tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / lkrg / default.nix
at netboot-syslinux-multiplatform 53 lines 1.6 kB view raw
1{ lib, stdenv, fetchpatch, fetchFromGitHub, kernel }: 2let 3 isKernelRT = (kernel.structuredExtraConfig ? PREEMPT_RT) && (kernel.structuredExtraConfig.PREEMPT_RT == lib.kernel.yes); 4in 5stdenv.mkDerivation rec { 6 name = "${pname}-${version}-${kernel.version}"; 7 pname = "lkrg"; 8 version = "0.9.5"; 9 10 src = fetchFromGitHub { 11 owner = "lkrg-org"; 12 repo = "lkrg"; 13 rev = "v${version}"; 14 sha256 = "sha256-+yIKkTvfVbLnFBoXSKGebB1A8KqpaRmsLh8SsNuI9Dc="; 15 }; 16 patches = [ 17 (fetchpatch { 18 name = "fix-aarch64.patch"; 19 url = "https://github.com/lkrg-org/lkrg/commit/a4e5c00f13f7081b346bc3736e4c035e3d17d3f7.patch"; 20 sha256 = "sha256-DPscqi+DySHwFxGuGe7P2itPkoyb3XGu5Xp2S/ezP4Y="; 21 }) 22 ]; 23 24 hardeningDisable = [ "pic" ]; 25 26 nativeBuildInputs = kernel.moduleBuildDependencies; 27 28 makeFlags = kernel.makeFlags ++ [ 29 "KERNEL=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" 30 ]; 31 32 dontConfigure = true; 33 34 prePatch = '' 35 substituteInPlace Makefile --replace "KERNEL := " "KERNEL ?= " 36 ''; 37 38 installPhase = '' 39 runHook preInstall 40 install -D lkrg.ko $out/lib/modules/${kernel.modDirVersion}/extra/lkrg.ko 41 runHook postInstall 42 ''; 43 44 meta = with lib; { 45 description = "LKRG Linux Kernel module"; 46 longDescription = "LKRG performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel."; 47 homepage = "https://lkrg.org/"; 48 license = licenses.gpl2Only; 49 maintainers = with maintainers; [ chivay ]; 50 platforms = platforms.linux; 51 broken = kernel.kernelOlder "5.10" || kernel.kernelAtLeast "6.1" || isKernelRT; 52 }; 53}