public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

grsecurity: decouple from mainline

Browse Source
This commit is contained in:
tg(x) 2016-02-27 19:33:35 +01:00
parent 7547960546
commit 75f353ffbd
4 changed files with 61 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkgs/os-specific/linux/kernel/linux-grsecurity-3.14.nix Normal file
View File

@ -0,0 +1,19 @@
{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
version = "3.14.51";
extraMeta.branch = "3.14";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
sha256 = "1gqsd69cqijff4c4br4ydmcjl226d0yy6vrmgfvy16xiraavq1mk";
};
kernelPatches = args.kernelPatches;
features.iwlwifi = true;
features.efiBootStub = true;
features.needsCifsUtils = true;
features.canDisableNetfilterConntrackHelpers = true;
features.netfilterRPFilter = true;
} // (args.argsOverride or {}))

19
pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix Normal file
View File

@ -0,0 +1,19 @@
{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
import ./generic.nix (args // rec {
version = "4.4.2";
extraMeta.branch = "4.4";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "09l6y0nb8yv7l16arfwhy4i5h9pkxcbd7hlbw0015n7gm4i2mzc2";
};
kernelPatches = args.kernelPatches;
features.iwlwifi = true;
features.efiBootStub = true;
features.needsCifsUtils = true;
features.canDisableNetfilterConntrackHelpers = true;
features.netfilterRPFilter = true;
} // (args.argsOverride or {}))

8
pkgs/os-specific/linux/kernel/patches.nix
View File

@ -23,7 +23,9 @@ let
{ name = "grsecurity-${grversion}-${kversion}"; { name = "grsecurity-${grversion}-${kversion}";
inherit grversion kernel kversion revision; inherit grversion kernel kversion revision;
patch = fetchurl { patch = fetchurl {
url = "https://github.com/slashbeast/grsecurity-scrape/blob/master/${branch}/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true"; url = if branch == "stable"
then "https://github.com/kdave/grsecurity-patches/blob/master/grsecurity_patches/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true"
else "https://github.com/slashbeast/grsecurity-scrape/blob/master/${branch}/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true";
inherit sha256; inherit sha256;
}; };
features.grsecurity = true; features.grsecurity = true;
@ -81,7 +83,7 @@ rec {
}; };
grsecurity_stable = grsecPatch grsecurity_stable = grsecPatch
{ kernel = pkgs.linux_3_14; { kernel = pkgs.linux_grsecurity_3_14;
kversion = "3.14.51"; kversion = "3.14.51";
revision = "201508181951"; revision = "201508181951";
branch = "stable"; branch = "stable";
@ -89,7 +91,7 @@ rec {
}; };
grsecurity_testing = grsecPatch grsecurity_testing = grsecPatch
{ kernel = pkgs.linux_4_4; { kernel = pkgs.linux_grsecurity_4_4;
kversion = "4.4.2"; kversion = "4.4.2";
revision = "201602182048"; revision = "201602182048";
branch = "test"; branch = "test";

18
pkgs/top-level/all-packages.nix
View File

@ -10407,6 +10407,24 @@ let
to EC2, where Xen is the Hypervisor. to EC2, where Xen is the Hypervisor.
*/ */
linux_grsecurity_3_14 = callPackage ../os-specific/linux/kernel/linux-grsecurity-3.14.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper ]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
kernelPatches.mips_ext3_n32
];
};
linux_grsecurity_4_4 = callPackage ../os-specific/linux/kernel/linux-grsecurity-4.4.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper ]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
kernelPatches.mips_ext3_n32
];
};
grFlavors = import ../build-support/grsecurity/flavors.nix; grFlavors = import ../build-support/grsecurity/flavors.nix;
mkGrsecurity = opts: mkGrsecurity = opts: