diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel/manual-config.nix')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/manual-config.nix | 104 |
1 files changed, 62 insertions, 42 deletions
diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 3a2682b2cfe..77add0aef53 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,6 +1,5 @@ -{ buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils -, utillinuxMinimal +{ lib, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl +, libelf, cpio, elfutils, zstd, gawk, python3Minimal , writeTextFile }: @@ -15,10 +14,13 @@ let echo "}" >> $out '').outPath; in { + lib, # Allow overriding stdenv on each buildLinux call stdenv, # The kernel version version, + # Additional kernel make flags + extraMakeFlags ? [], # The version of the kernel module directory modDirVersion ? version, # The kernel source (tarball, git checkout, etc.) @@ -29,12 +31,18 @@ in { configfile, # Manually specified nixexpr representing the config # If unspecified, this will be autodetected from the .config - config ? stdenv.lib.optionalAttrs allowImportFromDerivation (readConfig configfile), + config ? lib.optionalAttrs allowImportFromDerivation (readConfig configfile), # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is # automatically extended with extra per-version and per-config values. randstructSeed ? "", # Use defaultMeta // extraMeta extraMeta ? {}, + + # for module compatibility + isZen ? false, + isLibre ? false, + isHardened ? false, + # Whether to utilize the controversial import-from-derivation feature to parse the config allowImportFromDerivation ? false, # ignored @@ -42,11 +50,11 @@ in { }: let - inherit (stdenv.lib) + inherit (lib) hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms; # Dependencies that are required to build kernel modules - moduleBuildDependencies = optional (stdenv.lib.versionAtLeast version "4.14") libelf; + moduleBuildDependencies = optional (lib.versionAtLeast version "4.14") libelf; installkernel = writeTextFile { name = "installkernel"; executable=true; text = '' #!${stdenv.shell} -e @@ -57,10 +65,10 @@ let commonMakeFlags = [ "O=$(buildRoot)" - ] ++ stdenv.lib.optionals (stdenv.hostPlatform.platform ? kernelMakeFlags) - stdenv.hostPlatform.platform.kernelMakeFlags; + ] ++ lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) + stdenv.hostPlatform.linux-kernel.makeFlags; - drvAttrs = config_: platform: kernelPatches: configfile: + drvAttrs = config_: kernelConf: kernelPatches: configfile: let config = let attrName = attr: "CONFIG_" + attr; in { isSet = attr: hasAttr (attrName attr) config; @@ -82,11 +90,15 @@ let installsFirmware = (config.isEnabled "FW_LOADER") && (isModular || (config.isDisabled "FIRMWARE_IN_KERNEL")) && - (stdenv.lib.versionOlder version "4.14"); + (lib.versionOlder version "4.14"); in (optionalAttrs isModular { outputs = [ "out" "dev" ]; }) // { passthru = { inherit version modDirVersion config kernelPatches configfile moduleBuildDependencies stdenv; + inherit isZen isHardened isLibre; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; + kernelOlder = lib.versionOlder version; + kernelAtLeast = lib.versionAtLeast version; }; inherit src; @@ -94,9 +106,9 @@ let patches = map (p: p.patch) kernelPatches # Required for deterministic builds along with some postPatch magic. - ++ optional (stdenv.lib.versionAtLeast version "4.13") ./randstruct-provide-seed.patch + ++ optional (lib.versionAtLeast version "4.13") ./randstruct-provide-seed.patch # Fixes determinism by normalizing metadata for the archive of kheaders - ++ optional (stdenv.lib.versionAtLeast version "5.2" && stdenv.lib.versionOlder version "5.4") ./gen-kheaders-metadata.patch; + ++ optional (lib.versionAtLeast version "5.2" && lib.versionOlder version "5.4") ./gen-kheaders-metadata.patch; prePatch = '' for mf in $(find -name Makefile -o -name Makefile.include -o -name install.sh); do @@ -104,7 +116,14 @@ let sed -i "$mf" -e 's|/usr/bin/||g ; s|/bin/||g ; s|/sbin/||g' done sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' - sed -i scripts/ld-version.sh -e "s|/usr/bin/awk|${buildPackages.gawk}/bin/awk|" + + # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. + # This way kernels can be bit-by-bit reproducible depending on settings + # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). + # See also https://kernelnewbies.org/BuildId + sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' + + patchShebangs scripts ''; postPatch = '' @@ -154,9 +173,11 @@ let buildFlags = [ "KBUILD_BUILD_VERSION=1-NixOS" - platform.kernelTarget + kernelConf.target "vmlinux" # for "perf" and things like that - ] ++ optional isModular "modules"; + ] + ++ optional isModular "modules" + ++ extraMakeFlags; installFlags = [ "INSTALLKERNEL=${installkernel}" @@ -169,16 +190,16 @@ let ''; # Some image types need special install targets (e.g. uImage is installed with make uinstall) - installTargets = [ ( - if platform ? kernelInstallTarget then platform.kernelInstallTarget - else if platform.kernelTarget == "uImage" then "uinstall" - else if platform.kernelTarget == "zImage" || platform.kernelTarget == "Image.gz" then "zinstall" - else "install" - ) ]; + installTargets = [ + (kernelConf.installTarget or ( + /**/ if kernelConf.target == "uImage" then "uinstall" + else if kernelConf.target == "zImage" || kernelConf.target == "Image.gz" then "zinstall" + else "install")) + ]; postInstall = (optionalString installsFirmware '' mkdir -p $out/lib/firmware - '') + (if (platform ? kernelDTB && platform.kernelDTB) then '' + '') + (if (kernelConf.DTB or false) then '' make $makeFlags "''${makeFlagsArray[@]}" dtbs dtbs_install INSTALL_DTBS_PATH=$out/dtbs '' else "") + (if isModular then '' mkdir -p $dev @@ -234,10 +255,10 @@ let rm -fR drivers # Keep all headers - find . -type f -name '*.h' -print0 | xargs -0 chmod u-w + find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w # Keep linker scripts (they are required for out-of-tree modules on aarch64) - find . -type f -name '*.lds' -print0 | xargs -0 chmod u-w + find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w # Keep root and arch-specific Makefiles chmod u-w Makefile @@ -247,7 +268,7 @@ let chmod u-w -R scripts # Delete everything not kept - find . -type f -perm -u=w -print0 | xargs -0 rm + find . -type f -perm -u=w -print0 | xargs -0 -r rm # Delete empty directories find -empty -type d -delete @@ -266,9 +287,9 @@ let "The Linux kernel" + (if kernelPatches == [] then "" else " (with patches: " - + stdenv.lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + ")"); - license = stdenv.lib.licenses.gpl2; + license = lib.licenses.gpl2Only; homepage = "https://www.kernel.org/"; repositories.git = "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git"; maintainers = [ @@ -280,24 +301,23 @@ let }; in -assert (stdenv.lib.versionAtLeast version "4.14" && stdenv.lib.versionOlder version "5.8") -> libelf != null; -assert stdenv.lib.versionAtLeast version "4.15" -> utillinuxMinimal != null; -assert stdenv.lib.versionAtLeast version "5.8" -> elfutils != null; +assert (lib.versionAtLeast version "4.14" && lib.versionOlder version "5.8") -> libelf != null; +assert lib.versionAtLeast version "5.8" -> elfutils != null; -stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches configfile) // { +stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) // { pname = "linux"; inherit version; enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr ] - ++ optional (stdenv.hostPlatform.platform.kernelTarget == "uImage") buildPackages.ubootTools - ++ optional (stdenv.lib.versionAtLeast version "4.14" && stdenv.lib.versionOlder version "5.8") libelf - ++ optional (stdenv.lib.versionAtLeast version "4.15") utillinuxMinimal - ++ optionals (stdenv.lib.versionAtLeast version "4.16") [ bison flex ] - ++ optional (stdenv.lib.versionAtLeast version "5.2") cpio - ++ optional (stdenv.lib.versionAtLeast version "5.8") elfutils + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr gawk zstd python3Minimal ] + ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + ++ optional (lib.versionAtLeast version "4.14" && lib.versionOlder version "5.8") libelf + # Removed util-linuxMinimal since it should not be a dependency. + ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] + ++ optional (lib.versionAtLeast version "5.2") cpio + ++ optional (lib.versionAtLeast version "5.8") elfutils ; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; @@ -306,10 +326,10 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.platform kernelPatches makeFlags = commonMakeFlags ++ [ "CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" "HOSTCC=${buildPackages.stdenv.cc}/bin/${buildPackages.stdenv.cc.targetPrefix}cc" - "ARCH=${stdenv.hostPlatform.platform.kernelArch}" - ] ++ stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ + "ARCH=${stdenv.hostPlatform.linuxArch}" + ] ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) [ "CROSS_COMPILE=${stdenv.cc.targetPrefix}" - ]; + ] ++ extraMakeFlags; - karch = stdenv.hostPlatform.platform.kernelArch; + karch = stdenv.hostPlatform.linuxArch; }) |