public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable fortify and stackprotector hardening for spl/zfs.

Browse Source 
Linux 4.16 introduces a stackprotector detection script that returns
different results for the kernel compilation run and the spl/zfs
compilation run, as the setting for hardening are different. This
results in a broken ABI between spl/zfs and the compiled kernel,
breaking ZFS. Also disabling the fortify and stackprotector hardening,
as we do for the kernel, fixes that.
This commit is contained in:
Clemens Fruhwirth 2018-06-23 14:39:13 +02:00 committed by Robin Gloster
parent 01847b7c5f
commit 43a737b81c
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/os-specific/linux/spl/default.nix
View File

@ -25,7 +25,7 @@ let
nativeBuildInputs = [ autoreconfHook ] ++ kernel.moduleBuildDependencies; nativeBuildInputs = [ autoreconfHook ] ++ kernel.moduleBuildDependencies;
hardeningDisable = [ "pic" ]; hardeningDisable = [ "fortify" "stackprotector" "pic" ];
preConfigure = '' preConfigure = ''
substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid substituteInPlace ./module/spl/spl-generic.c --replace /usr/bin/hostid hostid

8
pkgs/os-specific/linux/zfs/default.nix
View File

@ -61,7 +61,7 @@ let
# for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
NIX_CFLAGS_LINK = "-lgcc_s"; NIX_CFLAGS_LINK = "-lgcc_s";
hardeningDisable = [ "pic" ]; hardeningDisable = [ "fortify" "stackprotector" "pic" ];
preConfigure = '' preConfigure = ''
substituteInPlace ./module/zfs/zfs_ctldir.c --replace "umount -t zfs" "${utillinux}/bin/umount -t zfs" substituteInPlace ./module/zfs/zfs_ctldir.c --replace "umount -t zfs" "${utillinux}/bin/umount -t zfs"
@ -157,7 +157,7 @@ in {
# to be adapted # to be adapted
zfsStable = common { zfsStable = common {
# comment/uncomment if breaking kernel versions are known # comment/uncomment if breaking kernel versions are known
incompatibleKernelVersion = "4.16"; incompatibleKernelVersion = null;
# this package should point to the latest release. # this package should point to the latest release.
version = "0.7.9"; version = "0.7.9";
@ -176,7 +176,7 @@ in {
zfsUnstable = common rec { zfsUnstable = common rec {
# comment/uncomment if breaking kernel versions are known # comment/uncomment if breaking kernel versions are known
incompatibleKernelVersion = "4.16"; incompatibleKernelVersion = null;
# this package should point to a version / git revision compatible with the latest kernel release # this package should point to a version / git revision compatible with the latest kernel release
version = "2018-05-22"; version = "2018-05-22";
@ -199,7 +199,7 @@ in {
# also remove boot.zfs.enableLegacyCrypto # also remove boot.zfs.enableLegacyCrypto
zfsLegacyCrypto = common { zfsLegacyCrypto = common {
# comment/uncomment if breaking kernel versions are known # comment/uncomment if breaking kernel versions are known
incompatibleKernelVersion = "4.16"; incompatibleKernelVersion = null;
# this package should point to a version / git revision compatible with the latest kernel release # this package should point to a version / git revision compatible with the latest kernel release
version = "2018-02-01"; version = "2018-02-01";