mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 22:50:49 +00:00
Code Issues Wiki Activity

linux: disable module signing

Browse source 
Without this, the kernel would generate a random one for us which obviously
isn't reproducible.

`nix-build -A linux --check` succeeds now!
(Tested at different times with different kernel)
This commit is contained in:
Atemu 2020-12-23 07:33:25 +01:00
parent de075d25c7
commit 2c19ef2209
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkgs/os-specific/linux/kernel/common-config.nix
View file

@ -416,7 +416,10 @@ let
SECURITY_APPARMOR = yes;
DEFAULT_SECURITY_APPARMOR = yes;
SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" yes;
MODULE_SIG = no; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.
SECURITY_LOCKDOWN_LSM = no;
} // optionalAttrs (!stdenv.hostPlatform.isAarch32) {
# Detect buffer overflows on the stack