "0kiglgc02a6hqi1nhnl4d8lxax8b1fljp50pvqswrnbh7pgb5676"; + sha256 = "1qlpc906xd78fzxvvj2kxi3aikgnw0c0h3x620s131apax4qrnqa"; }; patches = [ diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix index 869a394cefb4..8152655d457d 100644 --- a/pkgs/os-specific/linux/hostapd/default.nix +++ b/pkgs/os-specific/linux/hostapd/default.nix @@ -17,7 +17,13 @@ stdenv.mkDerivation rec { # Note: fetchurl seems to be unhappy with openwrt git # server's URLs containing semicolons. Using the github mirror instead. url = "https://raw.githubusercontent.com/openwrt/openwrt/master/package/network/services/hostapd/patches/300-noscan.patch"; - sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k";}) + sha256 = "04wg4yjc19wmwk6gia067z99gzzk9jacnwxh5wyia7k5wg71yj5k"; + }) + (fetchurl { + name = "CVE-2019-16275.patch"; + url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch"; + sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz"; + }) ]; outputs = [ "out" "man" ]; diff --git a/pkgs/os-specific/linux/iwd/default.nix b/pkgs/os-specific/linux/iwd/default.nix index 02bd83d9da63..be2a4ff3e56a 100644 --- a/pkgs/os-specific/linux/iwd/default.nix +++ b/pkgs/os-specific/linux/iwd/default.nix @@ -13,12 +13,12 @@ stdenv.mkDerivation rec { pname = "iwd"; - version = "1.6"; + version = "1.7"; src = fetchgit { url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git"; rev = version; - sha256 = "0c38c7a234cwdd5y1brq4w56xszs8zlp57rr3nvgp8z8djcy1qvx"; + sha256 = "1qi25qav1rv8gm5lbrip8ayq5vwynmyv2q4ar7bbmnjh6cglvyh2"; }; nativeBuildInputs = [ diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened-patches.json index eecb27cdb669..a87628dd7697 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened-patches.json @@ -1,18 +1,18 @@ { "4.14": { - "name": "linux-hardened-4.14.176.a.patch", - "sha256": "0pr3m2j63mc746fcbzg1hlwv85im9f87qkl6r4033gwnpa9brcgk", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.176.a/linux-hardened-4.14.176.a.patch" + "name": "linux-hardened-4.14.177.a.patch", + "sha256": "0wiapq4nj16m5ywnz0k7k0fr5hpw2gjy68mjlk6x866rf8vhndrq", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.177.a/linux-hardened-4.14.177.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.117.a.patch", - "sha256": "0c8dvh49nzypxwvsls10i896smvpdrk40x8ybljb3qk3r8j7niaw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.117.a/linux-hardened-4.19.117.a.patch" + "name": "linux-hardened-4.19.118.a.patch", + "sha256": "120lnn9j9zsx1kcq4frcjmj2vj39x0g1yxrrx9nax2yjrzp4wfdw", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.118.a/linux-hardened-4.19.118.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.34.a.patch", - "sha256": "1xwpqr9nzpjg837b3wnzb8fmrl2g9rz8gz5yb55vnnllbzbz36v6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.34.a/linux-hardened-5.4.34.a.patch" + "name": "linux-hardened-5.4.35.a.patch", + "sha256": "0vcqgrzns4d3z93mn8mv0sxkmj7ylbr8prff72c4ssvb0kd7agy9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.35.a/linux-hardened-5.4.35.a.patch" }, "5.5": { "name": "linux-hardened-5.5.19.a.patch", @@ -20,8 +20,8 @@ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.5.19.a/linux-hardened-5.5.19.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.6.a.patch", - "sha256": "0jiqh0frxirjbccgfdk007fca6r6n36n0pkqq4jszkckn59ayl7r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.6.a/linux-hardened-5.6.6.a.patch" + "name": "linux-hardened-5.6.7.a.patch", + "sha256": "1dnk9df4v2iw05vpn0s8q6b0ci2rzl2wiq77vhr40mpbg6p18fap", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.7.a/linux-hardened-5.6.7.a.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5d7337c27f67..6c5d86a0e69e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.176"; + version = "4.14.177"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "18jwxhf29ax54xnylmz9zfkslnxw7y3h215dbfmmvddfp9b0kbmw"; + sha256 = "04hq0i06mg2yc09jj2xk0vhf5q9yigzjzm55a5bvfy2a6j43r9rk"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index e99375ed62c4..d846a015477f 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.219"; + version = "4.4.220"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1mpxqb2m24ay4n9px4n2cyklxy4lhnv9q6wlvilx13rs5qfbb62f"; + sha256 = "1knj3qsl7x3fysdz1h0s980ddbafs3658z2y67w6sn79wp7d8blg"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 78c76d12ddc4..b05a3685c276 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.219"; + version = "4.9.220"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0i5wlyp11ss9p035bhq73xjx8iyk5dk4ynvd7msw5qfkrs6265vb"; + sha256 = "0bhbkybzbdsbmrjmb5m7hxxl8b3v6n79zhh86cbr95kzg1hcgnfs"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/libfabric/default.nix b/pkgs/os-specific/linux/libfabric/default.nix new file mode 100644 index 000000000000..6383832a7e73 --- /dev/null +++ b/pkgs/os-specific/linux/libfabric/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, pkgconfig, autoreconfHook, libpsm2 }: + +stdenv.mkDerivation rec { + pname = "libfabric"; + version = "1.10.0"; + + enableParallelBuilding = true; + + src = fetchFromGitHub { + owner = "ofiwg"; + repo = pname; + rev = "v${version}"; + sha256 = "0amgc5w7qg96r9a21jl92m6jzn4z2j3iyk7jf7kwyzfi4jhlkv89"; + }; + + nativeBuildInputs = [ pkgconfig autoreconfHook ] ; + + buildInputs = [ libpsm2 ] ; + + configureFlags = [ "--enable-psm2=${libpsm2}" ] ; + + meta = with stdenv.lib; { + homepage = "http://libfabric.org/"; + description = "Open Fabric Interfaces"; + license = with licenses; [ gpl2 bsd2 ]; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.bzizou ]; + }; +} diff --git a/pkgs/os-specific/linux/libpsm2/default.nix b/pkgs/os-specific/linux/libpsm2/default.nix new file mode 100644 index 000000000000..b9e41380da8c --- /dev/null +++ b/pkgs/os-specific/linux/libpsm2/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchFromGitHub, numactl, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "libpsm2"; + version = "11.2.156"; + ifs_version = "10_10_2_0_44"; + + preConfigure= '' + export UDEVDIR=$out/etc/udev + substituteInPlace ./Makefile --replace "udevrulesdir}" "prefix}/etc/udev"; + ''; + + enableParallelBuilding = true; + + buildInputs = [ numactl pkgconfig ]; + + installFlags = [ + "DESTDIR=$(out)" + "UDEVDIR=/etc/udev" + "LIBPSM2_COMPAT_CONF_DIR=/etc" + ]; + + src = fetchFromGitHub { + owner = "intel"; + repo = "opa-psm2"; + rev = "IFS_RELEASE_${ifs_version}"; + sha256 = "0ckrfzih1ga9yvximxjdh0z05kn9l858ykqiblv18w6ka3gra1xz"; + }; + + postInstall = '' + mv $out/usr/* $out + rmdir $out/usr + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/intel/opa-psm2"; + description = "The PSM2 library supports a number of fabric media and stacks"; + license = with licenses; [ gpl2 bsd3 ]; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.bzizou ]; + }; +} diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 890c774081bb..8c3f489753df 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchzip, kernel, perl, wireguard-tools }: +{ stdenv, fetchzip, kernel, perl, wireguard-tools, bc }: # module requires Linux >= 3.10 https://www.wireguard.io/install/#kernel-requirements assert stdenv.lib.versionAtLeast kernel.version "3.10"; @@ -7,29 +7,31 @@ assert stdenv.lib.versionOlder kernel.version "5.6"; stdenv.mkDerivation rec { pname = "wireguard"; - version = "1.0.20200401"; + version = "1.0.20200426"; src = fetchzip { url = "https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${version}.tar.xz"; - sha256 = "1q4gfpbvbyracnl219xqfz5yqfc08i6g41z6bn2skx5x8jbll3aq"; + sha256 = "0j343xk9qgmzn0j6kgvydfqjqslf2rv6r4ikfc59982xxny6f6l5"; }; - preConfigure = '' - cd src - sed -i '/depmod/,+1d' Makefile - ''; - hardeningDisable = [ "pic" ]; KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; - INSTALL_MOD_PATH = "\${out}"; - - NIX_CFLAGS = ["-Wno-error=cpp"]; - nativeBuildInputs = [ perl ] ++ kernel.moduleBuildDependencies; + nativeBuildInputs = [ perl bc ] ++ kernel.moduleBuildDependencies; + preBuild = "cd src"; buildFlags = [ "module" ]; - installTargets = [ "module-install" ]; + + INSTALL_MOD_PATH = placeholder "out"; + installFlags = [ "DEPMOD=true" ]; + enableParallelBuilding = true; + + passthru = { + # remove this when our kernel comes with native wireguard support + # and our tests no longer tests this package + inherit (wireguard-tools) tests; + }; meta = with stdenv.lib; { inherit (wireguard-tools.meta) homepage license maintainers; |