diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2019-12-26 14:16:15 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2019-12-26 14:17:36 +0100 |
| commit | 77b6c3cd06a679140fb5a44f81f904497007f333 (patch) | |
| tree | e8ed1606b326cdafba719cc2a14c527c1b601f2e /pkgs/os-specific/linux/kernel | |
| parent | 602bccd1a8262d4e6bd787838d21fc3c2c1c50ba (diff) | |
| parent | 4d2dd1554618831f0a5b159b8a4dff86612c02a9 (diff) | |
| download | nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.gz nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.bz2 nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.lz nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.xz nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.zst nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.zip | |
Merge remote-tracking branch 'origin/master' into gcc-9
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
18 files changed, 105 insertions, 31 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 736e872f1ba..4bd86a70267 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -363,6 +363,7 @@ let SECURITY_APPARMOR = yes; DEFAULT_SECURITY_APPARMOR = yes; + SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" yes; } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { # Detect buffer overflows on the stack @@ -716,6 +717,9 @@ let # Enable AMD's ROCm GPU compute stack HSA_AMD = whenAtLeast "4.20" yes; + ZONE_DEVICE = whenAtLeast "5.3" yes; + HMM_MIRROR = whenAtLeast "5.3" yes; + DRM_AMDGPU_USERPTR = whenAtLeast "5.3" yes; PREEMPT = no; PREEMPT_VOLUNTARY = yes; @@ -739,6 +743,9 @@ let } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") { # Enables support for the Allwinner Display Engine 2.0 SUN8I_DE2_CCU = whenAtLeast "4.13" yes; + + # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 + CRYPTO_AEGIS128_SIMD = no; }; }; in diff --git a/pkgs/os-specific/linux/kernel/generate-config.pl b/pkgs/os-specific/linux/kernel/generate-config.pl index 26fc07202bb..26c559ea908 100644 --- a/pkgs/os-specific/linux/kernel/generate-config.pl +++ b/pkgs/os-specific/linux/kernel/generate-config.pl @@ -136,10 +136,12 @@ while (<CONFIG>) { } close CONFIG; +my $ret = 0; foreach my $name (sort (keys %answers)) { my $f = $requiredAnswers{$name} && $ignoreConfigErrors ne "1" - ? sub { die "error: " . $_[0]; } : sub { warn "warning: " . $_[0]; }; + ? sub { warn "error: " . $_[0]; $ret = -1; } : sub { warn "warning: " . $_[0]; }; &$f("unused option: $name\n") unless defined $config{$name}; &$f("option not set correctly: $name (wanted '$answers{$name}', got '$config{$name}')\n") if $config{$name} && $config{$name} ne $answers{$name}; } +exit $ret; diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 74d49210fd2..f18a605f46e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.151"; + version = "4.14.160"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1bizb1wwni5r4m5i0mrsqbc5qw73lwrfrdadm09vbfz9ir19qlgz"; + sha256 = "0b59xyr8if0qcbnwqa88y275g9rzhjbbp8589i8xxpmws6x2c0y6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index e3a9b79e235..614f1f0b255 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.81"; + version = "4.19.91"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "17g2wiaa7l7mxi72k79drxij2zqk3nsj8wi17bl4nfvb1ypc2gi9"; + sha256 = "0irl5jlh5rrdfz5g28x4ifbillvspwd8fy4wi3qhmv9dw7gc60zl"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index b68f791cdcc..e63f96d6876 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.198"; + version = "4.4.207"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "04pkryy1lc75c88vq5wcjjcxs43i7bb8hhplbfi6s204ipc0iy7c"; + sha256 = "024flajnl3l4yk8sgqdrfrl21js4vsjcv4ivmjblj4l9fl3hdjb6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 3d9bb239cf5..27e802f6107 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.198"; + version = "4.9.207"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1b05jra6q695s1d4rzdr39i6m8xsi5xjrdn73sgwzvx0dgxfnwlm"; + sha256 = "090181vij95py22jhx7baaxabb78w0j5hsfsnzp6bv2vgdz671na"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.3.nix b/pkgs/os-specific/linux/kernel/linux-5.3.nix index 8d6c9f7a1c5..d83f0fb9813 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.3.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.3.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.3.8"; + version = "5.3.18"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0jb6yya9yx4z52p5m32dqj0kgc6aaz9df8mvq0hzy40bqb3czwvq"; + sha256 = "133342nv9ddjad2rizmcbilg9rhg339sfqr9l77j4cgkqhblkw90"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.2.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index d3794616d8c..8fdb4f47e4f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.2.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.2.21"; + version = "5.4.6"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0f1mick15d0m7yhhhdwai03wmczvkm9cg38w2ivgmgysfpzy73ls"; + sha256 = "1j4916izy2nrzq7g6m5m365r60hhhx9rqcanjvaxv5x3vsy639gx"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index d29a2382c2a..707ca7ff7ec 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,11 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - - # Update this if linux_latest-libre fails to build. - # $ curl https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/ | grep -Eo 'Revision [0-9]+' - rev = "16794"; - sha256 = "1lpaka4hs7yrpnrzfybd6radjylwvw2p4aly68pypykqs2srvm7j"; + rev = "17145"; + sha256 = "0hyd7wp73w4555d42xcvk4x4nxrfckbzah2ckb4d2aqzxab87789"; } , ... }: @@ -36,6 +33,8 @@ in linux.override { ''; }; + passthru.updateScript = ./update-libre.sh; + maintainers = [ lib.maintainers.qyliss ]; }; } diff --git a/pkgs/os-specific/linux/kernel/linux-rpi.nix b/pkgs/os-specific/linux/kernel/linux-rpi.nix index f8ad6b37a19..6f5f2524276 100644 --- a/pkgs/os-specific/linux/kernel/linux-rpi.nix +++ b/pkgs/os-specific/linux/kernel/linux-rpi.nix @@ -1,8 +1,8 @@ { stdenv, lib, buildPackages, fetchFromGitHub, perl, buildLinux, rpiVersion, ... } @ args: let - modDirVersion = "4.19.71"; - tag = "1.20190906"; + modDirVersion = "4.19.75"; + tag = "1.20190925"; in lib.overrideDerivation (buildLinux (args // { version = "${modDirVersion}-${tag}"; @@ -11,8 +11,8 @@ lib.overrideDerivation (buildLinux (args // { src = fetchFromGitHub { owner = "raspberrypi"; repo = "linux"; - rev = "9532eb3c84d8d952ef28da3d135683ac01adc9b8"; - sha256 = "0168wz8kkdzbyha41iqlgn1z1kcy4smg89rgxkgadzq78y7fglpl"; + rev = "raspberrypi-kernel_${tag}-1"; + sha256 = "0l91kb4jjxg4fcp7d2aqm1fj34ns137rys93k907mdgnarcliafs"; }; defconfig = { @@ -33,7 +33,7 @@ lib.overrideDerivation (buildLinux (args // { platforms = with lib.platforms; [ arm aarch64 ]; hydraPlatforms = [ "aarch64-linux" ]; }; -})) (oldAttrs: { +} // (args.argsOverride or {}))) (oldAttrs: { postConfigure = '' # The v7 defconfig has this set to '-v7' which screws up our modDirVersion. sed -i $buildRoot/.config -e 's/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=""/' diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 8096684b137..f89a7c93730 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,15 +3,15 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4-rc6"; - extraMeta.branch = "5.4"; + version = "5.5-rc2"; + extraMeta.branch = "5.5"; # modDirVersion needs to be x.y.z, will always add .0 modDirVersion = if (modDirVersionArg == null) then builtins.replaceStrings ["-"] [".0-"] version else modDirVersionArg; src = fetchurl { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - sha256 = "0ypazqr6z0n8fwaawxca0i56bwd4g4q2bw5qwayf0f4402m34xdh"; + sha256 = "1fs432ld5k1j68hflqdxby9mxa6a7xnw1m6z5lfb9341gjw078xc"; }; # Should the testing kernels ever be built on Hydra? diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 87fa9c8f08e..d206910732c 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -179,7 +179,7 @@ let '' else "") + (if isModular then '' mkdir -p $dev cp vmlinux $dev/ - if [ -z "$dontStrip" ]; then + if [ -z "''${dontStrip-}" ]; then installFlagsArray+=("INSTALL_MOD_STRIP=1") fi make modules_install $makeFlags "''${makeFlagsArray[@]}" \ diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index fa5b168389b..2af64c2ddc4 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -6,6 +6,16 @@ patch = ./bridge-stp-helper.patch; }; + request_key_helper = + { name = "request-key-helper"; + patch = ./request-key-helper.patch; + }; + + request_key_helper_updated = + { name = "request-key-helper-updated"; + patch = ./request-key-helper-updated.patch; + }; + p9_fixes = { name = "p9-fixes"; patch = ./p9-fixes.patch; diff --git a/pkgs/os-specific/linux/kernel/perf.nix b/pkgs/os-specific/linux/kernel/perf.nix index 21615f62a3d..163fc391cf9 100644 --- a/pkgs/os-specific/linux/kernel/perf.nix +++ b/pkgs/os-specific/linux/kernel/perf.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, kernel, elfutils, python, perl, newt, slang, asciidoc, xmlto, makeWrapper +{ lib, stdenv, kernel, elfutils, python2, python3, perl, newt, slang, asciidoc, xmlto, makeWrapper , docbook_xsl, docbook_xml_dtd_45, libxslt, flex, bison, pkgconfig, libunwind, binutils , libiberty, audit, libbfd, libopcodes, openssl, systemtap, numactl , zlib, withGtk ? false, gtk2 ? null @@ -36,12 +36,13 @@ stdenv.mkDerivation { # perf refers both to newt and slang nativeBuildInputs = [ asciidoc xmlto docbook_xsl docbook_xml_dtd_45 libxslt - flex bison libiberty audit makeWrapper pkgconfig python perl + flex bison libiberty audit makeWrapper pkgconfig ]; buildInputs = [ elfutils newt slang libunwind libbfd zlib openssl systemtap.stapBuild numactl - libopcodes - ] ++ stdenv.lib.optional withGtk gtk2; + libopcodes python3 perl + ] ++ stdenv.lib.optional withGtk gtk2 + ++ (if (versionAtLeast kernel.version "4.19") then [ python3 ] else [ python2 ]); # Note: we don't add elfutils to buildInputs, since it provides a # bad `ld' and other stuff. diff --git a/pkgs/os-specific/linux/kernel/request-key-helper-updated.patch b/pkgs/os-specific/linux/kernel/request-key-helper-updated.patch new file mode 100644 index 00000000000..aabb9e801be --- /dev/null +++ b/pkgs/os-specific/linux/kernel/request-key-helper-updated.patch @@ -0,0 +1,13 @@ +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 88172c163953..4da74a1eebb2 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -161,7 +161,7 @@ static int call_sbin_request_key(struct key_construction *cons, + + /* set up the argument list */ + i = 0; +- argv[i++] = "/sbin/request-key"; ++ argv[i++] = "/run/current-system/sw/bin/request-key"; + argv[i++] = (char *) op; + argv[i++] = key_str; + argv[i++] = uid_str; diff --git a/pkgs/os-specific/linux/kernel/request-key-helper.patch b/pkgs/os-specific/linux/kernel/request-key-helper.patch new file mode 100644 index 00000000000..8264e265aed --- /dev/null +++ b/pkgs/os-specific/linux/kernel/request-key-helper.patch @@ -0,0 +1,13 @@ +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 957b9e3e1492..5436a0d8b81d 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -114,7 +114,7 @@ static int call_usermodehelper_keys(const char *path, char **argv, char **envp, + */ + static int call_sbin_request_key(struct key *authkey, void *aux) + { +- static char const request_key[] = "/sbin/request-key"; ++ static char const request_key[] = "/run/current-system/sw/bin/request-key"; + struct request_key_auth *rka = get_request_key_auth(authkey); + const struct cred *cred = current_cred(); + key_serial_t prkey, sskey; diff --git a/pkgs/os-specific/linux/kernel/update-libre.sh b/pkgs/os-specific/linux/kernel/update-libre.sh new file mode 100755 index 00000000000..3b8a00edcda --- /dev/null +++ b/pkgs/os-specific/linux/kernel/update-libre.sh @@ -0,0 +1,26 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p nix-prefetch-svn git curl +set -euo pipefail + +nixpkgs="$(git rev-parse --show-toplevel)" +path="$nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix" + +old_rev="$(grep -o 'rev = ".*"' "$path" | awk -F'"' '{print $2}')" + +svn_url=https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/ +rev="$(curl -s "$svn_url" | grep -Em 1 -o 'Revision [0-9]+' | awk '{print $2}')" + +if [ "$old_rev" = "$rev" ]; then + echo "No updates for linux-libre" + exit 0 +fi + +sha256="$(QUIET=1 nix-prefetch-svn "$svn_url" "$rev" | tail -1)" + +sed -i -e "s/rev = \".*\"/rev = \"$rev\"/" \ + -e "s/sha256 = \".*\"/sha256 = \"$sha256\"/" "$path" + +if [ -n "$COMMIT" ]; then + git commit -qm "linux_latest-libre: $old_rev -> $rev" "$path" + echo "Updated linux_latest-libre $old_rev -> $rev" +fi diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh index 7a86b05dafc..dbfa052d292 100755 --- a/pkgs/os-specific/linux/kernel/update.sh +++ b/pkgs/os-specific/linux/kernel/update.sh @@ -57,3 +57,6 @@ ls $NIXPKGS/pkgs/os-specific/linux/kernel | while read FILE; do echo "Updated $OLDVER -> $V" done + +# Update linux-libre +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh |