aszlig
78bbd6f7c6
linux-testing: Update to version 3.19-rc7.
...
Running -rc6 always feels kinda rusty and old, so there is the pressing
urge to update... into the future... swooooooosh!
Signature verified against key with fingerprint:
ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-02 19:50:56 +01:00
William A. Kennington III
12378faab2
kernel: 3.19-rc5 -> 3.19-rc6
2015-02-01 15:53:48 -08:00
Michael Raskin
4a29a4baac
kernel: 3.12.36 -> 3.12.37
2015-02-01 10:57:47 +03:00
William A. Kennington III
bbd6384f62
kernel: 3.14.29 -> 3.14.31
2015-01-31 18:55:09 -08:00
William A. Kennington III
8a2f7375d6
kernel: 3.18.3 -> 3.18.5
2015-01-31 18:54:59 -08:00
William A. Kennington III
3e1b504cbe
kernel: 3.10.65 -> 3.10.67
2015-01-31 17:46:04 -08:00
aszlig
8ac1765e28
linux-testing: Update to version 3.19-rc5.
...
Using linux-testing for a bunch of machines, I'd actually expect it to
be more recent than the latest stable, but until now it actually was
behind.
Since torvalds/linux@464ed18ebd , the option
PM_RUNTIME doesn't exist anymore, so we need to remove it from our
common config.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-22 09:56:37 +01:00
Ricardo M. Correia
23ffd6ad22
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.29-201501182217 -> 3.0-3.14.29-201501211943
test: 3.0-3.18.3-201501182219 -> 3.0-3.18.3-201501211944
2015-01-22 05:39:01 +01:00
Peter Simons
ec6b82a0c2
Merge branch 'master' into staging.
2015-01-19 18:41:17 +01:00
William A. Kennington III
fb921695b6
kernel: Fix grsec patch for 3.18.3
2015-01-18 21:11:07 -08:00
William A. Kennington III
2c02b7caff
kernel: 3.14.28 -> 3.14.29
2015-01-18 21:11:07 -08:00
William A. Kennington III
f23cb7d925
kernel: 3.12.35 -> 3.12.36
2015-01-18 21:11:07 -08:00
William A. Kennington III
9fce7cced9
kernel: 3.10.64 -> 3.10.65
2015-01-18 21:11:07 -08:00
Aristid Breitkreuz
46a938ad3a
linux 3.18.3
2015-01-17 16:31:13 +00:00
Vladimír Čunát
88089559b9
Merge #5676 : gcc-wrapper -> cc-wrapper and related
2015-01-17 08:43:04 +01:00
Ricardo M. Correia
1f28bfa284
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.28-201501120819 -> 3.0-3.14.28-201501142323
test: 3.0-3.18.2-201501120821 -> 3.0-3.18.2-201501142325
2015-01-16 02:47:12 +01:00
William A. Kennington III
1ec68e0d13
kernel: Fix path to stp bridge helper
2015-01-14 10:34:28 -08:00
William A. Kennington III
3d4b315d91
Revert "kernel: Add a patch to remove checks for bridge stp helpers"
...
This reverts commit f64c3ce18d
.
2015-01-13 15:34:26 -08:00
William A. Kennington III
f64c3ce18d
kernel: Add a patch to remove checks for bridge stp helpers
2015-01-13 15:24:02 -08:00
Vladimír Čunát
1575bc652e
Merge branch 'master' into staging
...
Conflicts (simple):
pkgs/os-specific/linux/util-linux/default.nix
It seems this merge creates a new stdenv hash,
because we had changes on both branches :-/
2015-01-13 18:07:11 +01:00
Ricardo M. Correia
757071af5b
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.28-201501111421 -> 3.0-3.14.28-201501120819
test: 3.0-3.18.2-201501111422 -> 3.0-3.18.2-201501120821
2015-01-12 18:21:22 +01:00
William A. Kennington III
97783b87c0
kernel: 3.14.27 -> 3.14.28
2015-01-11 23:59:13 -08:00
William A. Kennington III
33651bb865
kernel: 3.18.1 -> 3.18.2
2015-01-11 23:58:19 -08:00
William A. Kennington III
6521141d09
kernel: Remove 3.16
2015-01-11 23:55:38 -08:00
William A. Kennington III
ba6648b142
kernel: 3.2.65 -> 3.2.66
2015-01-11 23:55:37 -08:00
William A. Kennington III
980758bdee
kernel: 3.17.7 -> 3.17.8
2015-01-11 23:55:37 -08:00
William A. Kennington III
38eb7af3cd
kernel: 3.10.63 -> 3.10.64
2015-01-11 23:55:37 -08:00
William A. Kennington III
e0098e8408
Revert "linux kernel: set VFIO_PCI_VGA to y
for versions > 3.9"
...
This reverts commit 774486a149
.
2015-01-07 10:55:06 -08:00
Jan Malakhovski
774486a149
linux kernel: set VFIO_PCI_VGA to y
for versions > 3.9
...
This allows to passthrough PCI video adapters to KVM virtual machines.
VFIO_PCI is set to `m` by default, which means this will not affect
non-users.
2015-01-07 11:08:58 +00:00
Ricardo M. Correia
e90bfba2f6
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.27-201412280859 -> 3.0-3.14.27-201501042018
test: 3.0-3.18.1-201412281149 -> 3.0-3.18.1-201501042021
2015-01-07 05:49:56 +01:00
Nikolay Amiantov
e9d868de63
kernel: enable intel_pstate
2015-01-06 03:07:32 +03:00
Vladimír Čunát
6671aff83e
linux kernel determinism: unify timestamp style
...
Testing showed the linux build is sensitive to /usr/include/ncursesw
unless chrooted (on non-nixos).
On a single chrooted nixos machine, -A linux is binary reproducible.
CC #2281 & @alexanderkjeldaas.
2015-01-03 13:54:32 +01:00
Domen Kožar
c510f3da49
fix eval /cc @vcunat
2015-01-02 13:55:19 +01:00
Vladimír Čunát
d8c5d95330
determinism: change some fixed timestamp to != (time_t)0
...
vcunat removed the unrelated glib change.
Conflicts:
pkgs/development/libraries/glib/default.nix
pkgs/os-specific/linux/kernel/generic.nix
pkgs/os-specific/linux/kernel/manual-config.nix
2014-12-30 17:03:39 +01:00
Ricardo M. Correia
1d44322d53
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test: 3.0-3.17.7-201412211910 -> 3.0-3.18.1-201412281149
2014-12-29 03:00:47 +01:00
Ricardo M. Correia
a8e33da2dd
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.27-201412170659 -> 3.0-3.14.27-201412211908
test: 3.0-3.17.7-201412170700 -> 3.0-3.17.7-201412211910
2014-12-22 20:33:00 +01:00
William A. Kennington III
7e8c5b578a
kernel: 3.14.26 -> 3.14.27
2014-12-17 14:36:38 -08:00
William A. Kennington III
eea5383b48
kernel: 3.17.6 -> 3.17.7
2014-12-17 14:36:29 -08:00
William A. Kennington III
be96c7e283
Revert "kernel: 3.14.26 -> 3.14.27"
...
This reverts commit 4eaecca7b1
.
2014-12-16 14:15:55 -08:00
William A. Kennington III
66332cdee1
Revert "kernel: 3.17.6 -> 3.17.7"
...
This reverts commit d3a61d88aa
.
2014-12-16 14:15:47 -08:00
William A. Kennington III
d3a61d88aa
kernel: 3.17.6 -> 3.17.7
2014-12-16 14:13:03 -08:00
William A. Kennington III
4eaecca7b1
kernel: 3.14.26 -> 3.14.27
2014-12-16 14:12:57 -08:00
William A. Kennington III
8643578aa5
kernel: 3.2.64 -> 3.2.65
2014-12-16 14:12:21 -08:00
William A. Kennington III
980c702342
kernel: 3.18 -> 3.18.1
2014-12-16 14:12:21 -08:00
William A. Kennington III
6ea3763f22
kernel: 3.12.34 -> 3.12.35
2014-12-16 14:11:13 -08:00
William A. Kennington III
7c2b8b333f
kernel: 3.10.62 -> 3.10.63
2014-12-16 14:11:07 -08:00
William A. Kennington III
042f266e10
kernel: 3.14.25 -> 3.14.26
2014-12-08 23:24:50 -08:00
William A. Kennington III
c8abfe37ab
kernel: 3.17.4 -> 3.17.6
2014-12-08 23:23:42 -08:00
William A. Kennington III
20e2d94089
kernel: 3.4.104 -> 3.4.105
2014-12-08 23:21:40 -08:00
William A. Kennington III
845f647b86
kernel: 3.12.33 -> 3.12.34
2014-12-08 23:21:07 -08:00
William A. Kennington III
98791f57c8
kernel: 3.10.61 -> 3.10.62
2014-12-08 23:21:04 -08:00
William A. Kennington III
a6f4c3624e
kernel: Add 3.18
2014-12-08 23:18:04 -08:00
Domen Kožar
4aa3eec330
Merge branch 'master' into staging
...
Conflicts:
pkgs/development/libraries/fontconfig/default.nix
2014-12-07 14:02:48 +01:00
Ricardo M. Correia
7ce1cbed93
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.25-201411260106 -> 3.0-3.14.25-201412040016
test: 3.0-3.17.4-201411260107 -> 3.0-3.17.4-201412040017
2014-12-05 18:26:21 +01:00
William A. Kennington III
fe21ac3903
linux: 3.18.0-rc6 -> 3.18.0-rc7
2014-12-01 01:49:05 -08:00
Vladimír Čunát
cbd2305d4d
Merge branch 'master' into staging
2014-11-28 18:59:07 +01:00
Ricardo M. Correia
6f31905563
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.25-201411231452 -> 3.0-3.14.25-201411260106
test: 3.0-3.17.4-201411231452 -> 3.0-3.17.4-201411260107
2014-11-27 18:36:01 +01:00
Vladimír Čunát
a68c1adc35
*: fix builds by disregarding warning from new glibc
...
Says: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
CC: #4803 . There will likely appear more of these errors on Hydra in time.
2014-11-26 23:40:03 +01:00
Ricardo M. Correia
c07f81ce89
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.25-201411220954 -> 3.0-3.14.25-201411231452
test: 3.0-3.17.4-201411220955 -> 3.0-3.17.4-201411231452
2014-11-24 03:53:28 +01:00
William A. Kennington III
acefc22209
kernel: 3.18.0-rc5 -> 3.18.0-rc6
2014-11-23 16:49:25 -08:00
William A. Kennington III
d1493bc1ee
kernel: 3.14.24 -> 3.14.25
2014-11-23 02:47:36 -08:00
Jonathan Rudenberg
30578e30d8
kernel: 3.17.3 -> 3.17.4
2014-11-22 16:50:16 -05:00
William A. Kennington III
30597a9c7a
kernel: 3.12.32 -> 3.12.33
2014-11-21 14:39:15 -08:00
William A. Kennington III
f1b9f88e5b
kernel: 3.10.60 -> 3.10.61
2014-11-21 14:38:48 -08:00
William A. Kennington III
eac8fcff1a
kernel: 3.18-rc4 -> 3.18-rc5
2014-11-17 00:13:04 -08:00
William A. Kennington III
f4a27311b7
kernel: 3.14.23 -> 3.14.24
2014-11-14 23:03:54 -08:00
William A. Kennington III
0ef4ee5d06
kernel: 3.17.2 -> 3.17.3
2014-11-14 23:03:47 -08:00
William A. Kennington III
1a405c999e
kernel: Remove 3.15
2014-11-14 11:05:51 -08:00
William A. Kennington III
256669cf41
kernel: Remove 3.17 buildfix
2014-11-14 10:59:46 -08:00
William A. Kennington III
642a161112
kernel: 3.2.63 -> 3.2.64
2014-11-14 10:59:46 -08:00
William A. Kennington III
2fab8d1198
kernel: 3.10.59 -> 3.10.60
2014-11-14 10:49:29 -08:00
William A. Kennington III
557a3c92e3
kernel: Don't enable the iommu by default as this breaks for some hardware
2014-11-13 16:23:49 -08:00
Domen Kožar
7ff9cd2c41
more kernel fixes
2014-11-11 09:22:18 +01:00
William A. Kennington III
189e73de98
kernel-testing: 3.18-rc3 -> 3.18-rc4
2014-11-10 22:30:43 -08:00
Domen Kožar
b9388e9711
fix kernel builds on 32bit linux
2014-11-11 07:06:09 +01:00
Eelco Dolstra
e78a1603fc
linux: Enable BPF_JIT only on 64-bit
...
It's not supported on i686.
http://hydra.nixos.org/build/16834647
2014-11-10 20:21:28 +01:00
Ricardo M. Correia
c108ab47be
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.23-201411062033 -> 3.0-3.14.23-201411091053
test: 3.0-3.17.2-201411062034 -> 3.0-3.17.2-201411091054
2014-11-10 19:34:00 +01:00
Ricardo M. Correia
5701e40681
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.23-201410312212 -> 3.0-3.14.23-201411062033
test: 3.0-3.17.2-201410312213 -> 3.0-3.17.2-201411062034
2014-11-09 02:47:54 +01:00
lethalman
27b79a0469
Merge pull request #4780 from ambrop72/kernel-ppp-filter
...
kernel: Enable PPP_FILTER by default.
2014-11-08 12:41:13 +01:00
William A. Kennington III
d88c5eed1d
kernel: Add more supported features
2014-11-08 02:44:19 -08:00
Domen Kožar
a0696b4536
linux_3_12: fix hash
2014-11-07 12:39:04 +01:00
Eelco Dolstra
1d5147dd17
linux: Update to 3.12.32
2014-11-06 15:12:01 +01:00
Jonathan Rudenberg
a97452a000
linux: Update testing 3.17-rc2 -> 3.18-rc3
2014-11-03 14:14:53 -05:00
ambrop7@gmail.com
fc533f0e84
kernel: Enable PPP_FILTER by default.
...
pppd will try to use it to improve efficiency and complain if it's not available
(but is is not mandatory).
2014-11-02 15:10:09 +01:00
Ricardo M. Correia
268c72b92b
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.22-201410250026 -> 3.0-3.14.23-201410312212
test: 3.0-3.17.1-201410281754 -> 3.0-3.17.2-201410312213
2014-11-01 17:25:22 +01:00
Alexander Kjeldaas
85972fb58d
Document likely breakage when people update the kernel.
2014-11-01 09:35:20 +01:00
William A. Kennington III
0467a79129
kernel: 3.16.6 -> 3.16.7
2014-10-30 14:39:17 -07:00
William A. Kennington III
5b37f998fd
kernel: 3.14.22 -> 3.14.23
2014-10-30 14:38:41 -07:00
William A. Kennington III
3ff30fa254
kernel: 3.10.58 -> 3.10.59
2014-10-30 14:38:10 -07:00
William A. Kennington III
6e91f53d87
kernel: Add update script
2014-10-30 14:37:22 -07:00
Shea Levy
659db7e5b2
linux-3.17: bump
2014-10-30 13:09:18 -04:00
Ricardo M. Correia
a9170c0dba
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.22-201410192047 -> 3.0-3.14.22-201410250026
test: 3.0-3.17.1-201410192051 -> 3.0-3.17.1-201410281754
2014-10-30 12:47:36 +01:00
Eelco Dolstra
bac50c5c1f
linux: Update to 3.12.31
2014-10-27 11:21:18 +01:00
lethalman
2c0cc6cedc
Merge pull request #4587 from uzska/master
...
Added line SCSI_SAS_ATA y on line 62
2014-10-24 09:39:40 +02:00
Alexander Kjeldaas
005bb796e6
Updated grsec.
2014-10-22 02:18:41 +02:00
Eelco Dolstra
38ed4d4d0f
linux: Enable FW_LOADER_USER_HELPER_FALLBACK
...
We don't really need this anymore, except that our docs say that you
can put firmware in /root/test-firmware, which doesn't work via
/sys/module/firmware_class/parameters/path.
2014-10-20 13:25:00 +02:00
uzska
0fa57137cf
Added line SCSI_SAS_ATA y on line 62
...
This kernel change will make the nixOS live cd detect the hard drive upon boot.
2014-10-17 13:31:08 -07:00
William A. Kennington III
13b9917298
kernel: Fix missing ;
2014-10-16 13:58:18 -07:00
William A. Kennington III
1962fd80f6
kernel: 3.4.103 -> 3.4.104
2014-10-16 13:56:14 -07:00
William A. Kennington III
fdb4e34459
kernel: 3.2.62 -> 3.2.63
2014-10-16 13:56:10 -07:00
William A. Kennington III
0a82ce360d
kernel: 3.17 -> 3.17.1
2014-10-16 13:56:06 -07:00
William A. Kennington III
b8ee248137
kernel: 3.16.4 -> 3.16.6
2014-10-16 13:56:01 -07:00
William A. Kennington III
287ce68d38
kernel: 3.14.20 -> 3.14.22
2014-10-16 13:55:55 -07:00
William A. Kennington III
8c138fd489
kernel: 3.12.29 -> 3.12.30
2014-10-16 13:55:50 -07:00
William A. Kennington III
242070abfc
kernel: 3.10.56 -> 3.10.58
2014-10-16 13:55:38 -07:00
Ricardo M. Correia
c615793317
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.19-201409282024 -> 3.0-3.14.20-201410062037
test: 3.0-3.16.3-201409282025 -> 3.0-3.16.4-201410062041
2014-10-07 16:55:49 +02:00
William A. Kennington III
5b80f24b9d
kernel: 3.16.3 -> 3.16.4
2014-10-05 21:34:31 -07:00
William A. Kennington III
c2a301731a
kernel: 3.14.19 -> 3.14.20
2014-10-05 21:34:18 -07:00
William A. Kennington III
4a2ecb2c62
kernel: 3.12.28 -> 3.12.29
2014-10-05 21:34:04 -07:00
William A. Kennington III
c4c28e36e6
kernel: 3.10.55 -> 3.10.56
2014-10-05 21:33:50 -07:00
Michael Raskin
4397ec5cab
Add Linux 3.17
2014-10-06 02:43:58 +04:00
Ricardo M. Correia
bbdc35d4dd
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.19-201409180900 -> 3.0-3.14.19-201409282024
test: 3.0-3.16.3-201409180901 -> 3.0-3.16.3-201409282025
2014-09-29 14:44:20 +02:00
Ricardo M. Correia
cf61fa8013
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.18-201409060013 -> 3.0-3.14.19-201409180900
test: 3.0-3.16.2-201409060014 -> 3.0-3.16.3-201409180901
2014-09-25 23:37:26 +02:00
William A. Kennington III
df12cc6ad0
kernel: 3.16.2 -> 3.16.3
2014-09-19 16:28:45 -07:00
William A. Kennington III
a235f6fc70
kernel: 3.14.18 -> 3.14.19
2014-09-19 16:28:32 -07:00
William A. Kennington III
03f044bb5a
kernel: 3.10.54 -> 3.10.55
2014-09-19 16:28:20 -07:00
Eelco Dolstra
19b1fafe5f
linux: Update to 3.12.28
2014-09-08 15:49:27 +02:00
Ricardo M. Correia
238a84ac78
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.17-201408260041 -> 3.0-3.14.18-201409060013
test: 3.0-3.15.10-201408212335 -> 3.0-3.16.2-201409060014
2014-09-08 15:16:38 +02:00
William A. Kennington III
844aef5bcf
kernel: 3.16.1 -> 3.16.2
2014-09-06 18:10:13 -07:00
William A. Kennington III
ed7ce2bd81
kernel: 3.14.17 -> 3.14.18
2014-09-06 18:10:01 -07:00
William A. Kennington III
d3f80b36ba
kernel: 3.10.53 -> 3.10.54
2014-09-06 18:09:48 -07:00
Daniel Peebles
0bb14e4fea
Disable NFC on 3.17 or above
...
This should only be temporary, but there's a bug in the 3.17 rc1 and rc2 that leads to cyclic module dependencies and a segfault during the build process.
2014-08-29 01:49:32 -04:00
Daniel Peebles
1eb08ee693
Add patch to fix 3.17 build breakage (also submitted to lkml, but not yet merged)
2014-08-28 22:45:32 -04:00
Austin Seipp
2dc2699ca4
linux/grsec: updates
...
3.15.10 is EOL soon, but grsecurity/unstable hasn't moved to 3.16.x yet.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-08-27 15:14:19 -05:00
Eelco Dolstra
ce6b86cc68
Fix various evaluation problems
...
http://hydra.nixos.org/build/13616685
2014-08-22 11:57:40 +02:00
Eelco Dolstra
e4752d7877
linux: Enable ACLs in ext3
...
http://hydra.nixos.org/build/13462892
2014-08-18 14:33:09 +02:00
William A. Kennington III
83b2d409ff
kernel: 3.2.60 -> 3.2.62
2014-08-14 12:48:06 -05:00
William A. Kennington III
b07f77b2fb
kernel: 3.4.101 -> 3.4.103
2014-08-14 12:46:53 -05:00
William A. Kennington III
ca68015291
kernel: 3.10.51 -> 3.10.53
2014-08-14 12:45:14 -05:00
William A. Kennington III
f143df3a09
kernel 3.14.15 -> 3.14.17
2014-08-14 12:44:25 -05:00
William A. Kennington III
ca0aa7e8d1
kernel: 3.15.8 -> 3.15.10
2014-08-14 12:43:41 -05:00
William A. Kennington III
e9ae222199
kernel: 3.16 -> 3.16.1
2014-08-14 12:42:53 -05:00
Eelco Dolstra
8a7f3c3618
Mark a bunch of packages as broken or not supported on Darwin
2014-08-08 17:59:02 +02:00
aszlig
4834717507
linux-kernel: Add new upstream version 3.16.
...
Also set linux_latest to it as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-04 02:41:54 +02:00
William A. Kennington III
317d4253ea
kernel: 3.15.7 -> 3.15.8
2014-08-02 18:04:08 -05:00
William A. Kennington III
63cc1fd8ad
kernel: 3.14.14 -> 3.14.15
2014-08-02 18:02:15 -05:00
William A. Kennington III
eb9ee180d9
kernel: 3.12.25 -> 3.12.26
2014-08-02 18:00:46 -05:00
William A. Kennington III
89d5655670
kernel: 3.10.50 -> 3.10.51
2014-08-02 17:58:31 -05:00
William A. Kennington III
ae11e59949
kernel: 3.4.100 -> 3.4.101
2014-08-02 17:56:53 -05:00
William A. Kennington III
ff747dd24f
kernel: 3.15.5 -> 3.15.7
2014-07-29 13:17:11 -05:00
William A. Kennington III
2494e2bb09
kernel: 3.14.12 -> 3.14.14
2014-07-29 13:15:42 -05:00
William A. Kennington III
dd9a5aeade
kernel: 3.10.48 -> 3.10.50
2014-07-29 13:13:38 -05:00
William A. Kennington III
47d50bf684
kernel: 3.4.98 -> 3.4.100
2014-07-29 13:08:37 -05:00
Mateusz Kowalczyk
7a45996233
Turn some license strings into lib.licenses values
2014-07-28 11:31:14 +02:00
Eelco Dolstra
0852d9e364
linux: Update to 3.12.25
2014-07-24 18:14:53 +02:00
Bjørn Forsman
28cb0f58c4
linux: only enable CONFIG_NFS_SWAP for v3.6+ kernels
...
Linux v3.6 is the earliest version with CONFIG_NFS_SWAP support. This
change unbreaks NixOS tests for older kernels.
2014-07-16 12:13:06 +02:00
Ricardo M. Correia
85e444f4f8
linux: Enable NFSv4.1, v4.2 clients and swap on NFS
...
I'm only enabling for kernels >= 3.11 to be conservative, because clients and
servers automatically negotiate and use the highest mutually supported version
by default, but only in kernel 3.11 server NFSv4.1 support actually became RFC
compliant.
I'm also adding support for swap on NFS, which is enabled by default on
Ubuntu kernels.
2014-07-15 15:07:25 +02:00
Vladimír Čunát
eb659e89b4
linux_*: update, including CVE-2014-4699 (most likely)
...
CC #3196 . No updates yet on 3.2 and 3.12 branches.
2014-07-09 22:54:08 +02:00
Eelco Dolstra
1596c3a012
linux: Update to 3.12.24
...
CVE-2014-4508, CVE-2014-0206.
2014-07-07 18:21:34 +02:00
Ricardo M. Correia
b50074929e
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.9-201406262057 -> 3.0-3.14.10-201407012152
test: 3.0-3.15.2-201406262058 -> 3.0-3.15.3-201407012153
2014-07-03 11:37:19 +02:00
Ricardo M. Correia
d4243e2a00
linux: Update to 3.14.10
2014-07-03 11:35:28 +02:00
Michael Raskin
e303e18608
Update Linux 3.15 to 3.15.3
2014-07-01 14:28:52 +04:00
Michael Raskin
efb0c56db4
Update linux_testing and enable parallel build of Linux kernel
2014-06-30 10:52:33 +04:00
Michael Raskin
0ecfc6cb49
Merge pull request #2213 from thoughtpolice/kernel-config
...
nixos: make several kernel common-config options optional
2014-06-30 09:01:08 +04:00
Austin Seipp
dd56bfbd00
kernel/grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-27 00:52:12 -05:00
Vladimír Čunát
7998a598b6
linux-3.13: remove, as it's vulnerable
...
CC #3090 .
2014-06-26 11:50:15 +02:00
Vladimír Čunát
7f97fafe4f
linux-3.12: security update .22 ->.23, CVE-2014-0206
...
CC #3090 .
2014-06-26 11:33:00 +02:00
Austin Seipp
0399c5ee24
grsecurity: update stable/testing kernels, refactoring
...
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.
This also removes the vserver kernel, since it's probably not nearly as
used.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
Michael Raskin
c68e3418fb
Update 3.16-rc to -rc2: -rc1 has problems with mounting BtrFS, will test -rc2
2014-06-22 19:45:07 +04:00
Austin Seipp
b8ede68b25
kernel/grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-21 22:13:49 -05:00
Michael Raskin
8297a26746
Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16.
2014-06-18 00:23:48 +02:00
Mathijs Kwik
5bc69209b1
linux-3.15: upgrade to 3.15.1
2014-06-17 08:17:38 +02:00
Eelco Dolstra
27c72f337b
linux: Update to 3.12.22
...
Fixes CVE-2014-3153 (local privilege escalation via futex()).
2014-06-13 17:44:02 +02:00
William A. Kennington III
8bb2313915
kernel: Add 3.15
2014-06-08 16:39:47 -05:00
William A. Kennington III
d91eacd720
kernel: 3.14.5 -> 3.14.6 ( close #2868 )
2014-06-08 09:12:05 +02:00
Austin Seipp
b43421221f
kernel/grsec: updates; add mainline package for brave souls
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-05 06:06:19 -05:00
Eelco Dolstra
246edc3df2
linux: Update to 3.12.21
2014-06-05 12:54:37 +02:00
William A. Kennington III
3a0b265af9
kernel: 3.14.4 -> 3.14.5 ( close #2831 )
2014-06-05 10:34:40 +02:00
Michael Raskin
f9c05a3bad
Merge pull request #2378 from wizeman/u/kernel-zram
...
linux: Add support for zram
2014-05-27 01:40:18 -07:00
Eelco Dolstra
2ee6c0c63e
linux: Update to 3.12.20
2014-05-19 16:03:37 +02:00
Austin Seipp
ac38b32974
kernel/grsec: another optional option
...
This should fix the testing kernels.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:57:10 -05:00
Austin Seipp
e64e3ad88a
kernel: only use DEBUG_STACKOVERFLOW if !grsecurity
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:56:52 -05:00
Austin Seipp
80d0e31a94
kernel: allow features to be used in common-config
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:49:32 -05:00
Austin Seipp
657998dbcb
kernel/common-config: Another optional option
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 19:44:03 -05:00
Austin Seipp
b5b434c98a
kernel: make some common-config options optional for grsec
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1
grsec: refactor grsecurity packages
...
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Austin Seipp
cb894d4fc3
grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
92abc4c610
kernel: enable AppArmor by default
...
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
3efdeef6a3
linux-3.{4,10}: update
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Eelco Dolstra
3d1d9bb7dd
linux-3.12: Apply patch for CVE-2014-0196
2014-05-14 14:11:48 +02:00
Vladimír Čunát
9c8ee7a7e5
linux: minor updates, probably often fixing CVE-2014-0196
2014-05-13 20:00:21 +02:00
Eelco Dolstra
abbf643ae2
linux: Update to 3.12.19
...
Backport: 14.04
2014-05-13 13:28:14 +02:00
Austin Seipp
92f7781f00
kernel/grsecurity: stable/longterm/testing updates
...
kernels:
- longterm: 3.4.87 -> 3.4.88
- longterm: 3.10.37 -> 3.10.38
- stable: 3.13.10 -> 3.13.11
- stable: 3.14.1 -> 3.14.2
grsecurity:
- test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907
NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
Ricardo M. Correia
efae8ce543
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404182109 -> 3.0-3.2.57-201404241714
test: 3.0-3.14.1-201404201132 -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
2014-04-25 04:41:58 +02:00
Ricardo M. Correia
f0e3775f2e
linux: Add support for zram
2014-04-24 23:47:08 +02:00
Vladimír Čunát
116d52c6df
linux-3.12: bump .17 -> .18
2014-04-24 20:02:34 +02:00
Ricardo M. Correia
5d5ca7b260
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404131252 -> 3.0-3.2.57-201404182109
test: 3.0-3.13.10-201404141717 -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
Eelco Dolstra
4e8c2f0ff9
Merge branch 'systemd-update'
2014-04-20 19:31:01 +02:00
Eelco Dolstra
5da309fcaa
linux: Enable SND_DYNAMIC_MINORS
...
This is necessary if you get:
kernel: Too many HDMI devices
kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
2014-04-18 21:50:00 +02:00
Eelco Dolstra
3f01caa89f
linux: Enable transparent hugepages
2014-04-16 22:40:07 +02:00
Austin Seipp
ba2f861f05
kernel: stable/longterm updates
...
- stable: 3.14 -> 3.14.1
- longterm: 3.10.36 -> 3.10.37
- longterm: 3.4.86 -> 3.4.86
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-14 19:46:39 -05:00
Ricardo M. Correia
1b113178ee
grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717
2014-04-15 00:16:29 +02:00
Ricardo M. Correia
3a1c9a2945
linux: Update to 3.13.10
2014-04-15 00:16:29 +02:00
Eelco Dolstra
73b4b287bb
linux: Don't use underscores in the timestamp
2014-04-14 21:06:04 +02:00
Austin Seipp
788d9a13fb
grsecurity: stable/vserver/testing updates
...
- stable: 201404111812 -> 201404131252
- vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
- testing: 201404111815 -> 201404131254
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
Austin Seipp
172dc1336f
nixos: add grsecurity module ( #1875 )
...
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.
- New security.grsecurity NixOS attributes.
- All grsec kernels supported
- Allows default 'auto' grsec configuration, or custom config
- Supports custom kernel options through kernelExtraConfig
- Defaults to high-security - user must choose kernel, server/desktop
mode, and any virtualisation software. That's all.
- kptr_restrict is fixed under grsecurity (it's unwriteable)
- grsecurity patch creation is now significantly abstracted
- only need revision, version, and SHA1
- kernel version requirements are asserted for sanity
- built kernels can have the uname specify the exact grsec version
for development or bug reports. Off by default (requires
`security.grsecurity.config.verboseVersion = true;`)
- grsecurity sysctl support
- By default, disabled.
- For people who enable it, NixOS deploys a 'grsec-lock' systemd
service which runs at startup. You are expected to configure sysctl
through NixOS like you regularly would, which will occur before the
service is started. As a result, changing sysctl settings requires
a reboot.
- New default group: 'grsecurity'
- Root is a member by default
- GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
making it possible to easily add users to this group for /proc
access
- AppArmor is now automatically enabled where it wasn't before, despite
implying features.apparmor = true
The most trivial example of enabling grsecurity in your kernel is by
specifying:
security.grsecurity.enable = true;
security.grsecurity.testing = true; # testing 3.13 kernel
security.grsecurity.config.system = "desktop"; # or "server"
This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:
security.grsecurity.enable = true;
security.grsecurity.stable = true; # enable stable 3.2 kernel
security.grsecurity.config = {
system = "server";
priority = "security";
virtualisationConfig = "host";
virtualisationSoftware = "kvm";
hardwareVirtualisation = true;
}
This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp
acbf28145c
nixos: make several kernel common-config options optional
...
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:39:29 -05:00
Ricardo M. Correia
5dfc6584a5
grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758
2014-04-10 00:37:33 +02:00
Ricardo M. Correia
c50abd0e13
linux: Update to 3.2.57
2014-04-10 00:37:33 +02:00
Austin Seipp
3ff158289a
lockdep: refactor into non-kernel package
...
Lockdep doesn't *really* require the kernel package - just the kernel
sources. It's really a user-space tool just compiled from some portable
code within the kernel, nothing more.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-08 19:21:55 -05:00