commit dd6727e7b8a346f573770b5f9916914ccf919068 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

linux/hardened/5.19: fix build

The options GCC_PLUGIN_RANDSTRUCT{,_PERFORMANCE} have been renamed to
`RANDSTRUCT_*` in 595b893e2087de306d0781795fb8ec47873596a6 since CLang
is about to support this as well and thus the options had to be
generalized.

Also, the file that is used to generate the seed has changed, only the
reference to the file in the patch was changed on adding Linux 5.19[1]

[1] b4d0cb44975e069e926a2c8963aded9557040541

Maximilian Bosch 3 years ago dd6727e7 073f7b17

+14 -7

2 changed files

expand all

unified split

pkgs

os-specific

linux

kernel

hardened

config.nix

manual-config.nix

+6 -2

pkgs/os-specific/linux/kernel/hardened/config.nix

··· 72 GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin 73 GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address 74 GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin 75 - GCC_PLUGIN_RANDSTRUCT = whenAtLeast "4.13" yes; # A port of the PaX randstruct plugin 76 - GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenAtLeast "4.13" yes; 77 78 # Disable various dangerous settings 79 ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory

··· 72 GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin 73 GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address 74 GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin 75 + GCC_PLUGIN_RANDSTRUCT = whenBetween "4.13" "5.19" yes; # A port of the PaX randstruct plugin 76 + GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenBetween "4.13" "5.19" yes; 77 + 78 + # Same as GCC_PLUGIN_RANDSTRUCT*, but has been renamed to `RANDSTRUCT*` in 5.19. 79 + RANDSTRUCT = whenAtLeast "5.19" yes; 80 + RANDSTRUCT_PERFORMANCE = whenAtLeast "5.19" yes; 81 82 # Disable various dangerous settings 83 ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory

+8 -5

pkgs/os-specific/linux/kernel/manual-config.nix

··· 131 # the buildFlags, but that would require also patching the kernel's 132 # toplevel Makefile to add a variable export. This would be likely to 133 # cause future patch conflicts. 134 - if [ -f scripts/gcc-plugins/gen-random-seed.sh ]; then 135 - substituteInPlace scripts/gcc-plugins/gen-random-seed.sh \ 136 - --replace NIXOS_RANDSTRUCT_SEED \ 137 - $(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') 138 - fi 139 140 patchShebangs scripts 141

··· 131 # the buildFlags, but that would require also patching the kernel's 132 # toplevel Makefile to add a variable export. This would be likely to 133 # cause future patch conflicts. 134 + for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do 135 + if [ -f "$file" ]; then 136 + substituteInPlace "$file" \ 137 + --replace NIXOS_RANDSTRUCT_SEED \ 138 + $(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') 139 + break 140 + fi 141 + done 142 143 patchShebangs scripts 144