mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Code Issues Wiki Activity
nixpkgs/pkgs/os-specific/linux/zfs/default.nix
Clemens Fruhwirth 43a737b81c Disable fortify and stackprotector hardening for spl/zfs. 
Linux 4.16 introduces a stackprotector detection script that returns
different results for the kernel compilation run and the spl/zfs
compilation run, as the setting for hardening are different. This
results in a broken ABI between spl/zfs and the compiled kernel,
breaking ZFS. Also disabling the fortify and stackprotector hardening,
as we do for the kernel, fixes that.
2018-06-25 16:55:42 +02:00

222 lines
8.2 KiB
Nix
Raw Blame History

{ stdenv, fetchFromGitHub, autoreconfHook, utillinux, nukeReferences, coreutils
, perl, fetchpatch
, configFile ? "all"
# Userspace dependencies
, zlib, libuuid, python, attr, openssl
, libtirpc
, nfs-utils
, gawk, gnugrep, gnused, systemd
# Kernel dependencies
, kernel ? null, spl ? null, splUnstable ? null, splLegacyCrypto ? null
}:
with stdenv.lib;
let
buildKernel = any (n: n == configFile) [ "kernel" "all" ];
buildUser = any (n: n == configFile) [ "user" "all" ];
common = { version
, sha256
, extraPatches
, spl
, rev ? "zfs-${version}"
, isUnstable ? false
, isLegacyCrypto ? false
, incompatibleKernelVersion ? null } @ args:
if buildKernel &&
(incompatibleKernelVersion != null) &&
versionAtLeast kernel.version incompatibleKernelVersion then
throw ''
Linux v${kernel.version} is not yet supported by zfsonlinux v${version}.
${stdenv.lib.optionalString (!isUnstable) "Try zfsUnstable or set the NixOS option boot.zfs.enableUnstable."}
''
else stdenv.mkDerivation rec {
name = "zfs-${configFile}-${version}${optionalString buildKernel "-${kernel.version}"}";
src = fetchFromGitHub {
owner = "zfsonlinux";
repo = "zfs";
inherit rev sha256;
};
patches = extraPatches;
postPatch = optionalString buildKernel ''
patchShebangs scripts
'' + optionalString stdenv.hostPlatform.isMusl ''
substituteInPlace config/user-libtirpc.m4 \
--replace /usr/include/tirpc ${libtirpc}/include/tirpc
'';
nativeBuildInputs = [ autoreconfHook nukeReferences ]
++ optional buildKernel (kernel.moduleBuildDependencies ++ [ perl ]);
buildInputs =
optionals buildKernel [ spl ]
++ optionals buildUser [ zlib libuuid python attr ]
++ optionals (buildUser && (isUnstable || isLegacyCrypto)) [ openssl ]
++ optional stdenv.hostPlatform.isMusl [ libtirpc ];
# for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work
NIX_CFLAGS_LINK = "-lgcc_s";
hardeningDisable = [ "fortify" "stackprotector" "pic" ];
preConfigure = ''
substituteInPlace ./module/zfs/zfs_ctldir.c --replace "umount -t zfs" "${utillinux}/bin/umount -t zfs"
substituteInPlace ./module/zfs/zfs_ctldir.c --replace "mount -t zfs" "${utillinux}/bin/mount -t zfs"
substituteInPlace ./lib/libzfs/libzfs_mount.c --replace "/bin/umount" "${utillinux}/bin/umount"
substituteInPlace ./lib/libzfs/libzfs_mount.c --replace "/bin/mount" "${utillinux}/bin/mount"
substituteInPlace ./lib/libshare/nfs.c --replace "/usr/sbin/exportfs" "${nfs-utils}/bin/exportfs"
substituteInPlace ./cmd/ztest/ztest.c --replace "/usr/sbin/ztest" "$out/sbin/ztest"
substituteInPlace ./cmd/ztest/ztest.c --replace "/usr/sbin/zdb" "$out/sbin/zdb"
substituteInPlace ./config/user-systemd.m4 --replace "/usr/lib/modules-load.d" "$out/etc/modules-load.d"
substituteInPlace ./config/zfs-build.m4 --replace "\$sysconfdir/init.d" "$out/etc/init.d"
substituteInPlace ./etc/zfs/Makefile.am --replace "\$(sysconfdir)" "$out/etc"
substituteInPlace ./cmd/zed/Makefile.am --replace "\$(sysconfdir)" "$out/etc"
substituteInPlace ./module/Makefile.in --replace "/bin/cp" "cp"
substituteInPlace ./etc/systemd/system/zfs-share.service.in \
--replace "/bin/rm " "${coreutils}/bin/rm "
for f in ./udev/rules.d/*
do
substituteInPlace "$f" --replace "/lib/udev/vdev_id" "$out/lib/udev/vdev_id"
done
substituteInPlace ./cmd/vdev_id/vdev_id \
--replace "PATH=/bin:/sbin:/usr/bin:/usr/sbin" \
"PATH=${makeBinPath [ coreutils gawk gnused gnugrep systemd ]}"
./autogen.sh
configureFlagsArray+=("--libexecdir=$out/libexec")
'';
configureFlags = [
"--with-config=${configFile}"
] ++ optionals buildUser [
"--with-dracutdir=$(out)/lib/dracut"
"--with-udevdir=$(out)/lib/udev"
"--with-systemdunitdir=$(out)/etc/systemd/system"
"--with-systemdpresetdir=$(out)/etc/systemd/system-preset"
"--with-systemdgeneratordir=$(out)/lib/systemd/system-generator"
"--with-mounthelperdir=$(out)/bin"
"--sysconfdir=/etc"
"--localstatedir=/var"
"--enable-systemd"
] ++ optionals buildKernel [
"--with-spl=${spl}/libexec/spl"
"--with-linux=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"
"--with-linux-obj=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
];
enableParallelBuilding = true;
installFlags = [
"sysconfdir=\${out}/etc"
"DEFAULT_INITCONF_DIR=\${out}/default"
];
postInstall = ''
# Prevent kernel modules from depending on the Linux -dev output.
nuke-refs $(find $out -name "*.ko")
'' + optionalString buildUser ''
# Remove provided services as they are buggy
rm $out/etc/systemd/system/zfs-import-*.service
sed -i '/zfs-import-scan.service/d' $out/etc/systemd/system/*
for i in $out/etc/systemd/system/*; do
substituteInPlace $i --replace "zfs-import-cache.service" "zfs-import.target"
done
# Fix pkgconfig.
ln -s ../share/pkgconfig $out/lib/pkgconfig
# Remove tests because they add a runtime dependency on gcc
rm -rf $out/share/zfs/zfs-tests
'';
outputs = [ "out" ] ++ optionals buildUser [ "lib" "dev" ];
meta = {
description = "ZFS Filesystem Linux Kernel module";
longDescription = ''
ZFS is a filesystem that combines a logical volume manager with a
Copy-On-Write filesystem with data integrity detection and repair,
snapshotting, cloning, block devices, deduplication, and more.
'';
homepage = http://zfsonlinux.org/;
license = licenses.cddl;
platforms = platforms.linux;
maintainers = with maintainers; [ jcumming wizeman wkennington fpletz globin ];
};
};
in {
# also check if kernel version constraints in
# ./nixos/modules/tasks/filesystems/zfs.nix needs
# to be adapted
zfsStable = common {
# comment/uncomment if breaking kernel versions are known
incompatibleKernelVersion = null;
# this package should point to the latest release.
version = "0.7.9";
sha256 = "0krpxrvnda2jx6l71xhw9fsksyp2a6h9l9asppac3szsd1n7fp9n";
extraPatches = [
(fetchpatch {
url = "https://github.com/Mic92/zfs/compare/zfs-0.7.0-rc3...nixos-zfs-0.7.0-rc3.patch";
sha256 = "1vlw98v8xvi8qapzl1jwm69qmfslwnbg3ry1lmacndaxnyckkvhh";
})
];
inherit spl;
};
zfsUnstable = common rec {
# comment/uncomment if breaking kernel versions are known
incompatibleKernelVersion = null;
# this package should point to a version / git revision compatible with the latest kernel release
version = "2018-05-22";
rev = "ba863d0be4cbfbea938b10e49fb6ff459ac9ec20";
sha256 = "11dhigw1gybalwg2m6si148b6w195dj2lw38snqf6576wb5zndd0";
isUnstable = true;
extraPatches = [
(fetchpatch {
url = "https://github.com/Mic92/zfs/compare/${rev}...nixos-zfs-2018-02-02.patch";
sha256 = "1gqmgqi39qhk5kbbvidh8f2xqq25vj58i9x0wjqvcx6a71qj49ch";
})
];
spl = splUnstable;
};
# TODO: Remove this module before 18.09
# also remove boot.zfs.enableLegacyCrypto
zfsLegacyCrypto = common {
# comment/uncomment if breaking kernel versions are known
incompatibleKernelVersion = null;
# this package should point to a version / git revision compatible with the latest kernel release
version = "2018-02-01";
rev = "4c46b99d24a6e71b3c72462c11cb051d0930ad60";
sha256 = "011lcp2x44jgfzqqk2gjmyii1v7rxcprggv20prxa3c552drsx3c";
isUnstable = true;
extraPatches = [
(fetchpatch {
url = "https://github.com/Mic92/zfs/compare/4c46b99d24a6e71b3c72462c11cb051d0930ad60...nixos-zfs-2018-02-01.patch";
sha256 = "1gqmgqi39qhk5kbbvidh8f2xqq25vj58i9x0wjqvcx6a71qj49ch";
})
];
spl = splLegacyCrypto;
};
}
View git blame Copy permalink