diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2016-06-19 12:33:04 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-06-19 12:33:04 +0200 |
commit | e75740455546f85cbf9849907b1f6520fdb487d8 (patch) | |
tree | 02ab162a81b88bcf1e116b6cbb180557c33ba9b9 /pkgs/os-specific | |
parent | a02e5ad9263e508b4df6a3e5841e95bace0e787b (diff) | |
parent | 410aad942fc82bbeb9c30a4fdf826ed33998a593 (diff) | |
download | nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.tar nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.tar.gz nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.tar.bz2 nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.tar.lz nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.tar.xz nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.tar.zst nixpkgs-e75740455546f85cbf9849907b1f6520fdb487d8.zip |
Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1279790
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/jfbview/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/jfbview/mupdf-1.9.patch | 28 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 20 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix | 43 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/grsecurity-nixos-kmod.patch (renamed from pkgs/os-specific/linux/kernel/grsecurity-path-4.5.patch) | 0 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.1.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.5.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.6.nix | 5 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-grsecurity.nix (renamed from pkgs/os-specific/linux/kernel/linux-grsecurity-4.5.nix) | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 41 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kmod-debian-aliases/default.nix | 9 | ||||
-rw-r--r-- | pkgs/os-specific/linux/odp-dpdk/default.nix | 40 |
13 files changed, 156 insertions, 50 deletions
diff --git a/pkgs/os-specific/linux/jfbview/default.nix b/pkgs/os-specific/linux/jfbview/default.nix index 31ba5e1152c..bad64a20cac 100644 --- a/pkgs/os-specific/linux/jfbview/default.nix +++ b/pkgs/os-specific/linux/jfbview/default.nix @@ -31,6 +31,10 @@ stdenv.mkDerivation rec { imlib2 ]; + patches = [ + ./mupdf-1.9.patch + ]; + configurePhase = '' # Hack. Probing (`ldconfig -p`) fails with ‘cannot execute binary file’. # Overriding `OPENJP2 =` later works, but makes build output misleading: diff --git a/pkgs/os-specific/linux/jfbview/mupdf-1.9.patch b/pkgs/os-specific/linux/jfbview/mupdf-1.9.patch new file mode 100644 index 00000000000..99d7377239b --- /dev/null +++ b/pkgs/os-specific/linux/jfbview/mupdf-1.9.patch @@ -0,0 +1,28 @@ +--- JFBView-0.5.2-src/Makefile 2016-06-11 23:27:54.969894750 -0700 ++++ JFBView-0.5.2-src/Makefile 2016-06-11 23:24:45.181142832 -0700 +@@ -134,13 +134,22 @@ + + .PHONY: detect_libopenjp2 + detect_libopenjp2: +- $(eval OPENJP2 = $(shell ldconfig -p | grep -q libopenjp2 && echo 'openjp2' || echo 'openjpeg')) ++ $(eval OPENJP2 = $(shell echo libopenjp2 | grep -q libopenjp2 && echo 'openjp2' || echo 'openjpeg')) + @echo "OPENJP2 = $(OPENJP2)" >> $(CONFIG_MK) + + # mupdf_version only depends on -lmupdf. + mupdf_version: mupdf_version.cpp +- $(CXX) $(CXXFLAGS) -o $@ $^ $(LDLIBS) -lmupdf +- ++ $(CXX) $(CXXFLAGS) -o $@ $^ $(LDLIBS) -lmupdf \ ++ -lpthread \ ++ -lform \ ++ -lncurses \ ++ -lfreetype \ ++ -lharfbuzz \ ++ -lz \ ++ -ljbig2dec \ ++ -ljpeg \ ++ -lmujs \ ++ -lopenjp2 + endif + + diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 3ce65a3f6e1..624d380fe56 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -261,9 +261,7 @@ with stdenv.lib; # Security related features. STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - ${optionalString (!(features.grsecurity or false)) '' - DEVKMEM n # Disable /dev/kmem - ''} + DEVKMEM n # Disable /dev/kmem ${if versionOlder version "3.14" then '' CC_STACKPROTECTOR? y # Detect buffer overflows on the stack '' else '' @@ -422,13 +420,11 @@ with stdenv.lib; # Virtualisation. PARAVIRT? y - ${optionalString (!(features.grsecurity or false)) - (if versionAtLeast version "3.10" then '' - HYPERVISOR_GUEST y - '' else '' - PARAVIRT_GUEST? y - '') - } + ${if versionAtLeast version "3.10" then '' + HYPERVISOR_GUEST y + '' else '' + PARAVIRT_GUEST? y + ''} KVM_APIC_ARCHITECTURE y KVM_ASYNC_PF y ${optionalString (versionOlder version "3.7") '' @@ -443,9 +439,7 @@ with stdenv.lib; ${optionalString (versionAtLeast version "4.0") '' KVM_GENERIC_DIRTYLOG_READ_PROTECT y ''} - ${optionalString (!features.grsecurity or true) '' - KVM_GUEST y - ''} + KVM_GUEST y KVM_MMIO y ${optionalString (versionAtLeast version "3.13") '' KVM_VFIO y diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix new file mode 100644 index 00000000000..894f2d8e364 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix @@ -0,0 +1,43 @@ +{ stdenv }: + +with stdenv.lib; + +'' +GRKERNSEC y +PAX y + +GRKERNSEC_CONFIG_AUTO y +GRKERNSEC_CONFIG_DESKTOP y +GRKERNSEC_CONFIG_VIRT_HOST y +GRKERNSEC_CONFIG_VIRT_EPT y +GRKERNSEC_CONFIG_VIRT_KVM y +GRKERNSEC_CONFIG_PRIORITY_SECURITY y + +PAX_PT_PAX_FLAGS y +PAX_XATTR_PAX_FLAGS n +PAX_EI_PAX n + +GRKERNSEC_PROC_GID 0 + +PAX_LATENT_ENTROPY n +PAX_SIZE_OVERFLOW n +GRKERNSEC_HIDESYM n +GRKERNSEC_RANDSTRUCT n +GRKERNSEC_PROC n +GRKERNSEC_SYSFS_RESTRICT n +GRKERNSEC_KMEM n +GRKERNSEC_MODHARDEN n +GRKERNSEC_NO_SIMULT_CONNECT n + +PAX_KERNEXEC_PLUGIN_METHOD_BTS y + +GRKERNSEC_ACL_HIDEKERN y +GRKERNSEC_IO y + +GRKERNSEC_AUDIT_PTRACE y +GRKERNSEC_FORKFAIL y + +GRKERNSEC_SYSCTL y +GRKERNSEC_SYSCTL_DISTRO y +GRKERNSEC_SYSCTL_ON y +'' diff --git a/pkgs/os-specific/linux/kernel/grsecurity-path-4.5.patch b/pkgs/os-specific/linux/kernel/grsecurity-nixos-kmod.patch index e0430a69c95..e0430a69c95 100644 --- a/pkgs/os-specific/linux/kernel/grsecurity-path-4.5.patch +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-kmod.patch diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index 57e239c1d09..1e8932ad598 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.1.20"; + version = "4.1.25"; extraMeta.branch = "4.1"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1dpq8dgj351jzm7n6330a4xriz9dxv7d9wxzj9zn9q7ya22np9gs"; + sha256 = "0rfs5vn9ggymd426jr4gkhgk9bnn1g9c5x7k3xgfh4i08mq1920f"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index e89a53d21bf..4bc501a3ba2 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.4.11"; + version = "4.4.12"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1c0lqk2q4hf8jx6myhcqgh2509d36wx87l5k5cl3xfsnrzrpclrs"; + sha256 = "1r96jyvm44615f5zh5sn04zx7y8bllpx12lx1zjkns66i4ddv0rq"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.5.nix b/pkgs/os-specific/linux/kernel/linux-4.5.nix index 84d48865bcb..94561ed2e54 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.5.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.5.5"; + version = "4.5.6"; extraMeta.branch = "4.5"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0l7wnilqqhg3im2v04g6k2x621yckdb9bpfh8s8jq9l2fixjln99"; + sha256 = "1bdyviimgnc4zbgd9v1xk87sj9h8cprjykifriddwslqxyr2yh0y"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.6.nix b/pkgs/os-specific/linux/kernel/linux-4.6.nix index 0a85af58473..6223a55c467 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.6.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.6.nix @@ -1,13 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.6"; - modDirVersion = "4.6.0"; + version = "4.6.2"; extraMeta.branch = "4.6"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "a93771cd5a8ad27798f22e9240538dfea48d3a2bf2a6a6ab415de3f02d25d866"; + sha256 = "e158f3c69da87c2ec28d0f194dbe18b05e0d0b9e1142566615cea3390bab1c6a"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.5.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix index 94561ed2e54..63db1779014 100644 --- a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.5.nix +++ b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.5.6"; + version = "4.5.7"; extraMeta.branch = "4.5"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1bdyviimgnc4zbgd9v1xk87sj9h8cprjykifriddwslqxyr2yh0y"; + sha256 = "0azvh7lf9kak1xcs5f9smlvx4gkf45vyandizmxhx0zyjlhacw60"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 59fa93480cf..09280cd9063 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -18,20 +18,20 @@ let }; }; - grsecPatch = { grversion ? "3.1", kernel, patches, kversion, revision, branch ? "test", sha256 }: - assert kversion == kernel.version; - { name = "grsecurity-${grversion}-${kversion}"; - inherit grversion kernel patches kversion revision; + grsecPatch = { grbranch ? "test", grver ? "3.1", kver, grrev, sha256 }: rec { + name = "grsecurity-${grver}-${kver}-${grrev}"; + + # Pass these along to allow the caller to determine compatibility + inherit grver kver grrev; + + patch = fetchurl { # When updating versions/hashes, ALWAYS use the official version; we use # this mirror only because upstream removes sources files immediately upon # releasing a new version ... - patch = fetchurl { - url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/test/grsecurity-${grversion}-${kversion}-${revision}.patch"; - inherit sha256; - }; - features.grsecurity = true; + url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch"; + inherit sha256; }; - + }; in rec { @@ -92,19 +92,18 @@ rec { grsecurity_4_4 = throw "grsecurity stable is no longer supported"; - grsecurity_4_5 = grsecPatch - { kernel = pkgs.grsecurity_base_linux_4_5; - patches = [ grsecurity_fix_path_4_5 ]; - kversion = "4.5.6"; - revision = "201606051644"; - sha256 = "1ympym3kpaychd1qsb10hn5ffv8w83ccfmb631hj4jk69xwrry9m"; + grsecurity_testing = grsecPatch + { kver = "4.5.7"; + grrev = "201606142010"; + sha256 = "00lg4zlxxcl9a27vxl4c4cv6adsdvl00kkbl6s97523vsvsvy1q0"; }; - grsecurity_latest = grsecurity_4_5; - - grsecurity_fix_path_4_5 = - { name = "grsecurity-fix-path-4.5"; - patch = ./grsecurity-path-4.5.patch; + # This patch relaxes grsec constraints on the location of usermode helpers, + # e.g., modprobe, to allow calling into the Nix store. + grsecurity_nixos_kmod = + { + name = "grsecurity-nixos-kmod"; + patch = ./grsecurity-nixos-kmod.patch; }; crc_regression = diff --git a/pkgs/os-specific/linux/kmod-debian-aliases/default.nix b/pkgs/os-specific/linux/kmod-debian-aliases/default.nix index 13fe500286d..0fbf7821147 100644 --- a/pkgs/os-specific/linux/kmod-debian-aliases/default.nix +++ b/pkgs/os-specific/linux/kmod-debian-aliases/default.nix @@ -1,13 +1,12 @@ { stdenv, fetchurl, lib }: -let - version = "21-1"; -in -stdenv.mkDerivation { + +stdenv.mkDerivation rec { name = "kmod-debian-aliases-${version}.conf"; + version = "22-1.1"; src = fetchurl { url = "mirror://debian/pool/main/k/kmod/kmod_${version}.debian.tar.xz"; - sha256 = "1abpf8g3yx972by2xpmz6dwwyc1pgh6gjbvrivmrsws69vs0xjsy"; + sha256 = "0daap2n4bvjqcnksaayy6csmdb1px4r02w3xp36bcp6w3lbnqamh"; }; installPhase = '' diff --git a/pkgs/os-specific/linux/odp-dpdk/default.nix b/pkgs/os-specific/linux/odp-dpdk/default.nix new file mode 100644 index 00000000000..85a6675ee90 --- /dev/null +++ b/pkgs/os-specific/linux/odp-dpdk/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchgit, autoreconfHook, openssl, libpcap, dpdk, bash }: + +stdenv.mkDerivation rec { + name = "odp-dpdk-${version}"; + version = "1.8.0.0"; + + src = fetchgit { + url = "https://git.linaro.org/lng/odp-dpdk.git"; + rev = "438a207a39bad213cdc03929452a8199caef5d8c"; + sha256 = "0k4g5zbirbfdcgqz0nbn9san66y178qnigyvrr2apj3apzjjy7zv"; + }; + + nativeBuildInputs = [ autoreconfHook bash ]; + buildInputs = [ stdenv openssl dpdk libpcap ]; + + RTE_SDK = "${dpdk}"; + RTE_TARGET = "x86_64-native-linuxapp-gcc"; + + patchPhase = '' + substituteInPlace scripts/git_hash.sh --replace /bin/bash /bin/sh + echo -n ${version} > .scmversion + ''; + + dontDisableStatic = true; + + configureFlags = [ + "--with-platform=linux-dpdk" + "--disable-shared" + "--disable-shared-dpdk" + "--with-sdk-install-path=${dpdk}/${RTE_TARGET}" + ]; + + meta = with stdenv.lib; { + description = "Open Data Plane optimized for DPDK"; + homepage = http://www.opendataplane.org; + license = licenses.bsd3; + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.abuibrahim ]; + }; +} |