3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

337 commits

Author SHA1 Message Date
Nikolay Amiantov 285d64d2f0 kernel: add patch to fix btrfs deadlocks to affected kernels 2015-04-08 20:49:12 +03:00
Ricardo M. Correia 6566738b29 grsecurity: Update stable and test patches
stable: 3.1-3.14.37-201503270048 -> 3.1-3.14.37-201504051405
test:   3.1-3.19.3-201503270049  -> 3.1-3.19.3-201504021826
2015-04-06 18:26:05 +02:00
William A. Kennington III 304b3c077c kernel: 3.14.36 -> 3.14.37 2015-03-27 10:45:13 -07:00
William A. Kennington III ca12b0b304 kernel: 3.19.2 -> 3.19.3 2015-03-27 10:44:19 -07:00
Ricardo M. Correia 0f5a5cae76 grsecurity: Update test patch from 3.1-3.19.2-201503182219 -> 3.1-3.19.2-201503201903 2015-03-21 06:23:26 +01:00
William A. Kennington III 36ada70250 kernel: 3.14.35 -> 3.14.36 2015-03-20 14:21:39 -07:00
William A. Kennington III a7c32c8ea5 kernel: 3.19.1 -> 3.19.2 2015-03-20 14:19:49 -07:00
Eelco Dolstra cb7b0f3c1b Merge pull request #6898 from joachifm/redundant-params
kernelPatches: remove unused parameters
2015-03-19 15:31:03 +01:00
Joachim Fasting cd55b6b5bb kernelPatches: remove unused parameters 2015-03-19 14:08:16 +01:00
Ricardo M. Correia 7c8247a8c5 grsecurity: Update stable and test patches
stable: 3.1-3.14.35-201503071140 -> 3.1-3.14.35-201503092203
test:   3.1-3.18.9-201503071142  -> 3.1-3.19.1-201503122205
2015-03-15 03:49:58 +01:00
William A. Kennington III 6b666dca7c kernel: 3.14.34 -> 3.14.35 2015-03-08 14:58:46 -07:00
William A. Kennington III cf9d5ceda1 kernel: 3.18.8 -> 3.18.9 2015-03-08 14:57:44 -07:00
William A. Kennington III 24f25e6f9a kernel: 3.18.7 -> 3.18.8 2015-03-02 19:52:26 -08:00
William A. Kennington III 103f9820f6 kernel: 3.14.33 -> 3.14.34 2015-03-02 19:52:26 -08:00
Ricardo M. Correia e196cd5611 grsecurity: Update stable and test patches
stable: 3.0-3.14.33-201502200812 -> 3.1-3.14.33-201502222137
test:   3.0-3.18.7-201502200813  -> 3.1-3.18.7-201502222138
2015-02-23 18:38:13 +01:00
Ricardo M. Correia 50bf56fd09 grsecurity: Update stable and test patches
stable: 3.0-3.14.33-201502181906 -> 3.0-3.14.33-201502200812
test:   3.0-3.18.7-201502180834  -> 3.0-3.18.7-201502200813
2015-02-20 14:29:45 +01:00
Ricardo M. Correia 99eb8705cd grsecurity: Update stable patch from 3.0-3.14.33-201502180832 -> 3.0-3.14.33-201502181906 2015-02-19 04:47:44 +01:00
Ricardo M. Correia c5a7115721 grsecurity: Update stable and test patches
stable: 3.0-3.14.32-201502062101 -> 3.0-3.14.33-201502180832
test:   3.0-3.18.6-201502062100  -> 3.0-3.18.7-201502180834
2015-02-18 17:24:53 +01:00
Vladimír Čunát 57f2d329ac linux_3_{10,12,14}: fix upstream regression, fixes #6231
Some modules wouldn't load crc32c dependency due to module renaming.
2015-02-10 13:45:20 +01:00
William A. Kennington III c4d21cf1c4 kernel: 3.14.31 -> 3.14.32 2015-02-07 12:08:09 -08:00
William A. Kennington III f103b0f78b kernel: 3.18.5 -> 3.18.6 2015-02-07 12:07:17 -08:00
William A. Kennington III bbd6384f62 kernel: 3.14.29 -> 3.14.31 2015-01-31 18:55:09 -08:00
William A. Kennington III 8a2f7375d6 kernel: 3.18.3 -> 3.18.5 2015-01-31 18:54:59 -08:00
Ricardo M. Correia 23ffd6ad22 grsecurity: Update stable and test patches
stable: 3.0-3.14.29-201501182217 -> 3.0-3.14.29-201501211943
test:   3.0-3.18.3-201501182219  -> 3.0-3.18.3-201501211944
2015-01-22 05:39:01 +01:00
William A. Kennington III fb921695b6 kernel: Fix grsec patch for 3.18.3 2015-01-18 21:11:07 -08:00
William A. Kennington III 2c02b7caff kernel: 3.14.28 -> 3.14.29 2015-01-18 21:11:07 -08:00
Ricardo M. Correia 1f28bfa284 grsecurity: Update stable and test patches
stable: 3.0-3.14.28-201501120819 -> 3.0-3.14.28-201501142323
test:   3.0-3.18.2-201501120821  -> 3.0-3.18.2-201501142325
2015-01-16 02:47:12 +01:00
William A. Kennington III 1ec68e0d13 kernel: Fix path to stp bridge helper 2015-01-14 10:34:28 -08:00
William A. Kennington III 3d4b315d91 Revert "kernel: Add a patch to remove checks for bridge stp helpers"
This reverts commit f64c3ce18d.
2015-01-13 15:34:26 -08:00
William A. Kennington III f64c3ce18d kernel: Add a patch to remove checks for bridge stp helpers 2015-01-13 15:24:02 -08:00
Ricardo M. Correia 757071af5b grsecurity: Update stable and test patches
stable: 3.0-3.14.28-201501111421 -> 3.0-3.14.28-201501120819
test:   3.0-3.18.2-201501111422  -> 3.0-3.18.2-201501120821
2015-01-12 18:21:22 +01:00
William A. Kennington III 97783b87c0 kernel: 3.14.27 -> 3.14.28 2015-01-11 23:59:13 -08:00
William A. Kennington III 33651bb865 kernel: 3.18.1 -> 3.18.2 2015-01-11 23:58:19 -08:00
Ricardo M. Correia e90bfba2f6 grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412280859 -> 3.0-3.14.27-201501042018
test:   3.0-3.18.1-201412281149  -> 3.0-3.18.1-201501042021
2015-01-07 05:49:56 +01:00
Ricardo M. Correia 1d44322d53 grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test:   3.0-3.17.7-201412211910  -> 3.0-3.18.1-201412281149
2014-12-29 03:00:47 +01:00
Ricardo M. Correia a8e33da2dd grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412170659 -> 3.0-3.14.27-201412211908
test:   3.0-3.17.7-201412170700  -> 3.0-3.17.7-201412211910
2014-12-22 20:33:00 +01:00
William A. Kennington III 7e8c5b578a kernel: 3.14.26 -> 3.14.27 2014-12-17 14:36:38 -08:00
William A. Kennington III eea5383b48 kernel: 3.17.6 -> 3.17.7 2014-12-17 14:36:29 -08:00
William A. Kennington III 042f266e10 kernel: 3.14.25 -> 3.14.26 2014-12-08 23:24:50 -08:00
William A. Kennington III c8abfe37ab kernel: 3.17.4 -> 3.17.6 2014-12-08 23:23:42 -08:00
Ricardo M. Correia 7ce1cbed93 grsecurity: Update stable and test patches
stable: 3.0-3.14.25-201411260106 -> 3.0-3.14.25-201412040016
test:   3.0-3.17.4-201411260107  -> 3.0-3.17.4-201412040017
2014-12-05 18:26:21 +01:00
Ricardo M. Correia 6f31905563 grsecurity: Update stable and test patches
stable: 3.0-3.14.25-201411231452 -> 3.0-3.14.25-201411260106
test:   3.0-3.17.4-201411231452  -> 3.0-3.17.4-201411260107
2014-11-27 18:36:01 +01:00
Ricardo M. Correia c07f81ce89 grsecurity: Update stable and test patches
stable: 3.0-3.14.25-201411220954 -> 3.0-3.14.25-201411231452
test:   3.0-3.17.4-201411220955  -> 3.0-3.17.4-201411231452
2014-11-24 03:53:28 +01:00
William A. Kennington III d1493bc1ee kernel: 3.14.24 -> 3.14.25 2014-11-23 02:47:36 -08:00
Jonathan Rudenberg 30578e30d8 kernel: 3.17.3 -> 3.17.4 2014-11-22 16:50:16 -05:00
William A. Kennington III f4a27311b7 kernel: 3.14.23 -> 3.14.24 2014-11-14 23:03:54 -08:00
William A. Kennington III 0ef4ee5d06 kernel: 3.17.2 -> 3.17.3 2014-11-14 23:03:47 -08:00
Ricardo M. Correia c108ab47be grsecurity: Update stable and test patches
stable: 3.0-3.14.23-201411062033 -> 3.0-3.14.23-201411091053
test:   3.0-3.17.2-201411062034  -> 3.0-3.17.2-201411091054
2014-11-10 19:34:00 +01:00
Ricardo M. Correia 5701e40681 grsecurity: Update stable and test patches
stable: 3.0-3.14.23-201410312212 -> 3.0-3.14.23-201411062033
test:   3.0-3.17.2-201410312213  -> 3.0-3.17.2-201411062034
2014-11-09 02:47:54 +01:00
Ricardo M. Correia 268c72b92b grsecurity: Update stable and test patches
stable: 3.0-3.14.22-201410250026 -> 3.0-3.14.23-201410312212
test:   3.0-3.17.1-201410281754  -> 3.0-3.17.2-201410312213
2014-11-01 17:25:22 +01:00
Ricardo M. Correia a9170c0dba grsecurity: Update stable and test patches
stable: 3.0-3.14.22-201410192047 -> 3.0-3.14.22-201410250026
test:   3.0-3.17.1-201410192051  -> 3.0-3.17.1-201410281754
2014-10-30 12:47:36 +01:00
Alexander Kjeldaas 005bb796e6 Updated grsec. 2014-10-22 02:18:41 +02:00
Ricardo M. Correia c615793317 grsecurity: Update stable and test patches
stable: 3.0-3.14.19-201409282024 -> 3.0-3.14.20-201410062037
test:   3.0-3.16.3-201409282025  -> 3.0-3.16.4-201410062041
2014-10-07 16:55:49 +02:00
Ricardo M. Correia bbdc35d4dd grsecurity: Update stable and test patches
stable: 3.0-3.14.19-201409180900 -> 3.0-3.14.19-201409282024
test:   3.0-3.16.3-201409180901  -> 3.0-3.16.3-201409282025
2014-09-29 14:44:20 +02:00
Ricardo M. Correia cf61fa8013 grsecurity: Update stable and test patches
stable: 3.0-3.14.18-201409060013 -> 3.0-3.14.19-201409180900
test:   3.0-3.16.2-201409060014  -> 3.0-3.16.3-201409180901
2014-09-25 23:37:26 +02:00
Ricardo M. Correia 238a84ac78 grsecurity: Update stable and test patches
stable: 3.0-3.14.17-201408260041 -> 3.0-3.14.18-201409060013
test:   3.0-3.15.10-201408212335 -> 3.0-3.16.2-201409060014
2014-09-08 15:16:38 +02:00
Austin Seipp 2dc2699ca4 linux/grsec: updates
3.15.10 is EOL soon, but grsecurity/unstable hasn't moved to 3.16.x yet.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-08-27 15:14:19 -05:00
Ricardo M. Correia b50074929e grsecurity: Update stable and test patches
stable: 3.0-3.14.9-201406262057 -> 3.0-3.14.10-201407012152
test:   3.0-3.15.2-201406262058 -> 3.0-3.15.3-201407012153
2014-07-03 11:37:19 +02:00
Austin Seipp dd56bfbd00 kernel/grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-27 00:52:12 -05:00
Austin Seipp 0399c5ee24 grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
Austin Seipp b8ede68b25 kernel/grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-21 22:13:49 -05:00
Austin Seipp b43421221f kernel/grsec: updates; add mainline package for brave souls
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-05 06:06:19 -05:00
Austin Seipp cb894d4fc3 grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp 92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp 92f7781f00 kernel/grsecurity: stable/longterm/testing updates
kernels:

  - longterm: 3.4.87  -> 3.4.88
  - longterm: 3.10.37 -> 3.10.38
  - stable:   3.13.10 -> 3.13.11
  - stable:   3.14.1  -> 3.14.2

grsecurity:

  - test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907

NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
Ricardo M. Correia efae8ce543 grsecurity: Update all patches
stable:  3.0-3.2.57-201404182109            -> 3.0-3.2.57-201404241714
test:    3.0-3.14.1-201404201132            -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
2014-04-25 04:41:58 +02:00
Ricardo M. Correia 5d5ca7b260 grsecurity: Update all patches
stable:  3.0-3.2.57-201404131252            -> 3.0-3.2.57-201404182109
test:    3.0-3.13.10-201404141717           -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
Ricardo M. Correia 1b113178ee grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717 2014-04-15 00:16:29 +02:00
Austin Seipp 788d9a13fb grsecurity: stable/vserver/testing updates
- stable:  201404111812            -> 201404131252
 - vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
 - testing: 201404111815            -> 201404131254

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
Austin Seipp 172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Ricardo M. Correia 5dfc6584a5 grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758 2014-04-10 00:37:33 +02:00
Ricardo M. Correia 807fad571a grsecurity: Update stable and test patches
stable: 3.0-3.2.56-201404012135 -> 3.0-3.2.56-201404062126
test:   3.0-3.13.8-201404011912 -> 3.0-3.13.9-201404062127
2014-04-07 15:31:12 +02:00
Ricardo M. Correia 52d233af22 grsecurity: Update stable patch from 3.0-3.2.55-201403300851 -> 3.0-3.2.56-201404012135 2014-04-02 15:11:33 +02:00
Ricardo M. Correia 407a6857c6 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403252026 -> 3.0-3.2.55-201403300851
test:   3.0-3.13.7-201403252047 -> 3.0-3.13.8-201404011912
2014-04-02 02:16:59 +02:00
Ricardo M. Correia 911f332279 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403202347 -> 3.0-3.2.55-201403252026
test:   3.0-3.13.6-201403202349 -> 3.0-3.13.7-201403252047
2014-03-26 23:07:57 +00:00
Ricardo M. Correia 9db587bf7d grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403172027 -> 3.0-3.2.55-201403202347
test:   3.0-3.13.6-201403172032 -> 3.0-3.13.6-201403202349
2014-03-21 15:41:32 +01:00
Shea Levy e4961c63f7 Remove sec_perm patch that was needed by AUFS
Now the kernel is unpatched by default on non-MIPS!
2014-03-21 04:37:23 -04:00
Ricardo M. Correia cc69228119 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403142107 -> 3.0-3.2.55-201403172027
test:   3.0-3.13.6-201403142112 -> 3.0-3.13.6-201403172032
2014-03-18 16:51:25 +01:00
Ricardo M. Correia ceec014020 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403122114 -> 3.0-3.2.55-201403142107
test:   3.0-3.13.6-201403122116 -> 3.0-3.13.6-201403142112
2014-03-15 04:15:28 +01:00
Ricardo M. Correia 86b8cf954a grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403072107 -> 3.0-3.2.55-201403122114
test:   3.0-3.13.6-201403072241 -> 3.0-3.13.6-201403122116
2014-03-13 02:28:58 +01:00
Ricardo M. Correia d999872b8d grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403022154 -> 3.0-3.2.55-201403072107
test:   3.0-3.13.5-201403031445 -> 3.0-3.13.6-201403072241
2014-03-10 17:23:17 +01:00
Austin Seipp c4d5757e29 grsecurity updates
- stable:  3.0-3.2.55-201402241936 -> 3.0-3.2.55-201403022154
  - testing: 3.0-3.13.5-201402241943 -> 3.0-3.13.5-201403031445

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-04 01:13:22 +01:00
Ricardo M. Correia 69a83ba99f grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201402221305 -> 3.0-3.2.55-201402241936
test:   3.0-3.13.4-201402221308 -> 3.0-3.13.5-201402241943
2014-03-03 02:16:58 +01:00
Austin Seipp 7f4b97d495 grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402201903 -> 3.0-3.2.55-201402221305
 - testing: 3.0-3.13.4-201402201908 -> 3.0-3.13.4-201402221308

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 20:29:25 +01:00
Austin Seipp 18f65f3640 grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402192249 -> 3.0-3.2.55-201402201903
  - testing: 3.0-3.13.3-201402192252 -> 3.0-3.13.4-201402201908

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:16 -06:00
Austin Seipp 58e08a1a4f grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402152203 -> 3.0-3.2.55-201402192249
  - testing: 3.0-3.13.3-201402152204 -> 3.0-3.13.3-201402192252

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:53:19 -06:00
Austin Seipp c137015328 grsecurity updates.
- stable:  3.0-3.2.54-201402062221 -> 3.0-3.2.55-201402152203
  - testing: 3.0-3.13.3-201402132113 -> 3.0-3.13.3-201402152204

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-17 07:27:51 -06:00
Evgeny Egorochkin daa2827b99 grsecurity: update patch 2014-02-14 18:13:05 +02:00
Ricardo M. Correia b31547654d grsecurity: Update stable and test patches
stable: 3.0-3.2.54-201401191012 -> 3.0-3.2.54-201402062221
test:   3.0-3.12.8-201401191015 -> 3.0-3.13.2-201402062224
2014-02-08 16:16:58 +01:00
Ricardo M. Correia aeda8d63b9 grsecurity: Update stable and test patches
stable: 3.0-3.2.53-201312021727 -> 3.0-3.2.54-201401191012
test:   3.0-3.12.2-201312021733 -> 3.0-3.12.8-201401191015
2014-01-22 02:14:35 +01:00
Shea Levy a589bfae17 Update and fix kernel packages to new kernel build
In most cases, this just meant changing kernelDev (now removed from
linuxPackagesFor) to kernel.dev. Some packages needed more work (though
whether that was because of my changes or because they were already
broken, I'm not sure). Specifics:

* psmouse-alps builds on 3.4 but not 3.10, as noted in the comments that
  were already there
* blcr builds on 3.4 but not 3.10, as noted in comments that were
  already there
* open-iscsi, ati-drivers, wis-go7007, and openafsClient don't build on
  3.4 or 3.10 on this branch or on master, so they're marked broken
* A version-specific kernelHeaders package was added

The following packages were removed:

* atheros/madwifi is superceded by official ath*k modules
* aufs is no longer used by any of our kernels
* broadcom-sta v6 (which was already packaged) replaces broadcom-sta
* exmap has not been updated since 2011 and doesn't build
* iscis-target has not been updated since 2010 and doesn't build
* iwlwifi is part of mainline now and doesn't build
* nivida-x11-legacy-96 hasn't been updated since 2008 and doesn't build

Everything not specifically mentioned above builds successfully on 3.10.
I haven't yet tested on 3.4, but will before opening a pull request.

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-04 21:17:04 -05:00
Ricardo M. Correia 61adb5962c grsecurity: Update to 3.0-3.2.53-201312021727 and 3.0-3.12.2-201312021733 2013-12-04 15:28:21 +01:00
Ricardo M. Correia 2106191003 grsecurity: Fix module loading during boot due to path restrictions 2013-11-27 01:32:50 +01:00
Ricardo M. Correia 36955aa721 grsecurity: Update to 3.0-3.2.52-201311261307 and add patch for 3.12 2013-11-27 01:32:14 +01:00
Cillian de Róiste a34354ef81 TuxOnIce: Add a 3.10 linux kernel with the TuxOnIce hibernation patch 2013-11-23 17:21:19 +01:00
Shea Levy 504ea7662c Remove EOL'd kernels
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-11-01 11:10:05 -04:00
Ricardo M. Correia 57e9fd8bcf grsecurity: Update to 2.9.1-3.2.52-201310271550 2013-10-29 13:32:53 +01:00
Ricardo M. Correia d32636dac4 grsecurity: Update to 2.9.1-3.2.51-201309281102 2013-10-20 08:14:28 +03:00
Ricardo M. Correia 90a2341300 grsecurity: generate linuxPackages and declare that apparmor is included 2013-10-20 08:14:28 +03:00
Ricardo M. Correia 342fcfc82f grsecurity: Update to 2.9.1-3.2.51-201309101928 2013-09-13 05:13:25 +02:00
Mathijs Kwik 273689bcbd linux-3.10: remove the btrfs send patch
it helps, but is incomplete.
more fixes are coming, but including these would change too much
generic btrfs code, which might cause trouble for others.

so the best advice is not to use btrfs send yet and wait for 3.11 or 3.12
2013-08-19 07:04:18 +02:00
Evgeny Egorochkin 27dcd771c3 Merge pull request #802 from wizeman/kernel_update
Kernel update
2013-08-11 15:08:45 -07:00
Mathijs Kwik 59025453e7 linux-3.10: backport a fix for "btrfs send"
It has been submitted for inclusion in mainline, so it will probably
make it into 3.11 (or 3.12 as 3.11 is fairly close to release).

It is very local, only affecting people who use the "send" feature.
Without it, send is unstable/unsafe to use incrementally.

It can probably be applied to 3.9 and 3.8 as well, but as I only
tested it against 3.10, so I didn't bother.
2013-08-10 13:53:17 +02:00
Ricardo M. Correia 36c2711f8b linux: update grsecurity patch 2013-08-06 02:21:00 +00:00
Eelco Dolstra c564d012f8 Style fix 2013-08-01 01:40:41 +02:00
Eelco Dolstra b976e00ff2 linux: Remove obsolete AUFS 3.7 patch 2013-08-01 01:40:40 +02:00
Eelco Dolstra ff99631753 linux: Remove CIFS timeout patch
We longer use CIFS in the VM tests so we don't need this anymore.
2013-08-01 01:40:40 +02:00
Eelco Dolstra 956d71f843 linux: Remove some unused patches 2013-08-01 01:40:40 +02:00
Rob Vermaas af2a127551 Add linux 3.2.48 with grsecurity patches 2013-07-22 21:44:31 +02:00
Ricardo M. Correia 22689567ed apparmor: Update to kernel 3.4 series (the current default) 2013-07-22 18:03:26 +02:00
Mathijs Kwik e18f4eb50f apparmor patch: should have a name, broke nixpkgs tarball 2013-05-12 13:11:49 +02:00
Evgeny Egorochkin 8d7e1a79cc AppArmor: add a sample patched kernel. 2013-05-11 08:50:34 +03:00
Eelco Dolstra 916c1adb84 Delete all kernels older than 2.6.39
Systemd doesn't support those kernels, so there is no point in keeping
them around.
2013-03-27 23:00:02 +01:00
Shea Levy af26af6fc7 Remove EOL'd Linux 3.6 2013-02-14 14:33:42 -05:00
Shea Levy 0ad870eb5e Remove EOL'd Linux 3.5 2013-02-14 14:32:44 -05:00
Shea Levy c23084906b Remove EOL'd Linux 3.3 2013-02-14 14:30:31 -05:00
Shea Levy 0178a3b7b1 Remove EOL'd Linux 3.1 2013-02-14 14:28:53 -05:00
Mathijs Kwik caf561d41a aufs3: upgrade to 1210 release, add linux-3.7 support 2012-12-13 14:00:28 +01:00
David Guibert c604ff045e add cifs_timeout to kernel 3.5 2012-11-15 07:41:11 +01:00
Lluís Batlle i Rossell bb3b603ea7 mips linux: Adding a patch to fix an ext3 bug in 3.5 and 3.6
I made it apply to all Mips, although the bug works only for n32 and o32 ABIs.
We don't support any n64 by now.
2012-11-06 00:16:13 +01:00
Mathijs Kwik 8f480e3035 linux-3.6: upgrade to 3.6.1
- enable aufs3 patch
- check other patches needing upgrade/enable
2012-10-09 16:05:24 +02:00
Mathijs Kwik ce3e42df72 linux aufs3: upgrade patch and utils to 20120827 for all 3.x kernels 2012-09-16 13:05:52 +02:00
Mathijs Kwik 192b29181b linux-3.4: upgrade to 3.4.9
- aufs patch: upgrade to latest stable 3.4
2012-08-21 10:27:13 +02:00
Mathijs Kwik 6e9a6a5924 linux-3.3: upgrade to 3.3.8
- aufs patch: upgrade to latest stable 3.3
2012-08-21 10:26:44 +02:00
Mathijs Kwik 03228d60fe linux-3.5: upgrade aufs3 patch to latest stable 2012-08-16 12:00:25 +02:00
Lluís Batlle i Rossell 734bb84f09 linux-3.5: fix perf build with a patch from the perf mailing list 2012-08-10 09:41:43 +02:00
Mathijs Kwik fb99c24d7c kernel-3.5: add aufs3 patch 2012-08-05 01:55:31 +02:00
Peter Simons 82b2588e35 Linux no-xsave.patch: commit patch into Nixpkgs since fetchurl no longer works
Patch submitted by Jan Malakhovski <oxij@oxij.org>.
2012-07-02 16:53:53 +02:00
Eelco Dolstra 1582276602 * Drop some old obsolete kernels and unused patches.
svn path=/nixpkgs/trunk/; revision=34558
2012-06-19 15:56:17 +00:00
Lluís Batlle i Rossell 3874e5812d Adding two kernel patches for mips, that make the life easier on loongson2f
(less sigill, less sigbus). Related to bad handling of FPU instructions.

I apply them only to linux 3.4, although I think they can apply to many older kernels too.


svn path=/nixpkgs/trunk/; revision=34522
2012-06-16 10:49:03 +00:00
Mathijs Kwik 46beccef20 linux kernel aufs (needed for livecd): added to 3.4
upgraded 3.3 version to stable

svn path=/nixpkgs/trunk/; revision=34468
2012-06-11 17:41:05 +00:00
Shea Levy 497a4afe72 We no longer need the bootstub config patch
svn path=/nixpkgs/trunk/; revision=33987
2012-05-05 14:26:20 +00:00
Shea Levy 50a0b839af Linux 3.3.3
This incorporates the btrfs fix, so remove that patch. Also, I will test
that this builds after committing, and fix it if it fails

svn path=/nixpkgs/trunk/; revision=33885
2012-04-23 00:12:47 +00:00
Lluís Batlle i Rossell b35d2c6b89 Adding a patch for linux 3.3 for btrfs regarding ENOSPC.
This should solve the problem I had, where I could not boot either 3.3 or 3.3.1
in my system, as I got ENOSPC all the time.


svn path=/nixpkgs/trunk/; revision=33714
2012-04-09 21:02:17 +00:00
Shea Levy dfcd4dd559 Add a kernel patch for the efi boot stub to read a config file when booted without arguments, and base removable media booting off of that patch
The patch is currently being discussed on LKML and hopefully will be included
in mainline in some form in the future. Note that booting from the livecd has
to do a lot of work before anything is output to the console, so if the drive
is still busy don't assume the boot has hanged

svn path=/nixpkgs/trunk/; revision=33235
2012-03-18 17:14:52 +00:00
Shea Levy 76832793f2 Linux 3.3-rc7
svn path=/nixpkgs/trunk/; revision=33007
2012-03-12 02:19:05 +00:00
Yury G. Kudryashov 38e3d7bc86 svn merge ^/nixpkgs/trunk
Not merged r32497 (tree conflict, glibc GNU Hurd update). Ludovic, could you
please look at this?

svn path=/nixpkgs/branches/stdenv-updates/; revision=32520
2012-02-23 20:06:21 +00:00
Peter Simons 9db6840814 linux kernel 3.2 : added aufs patches
svn path=/nixpkgs/trunk/; revision=32483
2012-02-22 20:29:18 +00:00
Eelco Dolstra 0beb6c6266 * Remove some obsolete patches.
svn path=/nixpkgs/branches/stdenv-updates/; revision=32379
2012-02-17 23:53:49 +00:00
Eelco Dolstra 752203c3ca * Remove broken tux-on-ice kernels.
svn path=/nixpkgs/trunk/; revision=30619
2011-11-29 14:49:32 +00:00
Shea Levy c65ff0d37d Update aufs3.0, add aufs3.1
svn path=/nixpkgs/trunk/; revision=30329
2011-11-08 16:00:19 +00:00
Shea Levy 5e5dd16842 Remove the efi stub patch
svn path=/nixpkgs/trunk/; revision=30264
2011-11-06 17:38:51 +00:00
Shea Levy 72f41379be Add a patch to enable adding efi stub code to the linux kernel
svn path=/nixpkgs/trunk/; revision=29555
2011-10-01 23:00:48 +00:00
Shea Levy f979d3de4e Add features.aufs2 to old kernels
svn path=/nixpkgs/trunk/; revision=29536
2011-09-28 22:13:59 +00:00
Shea Levy ed38cc3545 aufs3-util
svn path=/nixpkgs/trunk/; revision=29535
2011-09-28 21:59:07 +00:00
Shea Levy 4add420a48 aufs3 kernelPackage
svn path=/nixpkgs/trunk/; revision=29534
2011-09-28 21:46:07 +00:00
Shea Levy 2e012018bb makeAufs3StandalonePatch: Don't unpack the kernel source
svn path=/nixpkgs/trunk/; revision=29533
2011-09-28 21:09:54 +00:00
Shea Levy 60b155479d linux-3.0: Add aufs3 patch
svn path=/nixpkgs/trunk/; revision=29532
2011-09-28 20:48:08 +00:00
David Guibert 4b3530f55d apply aufs patch to other kernels.
svn path=/nixpkgs/trunk/; revision=28708
2011-08-20 07:55:53 +00:00
David Guibert db3eb9de85 utrace: fix urls.
But it still does not apply to recent 2.6.32 kernels.

svn path=/nixpkgs/trunk/; revision=28707
2011-08-20 06:47:13 +00:00
David Guibert 22ee5aba7a aufs for 2.6.36/39 and 3.0
svn path=/nixpkgs/trunk/; revision=28705
2011-08-20 06:39:29 +00:00
Ludovic Stordeur e381c7c385 Added CIFS timeout patch for Linux 2.6.15
svn path=/nixpkgs/trunk/; revision=27715
2011-07-11 14:00:01 +00:00
Ludovic Stordeur 388ba0981b Added CIFS timeout patch for Linux 2.6.{25 --> 28}
svn path=/nixpkgs/trunk/; revision=27713
2011-07-11 13:59:54 +00:00
Ludovic Stordeur b2cf02eb5e Renamed cifs-timeout-2.6.{32 --> 29} patch
Renamed cifs-timeout-2.6.32 patch to cifs-timeout-2.6.29 as this is the
older kernel version this patch applies to.

svn path=/nixpkgs/trunk/; revision=27711
2011-07-11 13:59:47 +00:00
Ludovic Stordeur c551998c82 Added CIFS timeout patch for Linux 2.6.{35 --> 38}
svn path=/nixpkgs/trunk/; revision=27710
2011-07-11 13:59:43 +00:00
Ludovic Stordeur df0a6394b3 Suffixed cifs timeout patch with kernel version.
Currently suffixed with 2.6.32.
This pre-patch prepares the landing of several versions of this patch to
support other Linux kernel versions.

svn path=/nixpkgs/trunk/; revision=27709
2011-07-11 13:59:40 +00:00
Shea Levy dedd972a16 Add fbcondecor for 2.6.38
svn path=/nixpkgs/trunk/; revision=26876
2011-04-18 15:13:04 +00:00
Shea Levy d86630472b Add aufs2.1 for 2.6.38
svn path=/nixpkgs/trunk/; revision=26811
2011-04-12 18:36:33 +00:00
Ludovic Courtès 16d86dcbe2 Linux 2.6.{25,28}: Allow compilation with recent Glibc.
svn path=/nixpkgs/trunk/; revision=26741
2011-04-07 13:57:43 +00:00
Lluís Batlle i Rossell 6eaaa06077 Committing on behalf of Shea Levy:
This patch adds a "features.aufs2_1" to the aufs-2.1 patch for Linux
2.6.37 to prevent aufs2_1 and aufs2_1_util from being options for
kernels without an aufs 2.1 patch. There were several Hydra build
failures as a result of attempting to build aufs2.1 against older
kernels.

svn path=/nixpkgs/trunk/; revision=26597
2011-03-30 08:16:44 +00:00
Lluís Batlle i Rossell 1357904982 Committing the aufs2.1 patch by Shea Levy. His comments:
* My motivation for this patch is that kernels < 2.6.36 contain an
     e1000e that does not support the ethernet card that is part of the
     chipset for the second-generation Core-i Intel CPUs, so in order
     to have a more useful livecd I needed to get aufs working with a
     newer kernel, and 2.6.37 is the latest kernel with an official
     aufs release.
   * All sources are downloaded with fetchgit. This is because the aufs
     upstream doesn't provide release tarballs, they just add a tag to
     their git tree for an official release.
   * The make target for the aufs2.1 headers uses a Makefile in the
     kernel build directory that requires that unifdef be in the
     scripts/ subdirectory of the build directory. The way I've dealt
     with this here is by adding "make $makeFlags -C scripts unifdef"
     to the postBuild in the kernel builder. Since the builder is used
     by all kernel versions, this will require rebuilding every kernel
     and kernel-dependent package if the patch is accepted, so one
     alternative I thought of would be to create a fake kernel build
     directory where everything is symlinked to the real build
     directory except scripts/, which is first copied and then make
     unifdef is run before building aufs2.1. If that more complicated
     solution is preferred, or if anyone has ideas for another one, I
     can do that and submit a new patch.
   * The patch was tested by building a livecd ISO that uses it, then
     running the ISO from within virtualbox and installing aufs2.1-util
     from within the livecd environment.
   * The livecd was built using installation-cd-minimal.nix, with two
     changes to the Nixos tree:
        1. boot.kernelPackages = pkgs.linuxPackages_2_6_37 was added to
           profiles/minimal.nix
        2. config.boot.kernelPackages.aufs2 was changed to
           config.boot.kernelPackages.aufs2_1 in iso-image.nix
     I would have preferred to keep all changes within
     profiles/minimal.nix, but I couldn't figure out how to override
     iso-image.nix's definition of boot.extraModulePackages. Livecds
     that use an older kernel can't be built with this iso-image.nix,
     since we don't have aufs2.1 for them (just aufs2). If someone can
     point me to how I can override things set in iso-image.nix, I'd
     appreciate it.

make -C scripts unifdef compiles the unifdef application in the
scripts/ directory, and when Nix copies over the build tree to
$out/lib/modules/$version/build for kernel modules to reference, it
copies over all of scripts/ except the .o files. I can't speak for
other kernel versions, but at the least for 2.6.37.1 unifdef is not
built by default. If you look at the Makefile in scripts, unifdef is
listed  under a comment saying that the following programs are only
built on-demand.

svn path=/nixpkgs/trunk/; revision=26548
2011-03-27 15:18:39 +00:00
Lluís Batlle i Rossell f6e3d3e10d Adding tuxonice for some recent kernels.
svn path=/nixpkgs/trunk/; revision=26447
2011-03-21 15:53:22 +00:00
Lluís Batlle i Rossell 84ca32b293 Adding tuxonice for 2.6.35
svn path=/nixpkgs/trunk/; revision=26446
2011-03-21 15:42:21 +00:00
Lluís Batlle i Rossell 8ab38a2828 Adding the fbcondecor patch for 2.6.37, by Shea Levy
svn path=/nixpkgs/trunk/; revision=26428
2011-03-19 20:44:45 +00:00
Eelco Dolstra 5cc5e16104 * Remove the xen-pvclock-resume patch, which has finally been merged
into 2.6.32.

svn path=/nixpkgs/trunk/; revision=26149
2011-03-03 15:36:13 +00:00
Lluís Batlle i Rossell 13a8b34a81 Fix for a syscall restart bug on linux-mips
svn path=/nixpkgs/branches/stdenv-updates/; revision=24791
2010-11-21 15:26:36 +00:00
Lluís Batlle i Rossell f4f84af4ab Updating from trunk. I only had to take away the usual stdenv2 in
all-packages.nix


svn path=/nixpkgs/branches/stdenv-updates/; revision=24553
2010-10-31 19:30:31 +00:00
Eelco Dolstra 85a0cd1385 * A better fix for the Xen clock problem.
svn path=/nixpkgs/trunk/; revision=24488
2010-10-26 13:08:51 +00:00
Eelco Dolstra 5762edd607 * Linux 2.6.32: revert upstream patch
489fb490dbf8dab0249ad82b56688ae3842a79e8.  It causes the DomU clock
  to jump into the future and freeze after being saved and restored
  across a Dom0 reboot.  See 

    http://lists.xensource.com/archives/html/xen-devel/2010-10/msg00498.html
    http://lists.xensource.com/archives/html/xen-devel/2010-10/msg01174.html

svn path=/nixpkgs/trunk/; revision=24473
2010-10-25 16:36:42 +00:00
Lluís Batlle i Rossell bf6f39fb7c Adding a patch fixing ARM trouble on the recent linux 2.6.35
svn path=/nixpkgs/branches/stdenv-updates/; revision=24158
2010-10-07 22:10:28 +00:00
Lluís Batlle i Rossell 2c5de61327 Updating from trunk.
svn path=/nixpkgs/branches/stdenv-updates/; revision=23840
2010-09-17 19:10:21 +00:00
Ludovic Courtès 078353fc15 Linux: Add GuruPlug-related patches.
svn path=/nixpkgs/trunk/; revision=23833
2010-09-17 15:56:42 +00:00
Lluís Batlle i Rossell a42e571e33 Trying to fix an URL for a patch (the previous URL did not work anyamore)
svn path=/nixpkgs/branches/stdenv-updates/; revision=23700
2010-09-09 17:07:12 +00:00
Lluís Batlle i Rossell bd17763fbb Fixing an url on kernel patches
svn path=/nixpkgs/branches/stdenv-updates/; revision=23639
2010-09-05 05:59:55 +00:00
Michael Raskin d3d44dc6d3 Add AUFS patch for 2.6.35
svn path=/nixpkgs/trunk/; revision=23288
2010-08-20 20:46:12 +00:00
Yury G. Kudryashov 10c5146a78 Add fbcondecor-2.6.35
svn path=/nixpkgs/trunk/; revision=23286
2010-08-20 20:12:03 +00:00
Eelco Dolstra 3f287cfb1d * Ensure that the dell-bluetooth device does not stay in the "hard
blocked" state.

svn path=/nixpkgs/branches/x-updates/; revision=22730
2010-07-25 12:15:59 +00:00
Eelco Dolstra 3d442ad185 * Apply a patch that is apparently required to make the kernel work
properly on Amazon EC2.
* Always apply the CIFS timeout patch.  It's rather annoying to have
  to build a separate kernel for the VM tests.

svn path=/nixpkgs/trunk/; revision=22630
2010-07-18 21:10:46 +00:00
Eelco Dolstra cb5bcfa04a * In the VM tests, apply a patch to increase the 15s timeout on CIFS
operations to 120s.  This is necessary if the host is heavily
  loaded.  For instance, in the Hydra build farm, if there are many
  concurrent jobs, VM builds often fail because they hit the timeout.

svn path=/nixpkgs/trunk/; revision=22347
2010-06-20 20:52:08 +00:00
David Guibert c6b05c7164 aufs2: patch for kernel 2.6.34
svn path=/nixpkgs/trunk/; revision=22178
2010-06-08 06:29:02 +00:00
Eelco Dolstra 6daa7866ca * Only build aufs2 for kernels that have the requisite base/standalone
patch applied.

svn path=/nixpkgs/trunk/; revision=22037
2010-05-28 09:29:39 +00:00
Eelco Dolstra 74b6d94ed5 * Get aufs2 and aufs2-util to build against Linux 2.6.32.
svn path=/nixpkgs/trunk/; revision=22032
2010-05-28 07:09:15 +00:00
Ludovic Courtès 588be9d6db Add a Linux kernel suitable for SystemTap.
svn path=/nixpkgs/trunk/; revision=21618
2010-05-05 19:48:46 +00:00
Eelco Dolstra 61c9c2434f * Updated fbcondecor for Linux 2.6.33.
svn path=/nixpkgs/trunk/; revision=20257
2010-02-25 14:15:42 +00:00
Eelco Dolstra e3c2b77c11 * Add the gcov patch to patches.nix.
svn path=/nixpkgs/trunk/; revision=19190
2010-01-03 17:57:08 +00:00
Eelco Dolstra 2e5908b1df * Use the kernel config generator for Linux 2.6.25.
svn path=/nixpkgs/branches/kernel-config/; revision=18948
2009-12-14 19:08:20 +00:00
Eelco Dolstra 03b4efe9c8 * Use the kernel config generator for Linux 2.6.27.
* Move kernel patches out of all-packages.nix to
  os-specific/linux/kernel/patches.nix.
* Make the kernel config available under $out/config (it's also in
  $out/lib/modules/$version/build/.config, but that's kind of hard to
  find).

svn path=/nixpkgs/branches/kernel-config/; revision=18937
2009-12-14 15:28:55 +00:00