forked from mirrors/nixpkgs
e38b74ba89
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line. When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in
make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long
The build does not fail, however, but the list of modules to be installed ends
up being empty. Thus, the resulting kernel package output contains no modules,
rendering it useless.
We work around this by patching the makefile to use `find -exec` to
process files. Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.
Fixes https://github.com/NixOS/nixpkgs/issues/20490
160 lines
4.4 KiB
Nix
160 lines
4.4 KiB
Nix
{ stdenv, fetchurl, fetchpatch, pkgs }:
|
|
|
|
let
|
|
|
|
makeTuxonicePatch = { version, kernelVersion, sha256,
|
|
url ? "http://tuxonice.nigelcunningham.com.au/downloads/all/tuxonice-for-linux-${kernelVersion}-${version}.patch.bz2" }:
|
|
{ name = "tuxonice-${kernelVersion}";
|
|
patch = stdenv.mkDerivation {
|
|
name = "tuxonice-${version}-for-${kernelVersion}.patch";
|
|
src = fetchurl {
|
|
inherit url sha256;
|
|
};
|
|
phases = [ "installPhase" ];
|
|
installPhase = ''
|
|
source $stdenv/setup
|
|
bunzip2 -c $src > $out
|
|
'';
|
|
};
|
|
};
|
|
|
|
grsecPatch = { grbranch ? "test", grver ? "3.1", kver, grrev, sha256 }: rec {
|
|
name = "grsecurity-${grver}-${kver}-${grrev}";
|
|
|
|
# Pass these along to allow the caller to determine compatibility
|
|
inherit grver kver grrev;
|
|
|
|
patch = fetchurl {
|
|
# When updating versions/hashes, ALWAYS use the official version; we use
|
|
# this mirror only because upstream removes sources files immediately upon
|
|
# releasing a new version ...
|
|
url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch";
|
|
inherit sha256;
|
|
};
|
|
|
|
features.grsecurity = true;
|
|
};
|
|
in
|
|
|
|
rec {
|
|
|
|
bridge_stp_helper =
|
|
{ name = "bridge-stp-helper";
|
|
patch = ./bridge-stp-helper.patch;
|
|
};
|
|
|
|
no_xsave =
|
|
{ name = "no-xsave";
|
|
patch = ./no-xsave.patch;
|
|
features.noXsave = true;
|
|
};
|
|
|
|
mips_fpureg_emu =
|
|
{ name = "mips-fpureg-emulation";
|
|
patch = ./mips-fpureg-emulation.patch;
|
|
};
|
|
|
|
mips_fpu_sigill =
|
|
{ name = "mips-fpu-sigill";
|
|
patch = ./mips-fpu-sigill.patch;
|
|
};
|
|
|
|
mips_ext3_n32 =
|
|
{ name = "mips-ext3-n32";
|
|
patch = ./mips-ext3-n32.patch;
|
|
};
|
|
|
|
modinst_arg_list_too_long =
|
|
{ name = "modinst-arglist-too-long";
|
|
patch = ./modinst-arg-list-too-long.patch;
|
|
};
|
|
|
|
ubuntu_fan_4_4 =
|
|
{ name = "ubuntu-fan";
|
|
patch = ./ubuntu-fan-4.4.patch;
|
|
};
|
|
|
|
ubuntu_unprivileged_overlayfs =
|
|
{ name = "ubuntu-unprivileged-overlayfs";
|
|
patch = ./ubuntu-unprivileged-overlayfs.patch;
|
|
};
|
|
|
|
tuxonice_3_10 = makeTuxonicePatch {
|
|
version = "2013-11-07";
|
|
kernelVersion = "3.10.18";
|
|
sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j";
|
|
};
|
|
|
|
grsecurity_testing = grsecPatch
|
|
{ kver = "4.8.8";
|
|
grrev = "201611150756";
|
|
sha256 = "04sankbjlrji3hrhgwfvmgkrh5ypblb706i0hch4sn3vcc0dq87b";
|
|
};
|
|
|
|
# This patch relaxes grsec constraints on the location of usermode helpers,
|
|
# e.g., modprobe, to allow calling into the Nix store.
|
|
grsecurity_nixos_kmod =
|
|
{
|
|
name = "grsecurity-nixos-kmod";
|
|
patch = ./grsecurity-nixos-kmod.patch;
|
|
};
|
|
|
|
# A temporary work-around for execvp: arglist too long error during
|
|
# module_install. Without this, no modules are installed into the
|
|
# resulting output.
|
|
grsecurity_modinst =
|
|
{ name = "grsecurity-modinst";
|
|
patch = ./grsecurity-modinst.patch;
|
|
};
|
|
|
|
crc_regression =
|
|
{ name = "crc-backport-regression";
|
|
patch = ./crc-regression.patch;
|
|
};
|
|
|
|
genksyms_fix_segfault =
|
|
{ name = "genksyms-fix-segfault";
|
|
patch = ./genksyms-fix-segfault.patch;
|
|
};
|
|
|
|
|
|
chromiumos_Kconfig_fix_entries_3_14 =
|
|
{ name = "Kconfig_fix_entries_3_14";
|
|
patch = ./chromiumos-patches/fix-double-Kconfig-entry-3.14.patch;
|
|
};
|
|
|
|
chromiumos_Kconfig_fix_entries_3_18 =
|
|
{ name = "Kconfig_fix_entries_3_18";
|
|
patch = ./chromiumos-patches/fix-double-Kconfig-entry-3.18.patch;
|
|
};
|
|
|
|
chromiumos_no_link_restrictions =
|
|
{ name = "chromium-no-link-restrictions";
|
|
patch = ./chromiumos-patches/no-link-restrictions.patch;
|
|
};
|
|
|
|
chromiumos_mfd_fix_dependency =
|
|
{ name = "mfd_fix_dependency";
|
|
patch = ./chromiumos-patches/mfd-fix-dependency.patch;
|
|
};
|
|
|
|
hiddev_CVE_2016_5829 =
|
|
{ name = "hiddev_CVE_2016_5829";
|
|
patch = fetchpatch {
|
|
url = "https://sources.debian.net/data/main/l/linux/4.6.3-1/debian/patches/bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch";
|
|
sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy";
|
|
};
|
|
};
|
|
|
|
cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;
|
|
|
|
lguest_entry-linkage =
|
|
{ name = "lguest-asmlinkage.patch";
|
|
patch = fetchpatch {
|
|
url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git"
|
|
+ "/patch/drivers/lguest/x86/core.c?id=cdd77e87eae52";
|
|
sha256 = "04xlx6al10cw039av6jkby7gx64zayj8m1k9iza40sw0fydcfqhc";
|
|
};
|
|
};
|
|
}
|