From 31fa2cd52bef42d670c569cb8951509c89c143b0 Mon Sep 17 00:00:00 2001 From: "Ricardo M. Correia" Date: Wed, 29 Jan 2014 19:06:45 +0100 Subject: [PATCH 1/2] grsecurity: Fix building grsec-3.x.0 kernels --- pkgs/os-specific/linux/kernel/linux-3.13.nix | 2 +- pkgs/os-specific/linux/kernel/linux-3.2.nix | 2 +- pkgs/top-level/all-packages.nix | 8 ++++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-3.13.nix b/pkgs/os-specific/linux/kernel/linux-3.13.nix index 637d2935c98..a5d816b2563 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.13.nix @@ -13,4 +13,4 @@ import ./generic.nix (args // rec { features.needsCifsUtils = true; features.canDisableNetfilterConntrackHelpers = true; features.netfilterRPFilter = true; -}) +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-3.2.nix b/pkgs/os-specific/linux/kernel/linux-3.2.nix index d7598b53b1b..c0006ed7348 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.2.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.2.nix @@ -9,4 +9,4 @@ import ./generic.nix (args // rec { }; features.iwlwifi = true; -}) +} // (args.argsOverride or {})) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 57a1933c7b2..c6f8fe8b8dd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6660,13 +6660,17 @@ let # config options you need (e.g. by overriding extraConfig). See list of options here: # https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options linux_3_2_grsecurity = lowPrio (lib.overrideDerivation (linux_3_2.override (args: { - modDirVersion = "${linux_3_2.version}-grsec"; kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_3_0_3_2_54 kernelPatches.grsec_path ]; + argsOverride = { + modDirVersion = "${linux_3_2.modDirVersion}-grsec"; + }; })) (args: grsecurityOverrider args)); linux_3_12_grsecurity = lowPrio (lib.overrideDerivation (linux_3_12.override (args: { - modDirVersion = "${linux_3_12.version}-grsec"; kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_3_0_3_12_8 kernelPatches.grsec_path ]; + argsOverride = { + modDirVersion = "${linux_3_12.modDirVersion}-grsec"; + }; })) (args: grsecurityOverrider args)); linux_3_2_apparmor = lowPrio (linux_3_2.override { From b31547654d7fd5fea0eadbae07fcae5c9dd60077 Mon Sep 17 00:00:00 2001 From: "Ricardo M. Correia" Date: Wed, 29 Jan 2014 14:52:18 +0100 Subject: [PATCH 2/2] grsecurity: Update stable and test patches stable: 3.0-3.2.54-201401191012 -> 3.0-3.2.54-201402062221 test: 3.0-3.12.8-201401191015 -> 3.0-3.13.2-201402062224 --- pkgs/os-specific/linux/kernel/patches.nix | 14 +++++++------- pkgs/top-level/all-packages.nix | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 8b658a6030e..5ade01014f9 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -81,22 +81,22 @@ rec { grsecurity_3_0_3_2_54 = { name = "grsecurity-3.0-3.2.54"; patch = fetchurl { - url = https://grsecurity.net/stable/grsecurity-3.0-3.2.54-201401191012.patch; - sha256 = "10kfdk46fgd1awys8f8520w7kanc4m0ckn28xg36473fi76i6snx"; + url = https://grsecurity.net/stable/grsecurity-3.0-3.2.54-201402062221.patch; + sha256 = "14x887xibl7d50a1pxmi0snnwcnh27z8bnidhxg2xfasxxp248m5"; }; features.grsecurity = true; # The grsec kernel patch seems to include the apparmor patches as of 3.0-3.2.54 features.apparmor = true; }; - grsecurity_3_0_3_12_8 = - { name = "grsecurity-3.0-3.12.8"; + grsecurity_3_0_3_13_2 = + { name = "grsecurity-3.0-3.13.2"; patch = fetchurl { - url = https://grsecurity.net/test/grsecurity-3.0-3.12.8-201401191015.patch; - sha256 = "0dy7daar873jp0afkf48l8ij1ii8cgcc9z5pn50h1fvhc9ap1j4f"; + url = https://grsecurity.net/test/grsecurity-3.0-3.13.2-201402062224.patch; + sha256 = "0w42d76bv7yzpr23bicsadf64csbmq988kmpzxg4yv5qwzhhbyh7"; }; features.grsecurity = true; - # The grsec kernel patch seems to include the apparmor patches as of 3.0-3.12.8 + # The grsec kernel patch seems to include the apparmor patches as of 3.0-3.13.2 features.apparmor = true; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c6f8fe8b8dd..fd24b251b48 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6666,10 +6666,10 @@ let }; })) (args: grsecurityOverrider args)); - linux_3_12_grsecurity = lowPrio (lib.overrideDerivation (linux_3_12.override (args: { - kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_3_0_3_12_8 kernelPatches.grsec_path ]; + linux_3_13_grsecurity = lowPrio (lib.overrideDerivation (linux_3_13.override (args: { + kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_3_0_3_13_2 kernelPatches.grsec_path ]; argsOverride = { - modDirVersion = "${linux_3_12.modDirVersion}-grsec"; + modDirVersion = "${linux_3_13.modDirVersion}-grsec"; }; })) (args: grsecurityOverrider args)); @@ -6854,7 +6854,7 @@ let linuxPackages_3_10_tuxonice = linuxPackagesFor pkgs.linux_3_10_tuxonice linuxPackages_3_10_tuxonice; linuxPackages_3_11 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_11 linuxPackages_3_11); linuxPackages_3_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_12 linuxPackages_3_12); - linuxPackages_3_12_grsecurity = linuxPackagesFor pkgs.linux_3_12_grsecurity linuxPackages_3_12_grsecurity; + linuxPackages_3_13_grsecurity = linuxPackagesFor pkgs.linux_3_13_grsecurity linuxPackages_3_13_grsecurity; linuxPackages_3_13 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_13 linuxPackages_3_13); # Update this when adding a new version! linuxPackages_latest = pkgs.linuxPackages_3_13;