pkgs/os-specific/linux/lkrg/default.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / os-specific / linux / lkrg / default.nix

at devShellTools-shell 55 lines 1.5 kB view raw

 1{
 2  lib,
 3  stdenv,
 4  fetchFromGitHub,
 5  kernel,
 6  kernelModuleMakeFlags,
 7}:
 8let
 9  isKernelRT =
10    (kernel.structuredExtraConfig ? PREEMPT_RT)
11    && (kernel.structuredExtraConfig.PREEMPT_RT == lib.kernel.yes);
12in
13stdenv.mkDerivation (finalAttrs: {
14  name = "${finalAttrs.pname}-${finalAttrs.version}-${kernel.version}";
15  pname = "lkrg";
16  version = "0.9.9";
17
18  src = fetchFromGitHub {
19    owner = "lkrg-org";
20    repo = "lkrg";
21    rev = "v${finalAttrs.version}";
22    hash = "sha256-dxgkEj8HGOX4AMZRNbhv3utrNjKDFpp7kZmj17Wp2HE=";
23  };
24
25  hardeningDisable = [ "pic" ];
26
27  nativeBuildInputs = kernel.moduleBuildDependencies;
28
29  makeFlags = kernelModuleMakeFlags ++ [
30    "KERNEL=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
31  ];
32
33  enableParallelBuilding = true;
34  dontConfigure = true;
35
36  prePatch = ''
37    substituteInPlace Makefile --replace "KERNEL := " "KERNEL ?= "
38  '';
39
40  installPhase = ''
41    runHook preInstall
42    install -D lkrg.ko $out/lib/modules/${kernel.modDirVersion}/extra/lkrg.ko
43    runHook postInstall
44  '';
45
46  meta = with lib; {
47    description = "LKRG Linux Kernel module";
48    longDescription = "LKRG performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel.";
49    homepage = "https://lkrg.org/";
50    license = licenses.gpl2Only;
51    maintainers = with maintainers; [ chivay ];
52    platforms = platforms.linux;
53    broken = kernel.kernelOlder "5.10" || isKernelRT;
54  };
55})