1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 18:42:15 +00:00
Commit graph

1241 commits

Author SHA1 Message Date
aszlig 78bbd6f7c6
linux-testing: Update to version 3.19-rc7.
Running -rc6 always feels kinda rusty and old, so there is the pressing
urge to update... into the future... swooooooosh!

Signature verified against key with fingerprint:

ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-02 19:50:56 +01:00
William A. Kennington III 12378faab2 kernel: 3.19-rc5 -> 3.19-rc6 2015-02-01 15:53:48 -08:00
Michael Raskin 4a29a4baac kernel: 3.12.36 -> 3.12.37 2015-02-01 10:57:47 +03:00
William A. Kennington III bbd6384f62 kernel: 3.14.29 -> 3.14.31 2015-01-31 18:55:09 -08:00
William A. Kennington III 8a2f7375d6 kernel: 3.18.3 -> 3.18.5 2015-01-31 18:54:59 -08:00
William A. Kennington III 3e1b504cbe kernel: 3.10.65 -> 3.10.67 2015-01-31 17:46:04 -08:00
aszlig 8ac1765e28
linux-testing: Update to version 3.19-rc5.
Using linux-testing for a bunch of machines, I'd actually expect it to
be more recent than the latest stable, but until now it actually was
behind.

Since torvalds/linux@464ed18ebd, the option
PM_RUNTIME doesn't exist anymore, so we need to remove it from our
common config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-22 09:56:37 +01:00
Ricardo M. Correia 23ffd6ad22 grsecurity: Update stable and test patches
stable: 3.0-3.14.29-201501182217 -> 3.0-3.14.29-201501211943
test:   3.0-3.18.3-201501182219  -> 3.0-3.18.3-201501211944
2015-01-22 05:39:01 +01:00
Peter Simons ec6b82a0c2 Merge branch 'master' into staging. 2015-01-19 18:41:17 +01:00
William A. Kennington III fb921695b6 kernel: Fix grsec patch for 3.18.3 2015-01-18 21:11:07 -08:00
William A. Kennington III 2c02b7caff kernel: 3.14.28 -> 3.14.29 2015-01-18 21:11:07 -08:00
William A. Kennington III f23cb7d925 kernel: 3.12.35 -> 3.12.36 2015-01-18 21:11:07 -08:00
William A. Kennington III 9fce7cced9 kernel: 3.10.64 -> 3.10.65 2015-01-18 21:11:07 -08:00
Aristid Breitkreuz 46a938ad3a linux 3.18.3 2015-01-17 16:31:13 +00:00
Vladimír Čunát 88089559b9 Merge #5676: gcc-wrapper -> cc-wrapper and related 2015-01-17 08:43:04 +01:00
Ricardo M. Correia 1f28bfa284 grsecurity: Update stable and test patches
stable: 3.0-3.14.28-201501120819 -> 3.0-3.14.28-201501142323
test:   3.0-3.18.2-201501120821  -> 3.0-3.18.2-201501142325
2015-01-16 02:47:12 +01:00
William A. Kennington III 1ec68e0d13 kernel: Fix path to stp bridge helper 2015-01-14 10:34:28 -08:00
William A. Kennington III 3d4b315d91 Revert "kernel: Add a patch to remove checks for bridge stp helpers"
This reverts commit f64c3ce18d.
2015-01-13 15:34:26 -08:00
William A. Kennington III f64c3ce18d kernel: Add a patch to remove checks for bridge stp helpers 2015-01-13 15:24:02 -08:00
Vladimír Čunát 1575bc652e Merge branch 'master' into staging
Conflicts (simple):
	pkgs/os-specific/linux/util-linux/default.nix

It seems this merge creates a new stdenv hash,
because we had changes on both branches :-/
2015-01-13 18:07:11 +01:00
Ricardo M. Correia 757071af5b grsecurity: Update stable and test patches
stable: 3.0-3.14.28-201501111421 -> 3.0-3.14.28-201501120819
test:   3.0-3.18.2-201501111422  -> 3.0-3.18.2-201501120821
2015-01-12 18:21:22 +01:00
William A. Kennington III 97783b87c0 kernel: 3.14.27 -> 3.14.28 2015-01-11 23:59:13 -08:00
William A. Kennington III 33651bb865 kernel: 3.18.1 -> 3.18.2 2015-01-11 23:58:19 -08:00
William A. Kennington III 6521141d09 kernel: Remove 3.16 2015-01-11 23:55:38 -08:00
William A. Kennington III ba6648b142 kernel: 3.2.65 -> 3.2.66 2015-01-11 23:55:37 -08:00
William A. Kennington III 980758bdee kernel: 3.17.7 -> 3.17.8 2015-01-11 23:55:37 -08:00
William A. Kennington III 38eb7af3cd kernel: 3.10.63 -> 3.10.64 2015-01-11 23:55:37 -08:00
William A. Kennington III e0098e8408 Revert "linux kernel: set VFIO_PCI_VGA to y for versions > 3.9"
This reverts commit 774486a149.
2015-01-07 10:55:06 -08:00
Jan Malakhovski 774486a149 linux kernel: set VFIO_PCI_VGA to y for versions > 3.9
This allows to passthrough PCI video adapters to KVM virtual machines.
VFIO_PCI is set to `m` by default, which means this will not affect
non-users.
2015-01-07 11:08:58 +00:00
Ricardo M. Correia e90bfba2f6 grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412280859 -> 3.0-3.14.27-201501042018
test:   3.0-3.18.1-201412281149  -> 3.0-3.18.1-201501042021
2015-01-07 05:49:56 +01:00
Nikolay Amiantov e9d868de63 kernel: enable intel_pstate 2015-01-06 03:07:32 +03:00
Vladimír Čunát 6671aff83e linux kernel determinism: unify timestamp style
Testing showed the linux build is sensitive to /usr/include/ncursesw
unless chrooted (on non-nixos).
On a single chrooted nixos machine, -A linux is binary reproducible.

CC #2281 & @alexanderkjeldaas.
2015-01-03 13:54:32 +01:00
Domen Kožar c510f3da49 fix eval /cc @vcunat 2015-01-02 13:55:19 +01:00
Vladimír Čunát d8c5d95330 determinism: change some fixed timestamp to != (time_t)0
vcunat removed the unrelated glib change.
Conflicts:
	pkgs/development/libraries/glib/default.nix
	pkgs/os-specific/linux/kernel/generic.nix
	pkgs/os-specific/linux/kernel/manual-config.nix
2014-12-30 17:03:39 +01:00
Ricardo M. Correia 1d44322d53 grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test:   3.0-3.17.7-201412211910  -> 3.0-3.18.1-201412281149
2014-12-29 03:00:47 +01:00
Ricardo M. Correia a8e33da2dd grsecurity: Update stable and test patches
stable: 3.0-3.14.27-201412170659 -> 3.0-3.14.27-201412211908
test:   3.0-3.17.7-201412170700  -> 3.0-3.17.7-201412211910
2014-12-22 20:33:00 +01:00
William A. Kennington III 7e8c5b578a kernel: 3.14.26 -> 3.14.27 2014-12-17 14:36:38 -08:00
William A. Kennington III eea5383b48 kernel: 3.17.6 -> 3.17.7 2014-12-17 14:36:29 -08:00
William A. Kennington III be96c7e283 Revert "kernel: 3.14.26 -> 3.14.27"
This reverts commit 4eaecca7b1.
2014-12-16 14:15:55 -08:00
William A. Kennington III 66332cdee1 Revert "kernel: 3.17.6 -> 3.17.7"
This reverts commit d3a61d88aa.
2014-12-16 14:15:47 -08:00
William A. Kennington III d3a61d88aa kernel: 3.17.6 -> 3.17.7 2014-12-16 14:13:03 -08:00
William A. Kennington III 4eaecca7b1 kernel: 3.14.26 -> 3.14.27 2014-12-16 14:12:57 -08:00
William A. Kennington III 8643578aa5 kernel: 3.2.64 -> 3.2.65 2014-12-16 14:12:21 -08:00
William A. Kennington III 980c702342 kernel: 3.18 -> 3.18.1 2014-12-16 14:12:21 -08:00
William A. Kennington III 6ea3763f22 kernel: 3.12.34 -> 3.12.35 2014-12-16 14:11:13 -08:00
William A. Kennington III 7c2b8b333f kernel: 3.10.62 -> 3.10.63 2014-12-16 14:11:07 -08:00
William A. Kennington III 042f266e10 kernel: 3.14.25 -> 3.14.26 2014-12-08 23:24:50 -08:00
William A. Kennington III c8abfe37ab kernel: 3.17.4 -> 3.17.6 2014-12-08 23:23:42 -08:00
William A. Kennington III 20e2d94089 kernel: 3.4.104 -> 3.4.105 2014-12-08 23:21:40 -08:00
William A. Kennington III 845f647b86 kernel: 3.12.33 -> 3.12.34 2014-12-08 23:21:07 -08:00
William A. Kennington III 98791f57c8 kernel: 3.10.61 -> 3.10.62 2014-12-08 23:21:04 -08:00
William A. Kennington III a6f4c3624e kernel: Add 3.18 2014-12-08 23:18:04 -08:00
Domen Kožar 4aa3eec330 Merge branch 'master' into staging
Conflicts:
	pkgs/development/libraries/fontconfig/default.nix
2014-12-07 14:02:48 +01:00
Ricardo M. Correia 7ce1cbed93 grsecurity: Update stable and test patches
stable: 3.0-3.14.25-201411260106 -> 3.0-3.14.25-201412040016
test:   3.0-3.17.4-201411260107  -> 3.0-3.17.4-201412040017
2014-12-05 18:26:21 +01:00
William A. Kennington III fe21ac3903 linux: 3.18.0-rc6 -> 3.18.0-rc7 2014-12-01 01:49:05 -08:00
Vladimír Čunát cbd2305d4d Merge branch 'master' into staging 2014-11-28 18:59:07 +01:00
Ricardo M. Correia 6f31905563 grsecurity: Update stable and test patches
stable: 3.0-3.14.25-201411231452 -> 3.0-3.14.25-201411260106
test:   3.0-3.17.4-201411231452  -> 3.0-3.17.4-201411260107
2014-11-27 18:36:01 +01:00
Vladimír Čunát a68c1adc35 *: fix builds by disregarding warning from new glibc
Says: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
CC: #4803. There will likely appear more of these errors on Hydra in time.
2014-11-26 23:40:03 +01:00
Ricardo M. Correia c07f81ce89 grsecurity: Update stable and test patches
stable: 3.0-3.14.25-201411220954 -> 3.0-3.14.25-201411231452
test:   3.0-3.17.4-201411220955  -> 3.0-3.17.4-201411231452
2014-11-24 03:53:28 +01:00
William A. Kennington III acefc22209 kernel: 3.18.0-rc5 -> 3.18.0-rc6 2014-11-23 16:49:25 -08:00
William A. Kennington III d1493bc1ee kernel: 3.14.24 -> 3.14.25 2014-11-23 02:47:36 -08:00
Jonathan Rudenberg 30578e30d8 kernel: 3.17.3 -> 3.17.4 2014-11-22 16:50:16 -05:00
William A. Kennington III 30597a9c7a kernel: 3.12.32 -> 3.12.33 2014-11-21 14:39:15 -08:00
William A. Kennington III f1b9f88e5b kernel: 3.10.60 -> 3.10.61 2014-11-21 14:38:48 -08:00
William A. Kennington III eac8fcff1a kernel: 3.18-rc4 -> 3.18-rc5 2014-11-17 00:13:04 -08:00
William A. Kennington III f4a27311b7 kernel: 3.14.23 -> 3.14.24 2014-11-14 23:03:54 -08:00
William A. Kennington III 0ef4ee5d06 kernel: 3.17.2 -> 3.17.3 2014-11-14 23:03:47 -08:00
William A. Kennington III 1a405c999e kernel: Remove 3.15 2014-11-14 11:05:51 -08:00
William A. Kennington III 256669cf41 kernel: Remove 3.17 buildfix 2014-11-14 10:59:46 -08:00
William A. Kennington III 642a161112 kernel: 3.2.63 -> 3.2.64 2014-11-14 10:59:46 -08:00
William A. Kennington III 2fab8d1198 kernel: 3.10.59 -> 3.10.60 2014-11-14 10:49:29 -08:00
William A. Kennington III 557a3c92e3 kernel: Don't enable the iommu by default as this breaks for some hardware 2014-11-13 16:23:49 -08:00
Domen Kožar 7ff9cd2c41 more kernel fixes 2014-11-11 09:22:18 +01:00
William A. Kennington III 189e73de98 kernel-testing: 3.18-rc3 -> 3.18-rc4 2014-11-10 22:30:43 -08:00
Domen Kožar b9388e9711 fix kernel builds on 32bit linux 2014-11-11 07:06:09 +01:00
Eelco Dolstra e78a1603fc linux: Enable BPF_JIT only on 64-bit
It's not supported on i686.

http://hydra.nixos.org/build/16834647
2014-11-10 20:21:28 +01:00
Ricardo M. Correia c108ab47be grsecurity: Update stable and test patches
stable: 3.0-3.14.23-201411062033 -> 3.0-3.14.23-201411091053
test:   3.0-3.17.2-201411062034  -> 3.0-3.17.2-201411091054
2014-11-10 19:34:00 +01:00
Ricardo M. Correia 5701e40681 grsecurity: Update stable and test patches
stable: 3.0-3.14.23-201410312212 -> 3.0-3.14.23-201411062033
test:   3.0-3.17.2-201410312213  -> 3.0-3.17.2-201411062034
2014-11-09 02:47:54 +01:00
lethalman 27b79a0469 Merge pull request #4780 from ambrop72/kernel-ppp-filter
kernel: Enable PPP_FILTER by default.
2014-11-08 12:41:13 +01:00
William A. Kennington III d88c5eed1d kernel: Add more supported features 2014-11-08 02:44:19 -08:00
Domen Kožar a0696b4536 linux_3_12: fix hash 2014-11-07 12:39:04 +01:00
Eelco Dolstra 1d5147dd17 linux: Update to 3.12.32 2014-11-06 15:12:01 +01:00
Jonathan Rudenberg a97452a000 linux: Update testing 3.17-rc2 -> 3.18-rc3 2014-11-03 14:14:53 -05:00
ambrop7@gmail.com fc533f0e84 kernel: Enable PPP_FILTER by default.
pppd will try to use it to improve efficiency and complain if it's not available
(but is is not mandatory).
2014-11-02 15:10:09 +01:00
Ricardo M. Correia 268c72b92b grsecurity: Update stable and test patches
stable: 3.0-3.14.22-201410250026 -> 3.0-3.14.23-201410312212
test:   3.0-3.17.1-201410281754  -> 3.0-3.17.2-201410312213
2014-11-01 17:25:22 +01:00
Alexander Kjeldaas 85972fb58d Document likely breakage when people update the kernel. 2014-11-01 09:35:20 +01:00
William A. Kennington III 0467a79129 kernel: 3.16.6 -> 3.16.7 2014-10-30 14:39:17 -07:00
William A. Kennington III 5b37f998fd kernel: 3.14.22 -> 3.14.23 2014-10-30 14:38:41 -07:00
William A. Kennington III 3ff30fa254 kernel: 3.10.58 -> 3.10.59 2014-10-30 14:38:10 -07:00
William A. Kennington III 6e91f53d87 kernel: Add update script 2014-10-30 14:37:22 -07:00
Shea Levy 659db7e5b2 linux-3.17: bump 2014-10-30 13:09:18 -04:00
Ricardo M. Correia a9170c0dba grsecurity: Update stable and test patches
stable: 3.0-3.14.22-201410192047 -> 3.0-3.14.22-201410250026
test:   3.0-3.17.1-201410192051  -> 3.0-3.17.1-201410281754
2014-10-30 12:47:36 +01:00
Eelco Dolstra bac50c5c1f linux: Update to 3.12.31 2014-10-27 11:21:18 +01:00
lethalman 2c0cc6cedc Merge pull request #4587 from uzska/master
Added line SCSI_SAS_ATA y on line 62
2014-10-24 09:39:40 +02:00
Alexander Kjeldaas 005bb796e6 Updated grsec. 2014-10-22 02:18:41 +02:00
Eelco Dolstra 38ed4d4d0f linux: Enable FW_LOADER_USER_HELPER_FALLBACK
We don't really need this anymore, except that our docs say that you
can put firmware in /root/test-firmware, which doesn't work via
/sys/module/firmware_class/parameters/path.
2014-10-20 13:25:00 +02:00
uzska 0fa57137cf Added line SCSI_SAS_ATA y on line 62
This kernel change will make the nixOS live cd detect the hard drive upon boot.
2014-10-17 13:31:08 -07:00
William A. Kennington III 13b9917298 kernel: Fix missing ; 2014-10-16 13:58:18 -07:00
William A. Kennington III 1962fd80f6 kernel: 3.4.103 -> 3.4.104 2014-10-16 13:56:14 -07:00
William A. Kennington III fdb4e34459 kernel: 3.2.62 -> 3.2.63 2014-10-16 13:56:10 -07:00
William A. Kennington III 0a82ce360d kernel: 3.17 -> 3.17.1 2014-10-16 13:56:06 -07:00
William A. Kennington III b8ee248137 kernel: 3.16.4 -> 3.16.6 2014-10-16 13:56:01 -07:00
William A. Kennington III 287ce68d38 kernel: 3.14.20 -> 3.14.22 2014-10-16 13:55:55 -07:00
William A. Kennington III 8c138fd489 kernel: 3.12.29 -> 3.12.30 2014-10-16 13:55:50 -07:00
William A. Kennington III 242070abfc kernel: 3.10.56 -> 3.10.58 2014-10-16 13:55:38 -07:00
Ricardo M. Correia c615793317 grsecurity: Update stable and test patches
stable: 3.0-3.14.19-201409282024 -> 3.0-3.14.20-201410062037
test:   3.0-3.16.3-201409282025  -> 3.0-3.16.4-201410062041
2014-10-07 16:55:49 +02:00
William A. Kennington III 5b80f24b9d kernel: 3.16.3 -> 3.16.4 2014-10-05 21:34:31 -07:00
William A. Kennington III c2a301731a kernel: 3.14.19 -> 3.14.20 2014-10-05 21:34:18 -07:00
William A. Kennington III 4a2ecb2c62 kernel: 3.12.28 -> 3.12.29 2014-10-05 21:34:04 -07:00
William A. Kennington III c4c28e36e6 kernel: 3.10.55 -> 3.10.56 2014-10-05 21:33:50 -07:00
Michael Raskin 4397ec5cab Add Linux 3.17 2014-10-06 02:43:58 +04:00
Ricardo M. Correia bbdc35d4dd grsecurity: Update stable and test patches
stable: 3.0-3.14.19-201409180900 -> 3.0-3.14.19-201409282024
test:   3.0-3.16.3-201409180901  -> 3.0-3.16.3-201409282025
2014-09-29 14:44:20 +02:00
Ricardo M. Correia cf61fa8013 grsecurity: Update stable and test patches
stable: 3.0-3.14.18-201409060013 -> 3.0-3.14.19-201409180900
test:   3.0-3.16.2-201409060014  -> 3.0-3.16.3-201409180901
2014-09-25 23:37:26 +02:00
William A. Kennington III df12cc6ad0 kernel: 3.16.2 -> 3.16.3 2014-09-19 16:28:45 -07:00
William A. Kennington III a235f6fc70 kernel: 3.14.18 -> 3.14.19 2014-09-19 16:28:32 -07:00
William A. Kennington III 03f044bb5a kernel: 3.10.54 -> 3.10.55 2014-09-19 16:28:20 -07:00
Eelco Dolstra 19b1fafe5f linux: Update to 3.12.28 2014-09-08 15:49:27 +02:00
Ricardo M. Correia 238a84ac78 grsecurity: Update stable and test patches
stable: 3.0-3.14.17-201408260041 -> 3.0-3.14.18-201409060013
test:   3.0-3.15.10-201408212335 -> 3.0-3.16.2-201409060014
2014-09-08 15:16:38 +02:00
William A. Kennington III 844aef5bcf kernel: 3.16.1 -> 3.16.2 2014-09-06 18:10:13 -07:00
William A. Kennington III ed7ce2bd81 kernel: 3.14.17 -> 3.14.18 2014-09-06 18:10:01 -07:00
William A. Kennington III d3f80b36ba kernel: 3.10.53 -> 3.10.54 2014-09-06 18:09:48 -07:00
Daniel Peebles 0bb14e4fea Disable NFC on 3.17 or above
This should only be temporary, but there's a bug in the 3.17 rc1 and rc2 that leads to cyclic module dependencies and a segfault during the build process.
2014-08-29 01:49:32 -04:00
Daniel Peebles 1eb08ee693 Add patch to fix 3.17 build breakage (also submitted to lkml, but not yet merged) 2014-08-28 22:45:32 -04:00
Austin Seipp 2dc2699ca4 linux/grsec: updates
3.15.10 is EOL soon, but grsecurity/unstable hasn't moved to 3.16.x yet.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-08-27 15:14:19 -05:00
Eelco Dolstra ce6b86cc68 Fix various evaluation problems
http://hydra.nixos.org/build/13616685
2014-08-22 11:57:40 +02:00
Eelco Dolstra e4752d7877 linux: Enable ACLs in ext3
http://hydra.nixos.org/build/13462892
2014-08-18 14:33:09 +02:00
William A. Kennington III 83b2d409ff kernel: 3.2.60 -> 3.2.62 2014-08-14 12:48:06 -05:00
William A. Kennington III b07f77b2fb kernel: 3.4.101 -> 3.4.103 2014-08-14 12:46:53 -05:00
William A. Kennington III ca68015291 kernel: 3.10.51 -> 3.10.53 2014-08-14 12:45:14 -05:00
William A. Kennington III f143df3a09 kernel 3.14.15 -> 3.14.17 2014-08-14 12:44:25 -05:00
William A. Kennington III ca0aa7e8d1 kernel: 3.15.8 -> 3.15.10 2014-08-14 12:43:41 -05:00
William A. Kennington III e9ae222199 kernel: 3.16 -> 3.16.1 2014-08-14 12:42:53 -05:00
Eelco Dolstra 8a7f3c3618 Mark a bunch of packages as broken or not supported on Darwin 2014-08-08 17:59:02 +02:00
aszlig 4834717507
linux-kernel: Add new upstream version 3.16.
Also set linux_latest to it as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-04 02:41:54 +02:00
William A. Kennington III 317d4253ea kernel: 3.15.7 -> 3.15.8 2014-08-02 18:04:08 -05:00
William A. Kennington III 63cc1fd8ad kernel: 3.14.14 -> 3.14.15 2014-08-02 18:02:15 -05:00
William A. Kennington III eb9ee180d9 kernel: 3.12.25 -> 3.12.26 2014-08-02 18:00:46 -05:00
William A. Kennington III 89d5655670 kernel: 3.10.50 -> 3.10.51 2014-08-02 17:58:31 -05:00
William A. Kennington III ae11e59949 kernel: 3.4.100 -> 3.4.101 2014-08-02 17:56:53 -05:00
William A. Kennington III ff747dd24f kernel: 3.15.5 -> 3.15.7 2014-07-29 13:17:11 -05:00
William A. Kennington III 2494e2bb09 kernel: 3.14.12 -> 3.14.14 2014-07-29 13:15:42 -05:00
William A. Kennington III dd9a5aeade kernel: 3.10.48 -> 3.10.50 2014-07-29 13:13:38 -05:00
William A. Kennington III 47d50bf684 kernel: 3.4.98 -> 3.4.100 2014-07-29 13:08:37 -05:00
Mateusz Kowalczyk 7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
Eelco Dolstra 0852d9e364 linux: Update to 3.12.25 2014-07-24 18:14:53 +02:00
Bjørn Forsman 28cb0f58c4 linux: only enable CONFIG_NFS_SWAP for v3.6+ kernels
Linux v3.6 is the earliest version with CONFIG_NFS_SWAP support. This
change unbreaks NixOS tests for older kernels.
2014-07-16 12:13:06 +02:00
Ricardo M. Correia 85e444f4f8 linux: Enable NFSv4.1, v4.2 clients and swap on NFS
I'm only enabling for kernels >= 3.11 to be conservative, because clients and
servers automatically negotiate and use the highest mutually supported version
by default, but only in kernel 3.11 server NFSv4.1 support actually became RFC
compliant.

I'm also adding support for swap on NFS, which is enabled by default on
Ubuntu kernels.
2014-07-15 15:07:25 +02:00
Vladimír Čunát eb659e89b4 linux_*: update, including CVE-2014-4699 (most likely)
CC #3196. No updates yet on 3.2 and 3.12 branches.
2014-07-09 22:54:08 +02:00
Eelco Dolstra 1596c3a012 linux: Update to 3.12.24
CVE-2014-4508, CVE-2014-0206.
2014-07-07 18:21:34 +02:00
Ricardo M. Correia b50074929e grsecurity: Update stable and test patches
stable: 3.0-3.14.9-201406262057 -> 3.0-3.14.10-201407012152
test:   3.0-3.15.2-201406262058 -> 3.0-3.15.3-201407012153
2014-07-03 11:37:19 +02:00
Ricardo M. Correia d4243e2a00 linux: Update to 3.14.10 2014-07-03 11:35:28 +02:00
Michael Raskin e303e18608 Update Linux 3.15 to 3.15.3 2014-07-01 14:28:52 +04:00
Michael Raskin efb0c56db4 Update linux_testing and enable parallel build of Linux kernel 2014-06-30 10:52:33 +04:00
Michael Raskin 0ecfc6cb49 Merge pull request #2213 from thoughtpolice/kernel-config
nixos: make several kernel common-config options optional
2014-06-30 09:01:08 +04:00
Austin Seipp dd56bfbd00 kernel/grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-27 00:52:12 -05:00
Vladimír Čunát 7998a598b6 linux-3.13: remove, as it's vulnerable
CC #3090.
2014-06-26 11:50:15 +02:00
Vladimír Čunát 7f97fafe4f linux-3.12: security update .22 ->.23, CVE-2014-0206
CC #3090.
2014-06-26 11:33:00 +02:00
Austin Seipp 0399c5ee24 grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
Michael Raskin c68e3418fb Update 3.16-rc to -rc2: -rc1 has problems with mounting BtrFS, will test -rc2 2014-06-22 19:45:07 +04:00
Austin Seipp b8ede68b25 kernel/grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-21 22:13:49 -05:00
Michael Raskin 8297a26746 Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16. 2014-06-18 00:23:48 +02:00
Mathijs Kwik 5bc69209b1 linux-3.15: upgrade to 3.15.1 2014-06-17 08:17:38 +02:00
Eelco Dolstra 27c72f337b linux: Update to 3.12.22
Fixes CVE-2014-3153 (local privilege escalation via futex()).
2014-06-13 17:44:02 +02:00
William A. Kennington III 8bb2313915 kernel: Add 3.15 2014-06-08 16:39:47 -05:00
William A. Kennington III d91eacd720 kernel: 3.14.5 -> 3.14.6 (close #2868) 2014-06-08 09:12:05 +02:00
Austin Seipp b43421221f kernel/grsec: updates; add mainline package for brave souls
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-05 06:06:19 -05:00
Eelco Dolstra 246edc3df2 linux: Update to 3.12.21 2014-06-05 12:54:37 +02:00
William A. Kennington III 3a0b265af9 kernel: 3.14.4 -> 3.14.5 (close #2831) 2014-06-05 10:34:40 +02:00
Michael Raskin f9c05a3bad Merge pull request #2378 from wizeman/u/kernel-zram
linux: Add support for zram
2014-05-27 01:40:18 -07:00
Eelco Dolstra 2ee6c0c63e linux: Update to 3.12.20 2014-05-19 16:03:37 +02:00
Austin Seipp ac38b32974 kernel/grsec: another optional option
This should fix the testing kernels.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:57:10 -05:00
Austin Seipp e64e3ad88a kernel: only use DEBUG_STACKOVERFLOW if !grsecurity
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:56:52 -05:00
Austin Seipp 80d0e31a94 kernel: allow features to be used in common-config
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:49:32 -05:00
Austin Seipp 657998dbcb kernel/common-config: Another optional option
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 19:44:03 -05:00
Austin Seipp b5b434c98a kernel: make some common-config options optional for grsec
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
Austin Seipp 4f27ad14a1 grsec: refactor grsecurity packages
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Austin Seipp cb894d4fc3 grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp 92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp 3efdeef6a3 linux-3.{4,10}: update
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Eelco Dolstra 3d1d9bb7dd linux-3.12: Apply patch for CVE-2014-0196 2014-05-14 14:11:48 +02:00
Vladimír Čunát 9c8ee7a7e5 linux: minor updates, probably often fixing CVE-2014-0196 2014-05-13 20:00:21 +02:00
Eelco Dolstra abbf643ae2 linux: Update to 3.12.19
Backport: 14.04
2014-05-13 13:28:14 +02:00
Austin Seipp 92f7781f00 kernel/grsecurity: stable/longterm/testing updates
kernels:

  - longterm: 3.4.87  -> 3.4.88
  - longterm: 3.10.37 -> 3.10.38
  - stable:   3.13.10 -> 3.13.11
  - stable:   3.14.1  -> 3.14.2

grsecurity:

  - test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907

NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
Ricardo M. Correia efae8ce543 grsecurity: Update all patches
stable:  3.0-3.2.57-201404182109            -> 3.0-3.2.57-201404241714
test:    3.0-3.14.1-201404201132            -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
2014-04-25 04:41:58 +02:00
Ricardo M. Correia f0e3775f2e linux: Add support for zram 2014-04-24 23:47:08 +02:00
Vladimír Čunát 116d52c6df linux-3.12: bump .17 -> .18 2014-04-24 20:02:34 +02:00
Ricardo M. Correia 5d5ca7b260 grsecurity: Update all patches
stable:  3.0-3.2.57-201404131252            -> 3.0-3.2.57-201404182109
test:    3.0-3.13.10-201404141717           -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
Eelco Dolstra 4e8c2f0ff9 Merge branch 'systemd-update' 2014-04-20 19:31:01 +02:00
Eelco Dolstra 5da309fcaa linux: Enable SND_DYNAMIC_MINORS
This is necessary if you get:

  kernel: Too many HDMI devices
  kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
2014-04-18 21:50:00 +02:00
Eelco Dolstra 3f01caa89f linux: Enable transparent hugepages 2014-04-16 22:40:07 +02:00
Austin Seipp ba2f861f05 kernel: stable/longterm updates
- stable:   3.14    -> 3.14.1
 - longterm: 3.10.36 -> 3.10.37
 - longterm: 3.4.86  -> 3.4.86

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-14 19:46:39 -05:00
Ricardo M. Correia 1b113178ee grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717 2014-04-15 00:16:29 +02:00
Ricardo M. Correia 3a1c9a2945 linux: Update to 3.13.10 2014-04-15 00:16:29 +02:00
Eelco Dolstra 73b4b287bb linux: Don't use underscores in the timestamp 2014-04-14 21:06:04 +02:00
Austin Seipp 788d9a13fb grsecurity: stable/vserver/testing updates
- stable:  201404111812            -> 201404131252
 - vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
 - testing: 201404111815            -> 201404131254

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
Austin Seipp 172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp acbf28145c nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.

The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.

This is really just an arbitrary picking at the moment, but it should be
OK.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:39:29 -05:00
Ricardo M. Correia 5dfc6584a5 grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758 2014-04-10 00:37:33 +02:00
Ricardo M. Correia c50abd0e13 linux: Update to 3.2.57 2014-04-10 00:37:33 +02:00
Austin Seipp 3ff158289a lockdep: refactor into non-kernel package
Lockdep doesn't *really* require the kernel package - just the kernel
sources. It's really a user-space tool just compiled from some portable
code within the kernel, nothing more.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-08 19:21:55 -05:00