pyrox.dev
lol
1{
2 lib,
3 stdenv,
4 fetchFromGitHub,
5 bc,
6 python3,
7 bison,
8 flex,
9 fuse3,
10 libarchive,
11 buildPackages,
12
13 firewallSupport ? false,
14}:
15
16stdenv.mkDerivation {
17 pname = "lkl";
18
19 version = "2025-03-20";
20
21 outputs = [
22 "dev"
23 "lib"
24 "out"
25 ];
26
27 src = fetchFromGitHub {
28 owner = "lkl";
29 repo = "linux";
30 rev = "fd33ab3d21a99a31683ebada5bd3db3a54a58800";
31 sha256 = "sha256-3uPkOyL/hoA/H2gKrEEDsuJvwOE2x27vxY5Y2DyNNxU=";
32 };
33
34 nativeBuildInputs = [
35 bc
36 bison
37 flex
38 python3
39 ];
40
41 buildInputs = [
42 fuse3
43 libarchive
44 ];
45
46 patches = [
47 # Fix corruption in hijack and zpoline libraries when building in parallel,
48 # because both hijack and zpoline share object files, which may result in
49 # missing symbols.
50 # https://github.com/lkl/linux/pull/612/commits/4ee5d9b78ca1425b4473ede98602b656f28027e8
51 ./fix-hijack-and-zpoline-parallel-builds.patch
52 ];
53
54 postPatch = ''
55 # Fix a /usr/bin/env reference in here that breaks sandboxed builds
56 patchShebangs arch/lkl/scripts
57
58 patchShebangs scripts/ld-version.sh
59
60 # Fixup build with newer Linux headers: https://github.com/lkl/linux/pull/484
61 sed '1i#include <linux/sockios.h>' -i tools/lkl/lib/hijack/xlate.c
62 ''
63 + lib.optionalString (stdenv.hostPlatform.isi686 || stdenv.hostPlatform.isLoongArch64) ''
64 echo CONFIG_KALLSYMS=n >> arch/lkl/configs/defconfig
65 echo CONFIG_KALLSYMS_BASE_RELATIVE=n >> arch/lkl/configs/defconfig
66 ''
67 + lib.optionalString firewallSupport ''
68 cat ${./lkl-defconfig-enable-nftables} >> arch/lkl/configs/defconfig
69 '';
70
71 installPhase = ''
72 mkdir -p $out/bin $lib/lib $dev
73
74 cp tools/lkl/bin/lkl-hijack.sh $out/bin
75 sed -i $out/bin/lkl-hijack.sh \
76 -e "s,LD_LIBRARY_PATH=.*,LD_LIBRARY_PATH=$lib/lib,"
77
78 cp tools/lkl/{cptofs,fs2tar,lklfuse} $out/bin
79 ln -s cptofs $out/bin/cpfromfs
80 cp -r tools/lkl/include $dev/
81 cp tools/lkl/liblkl.a \
82 tools/lkl/lib/liblkl.so \
83 tools/lkl/lib/hijack/liblkl-hijack.so $lib/lib
84 '';
85
86 postFixup = ''
87 ln -s $out/bin/lklfuse $out/bin/mount.fuse.lklfuse
88 '';
89
90 # We turn off format and fortify because of these errors (fortify implies -O2, which breaks the jitter entropy code):
91 # fs/xfs/xfs_log_recover.c:2575:3: error: format not a string literal and no format arguments [-Werror=format-security]
92 # crypto/jitterentropy.c:54:3: error: #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c."
93 hardeningDisable = [
94 "format"
95 "fortify"
96 ];
97
98 # Fixes the following error when using liblkl-hijack.so on aarch64-linux:
99 # symbol lookup error: liblkl-hijack.so: undefined symbol: __aarch64_ldadd4_sync
100 env.NIX_CFLAGS_LINK = "-lgcc_s";
101
102 # Fixes the following error when linking on loongarch64-linux:
103 # ld: tools/lkl/liblkl.a(lkl.o): relocation R_LARCH_PCREL20_S2 overflow 0x200090
104 # ld: recompile with 'gcc -mno-relax' or 'as -mno-relax' or 'ld --no-relax'
105 # ld: final link failed: bad value
106 env.NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isLoongArch64 "--no-relax";
107
108 makeFlags = [
109 "-C tools/lkl"
110 "CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc"
111 "HOSTCC=${buildPackages.stdenv.cc}/bin/${buildPackages.stdenv.cc.targetPrefix}cc"
112 "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
113 ];
114
115 enableParallelBuilding = true;
116
117 meta = with lib; {
118 description = "Linux kernel as a library";
119 longDescription = ''
120 LKL (Linux Kernel Library) aims to allow reusing the Linux kernel code as
121 extensively as possible with minimal effort and reduced maintenance
122 overhead
123 '';
124 homepage = "https://github.com/lkl/linux/";
125 platforms = platforms.linux; # Darwin probably works too but I haven't tested it
126 license = licenses.gpl2;
127 maintainers = with maintainers; [
128 timschumi
129 ];
130 };
131}