From 893186f4fd4c1e697b2bc38aa8f268f236d5ea02 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Mon, 18 Apr 2016 17:08:53 +0200 Subject: [PATCH 1/4] kernel-headers: mark broken for grsecurity kernels Extracting headers from a grsecurity patched kernel triggers additional build steps that require gcc plugins. For this to work, we'd need to add gmp, libmpfr, and libmpc to the build inputs as well as run `make prepare` before installing the headers (lest the build fail due to missing files). Out-of-tree modules use kernel.dev and user space should use the Linux API headers used to build libc, not headers extracted from random kernels, so fixing this for grsecurity is pointless. --- pkgs/os-specific/linux/kernel-headers/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index a33d24fc847..da9f3009474 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -1,5 +1,7 @@ { stdenv, kernel, perl }: +assert (!(kernel.features.grsecurity or false)); + let baseBuildFlags = [ "INSTALL_HDR_PATH=$(out)" "headers_install" ]; in stdenv.mkDerivation { From 002f5e24b48d047e67a79470b777bd10fa64a6c7 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Mon, 18 Apr 2016 17:05:40 +0200 Subject: [PATCH 2/4] linuxPackages.klibc: use linuxHeaders klibc was the only user of kernelHeaders; it should use the Linux API headers, however. --- pkgs/os-specific/linux/klibc/default.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pkgs/os-specific/linux/klibc/default.nix b/pkgs/os-specific/linux/klibc/default.nix index b948dbff2c1..a4c7f644be1 100644 --- a/pkgs/os-specific/linux/klibc/default.nix +++ b/pkgs/os-specific/linux/klibc/default.nix @@ -1,16 +1,15 @@ -{ stdenv, fetchurl, kernelHeaders, kernel, perl }: +{ stdenv, fetchurl, linuxHeaders, perl }: let - version = "2.0.4"; - commonMakeFlags = [ "prefix=$(out)" "SHLIBDIR=$(out)/lib" ]; in -stdenv.mkDerivation { - name = "klibc-${version}-${kernel.version}"; +stdenv.mkDerivation rec { + name = "klibc-${version}"; + version = "2.0.4"; src = fetchurl { url = "mirror://kernel/linux/libs/klibc/2.0/klibc-${version}.tar.xz"; @@ -23,13 +22,13 @@ stdenv.mkDerivation { makeFlags = commonMakeFlags ++ [ "KLIBCARCH=${stdenv.platform.kernelArch}" - "KLIBCKERNELSRC=${kernelHeaders}" + "KLIBCKERNELSRC=${linuxHeaders}" ] ++ stdenv.lib.optional (stdenv.platform.kernelArch == "arm") "CONFIG_AEABI=y"; crossAttrs = { makeFlags = commonMakeFlags ++ [ "KLIBCARCH=${stdenv.cross.platform.kernelArch}" - "KLIBCKERNELSRC=${kernelHeaders.crossDrv}" + "KLIBCKERNELSRC=${linuxHeaders.crossDrv}" "CROSS_COMPILE=${stdenv.cross.config}-" ] ++ stdenv.lib.optional (stdenv.cross.platform.kernelArch == "arm") "CONFIG_AEABI=y"; }; @@ -41,7 +40,7 @@ stdenv.mkDerivation { cp $(find $(find . -name static) -type f ! -name "*.g" -a ! -name ".*") $dir/ cp usr/dash/sh $dir/ - for file in ${kernelHeaders}/include/*; do + for file in ${linuxHeaders}/include/*; do ln -sv $file $out/lib/klibc/include done ''; From faf63d15249f7eaed676a8fa097c3e734e61249d Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Mon, 18 Apr 2016 23:09:06 +0200 Subject: [PATCH 3/4] linuxPackages: move klibc to top-level There's no reason for this to be tied to a specific kernel: it is tied to the API headers, not the kernel sources. --- pkgs/top-level/all-packages.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 632468903e9..a6ba3e97830 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10421,6 +10421,10 @@ in kernelPatches = callPackage ../os-specific/linux/kernel/patches.nix { }; + klibc = callPackage ../os-specific/linux/klibc { }; + + klibcShrunk = lowPrio (callPackage ../os-specific/linux/klibc/shrunk.nix { }); + linux_mptcp = callPackage ../os-specific/linux/kernel/linux-mptcp.nix { kernelPatches = [ kernelPatches.bridge_stp_helper ] ++ lib.optionals ((platform.kernelArch or null) == "mips") @@ -10668,10 +10672,6 @@ in kernelHeaders = callPackage ../os-specific/linux/kernel-headers { }; - klibc = callPackage ../os-specific/linux/klibc { }; - - klibcShrunk = lowPrio (callPackage ../os-specific/linux/klibc/shrunk.nix { }); - jool = callPackage ../os-specific/linux/jool { }; mba6x_bl = callPackage ../os-specific/linux/mba6x_bl { }; From 1414f902708ecd979f2cf7f6fe46c3f4b650b594 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Mon, 18 Apr 2016 23:09:21 +0200 Subject: [PATCH 4/4] linuxPackages: remove kernelHeaders User-space programs should not be using headers extracted from random kernels, but should in fact use the headers that were used to build libc; see e.g., this LKML posting by Linus Torvalds on the subject of Linux API headers at [1]. What is more, the Linux API headers are supposed to be backwards compatible[2], so there's really no good reason to have more than one such package, namely the latest one required by a package in our tree. That is, `kernelHeaders` is not only incorrect but serves no real purpose: out-of-tree modules use the sources provided by `kernel.dev`; user space should use `stdenv.cc.libc.linuxHeaders` or the top-level `linuxHeaders` attribute. Apart from klibc, nothing in nixpkgs used `linuxPackages.kernelHeaders`, so the impact of this change is minimal. [1]: http://lkml.iu.edu/hypermail/linux/kernel/0007.3/0587.html [2]: https://www.kernel.org/doc/Documentation/kbuild/headers_install.txt --- pkgs/top-level/all-packages.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a6ba3e97830..264c67cf0b3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10670,8 +10670,6 @@ in facetimehd = callPackage ../os-specific/linux/facetimehd { }; - kernelHeaders = callPackage ../os-specific/linux/kernel-headers { }; - jool = callPackage ../os-specific/linux/jool { }; mba6x_bl = callPackage ../os-specific/linux/mba6x_bl { };