linux: Init 4.18
This commit is contained in:
parent
c9035c6e12
commit
9236990057
3 changed files with 44 additions and 12 deletions
|
@ -103,16 +103,17 @@ PAGE_POISONING_ZERO y
|
|||
PANIC_ON_OOPS y
|
||||
PANIC_TIMEOUT -1
|
||||
|
||||
GCC_PLUGINS y # Enable gcc plugin options
|
||||
${optionalString (versionOlder version "4.18") ''
|
||||
GCC_PLUGINS y # Enable gcc plugin options
|
||||
# Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
|
||||
GCC_PLUGIN_LATENT_ENTROPY y
|
||||
|
||||
# Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
|
||||
GCC_PLUGIN_LATENT_ENTROPY y
|
||||
|
||||
${optionalString (versionAtLeast version "4.11") ''
|
||||
GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
|
||||
''}
|
||||
${optionalString (versionAtLeast version "4.14") ''
|
||||
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
|
||||
${optionalString (versionAtLeast version "4.11") ''
|
||||
GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
|
||||
''}
|
||||
${optionalString (versionAtLeast version "4.14") ''
|
||||
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
|
||||
''}
|
||||
''}
|
||||
|
||||
# Disable various dangerous settings
|
||||
|
@ -121,8 +122,10 @@ PROC_KCORE n # Exposes kernel text image layout
|
|||
INET_DIAG n # Has been used for heap based attacks in the past
|
||||
|
||||
# Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
|
||||
CC_STACKPROTECTOR_REGULAR n
|
||||
CC_STACKPROTECTOR_STRONG y
|
||||
${optionalString (versionOlder version "4.18") ''
|
||||
CC_STACKPROTECTOR_REGULAR n
|
||||
CC_STACKPROTECTOR_STRONG y
|
||||
''}
|
||||
|
||||
# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE
|
||||
${optionalString (versionAtLeast version "4.13") ''
|
||||
|
|
18
pkgs/os-specific/linux/kernel/linux-4.18.nix
Normal file
18
pkgs/os-specific/linux/kernel/linux-4.18.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args:
|
||||
|
||||
with stdenv.lib;
|
||||
|
||||
buildLinux (args // rec {
|
||||
version = "4.18";
|
||||
|
||||
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
|
||||
modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg;
|
||||
|
||||
# branchVersion needs to be x.y
|
||||
extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version)));
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
|
||||
sha256 = "1wgay4k8wj08fc711j290fvi81x75yib8iaa6r7csc7mkvsbrn0r";
|
||||
};
|
||||
} // (args.argsOverride or {}))
|
|
@ -13863,6 +13863,16 @@ with pkgs;
|
|||
];
|
||||
};
|
||||
|
||||
linux_4_18 = callPackage ../os-specific/linux/kernel/linux-4.18.nix {
|
||||
kernelPatches =
|
||||
[ kernelPatches.bridge_stp_helper
|
||||
# See pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/README.md
|
||||
# when adding a new linux version
|
||||
# kernelPatches.cpu-cgroup-v2."4.11"
|
||||
kernelPatches.modinst_arg_list_too_long
|
||||
];
|
||||
};
|
||||
|
||||
linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix {
|
||||
kernelPatches = [
|
||||
kernelPatches.bridge_stp_helper
|
||||
|
@ -14056,7 +14066,7 @@ with pkgs;
|
|||
linux = linuxPackages.kernel;
|
||||
|
||||
# Update this when adding the newest kernel major version!
|
||||
linuxPackages_latest = linuxPackages_4_17;
|
||||
linuxPackages_latest = linuxPackages_4_18;
|
||||
linux_latest = linuxPackages_latest.kernel;
|
||||
|
||||
# Build the kernel modules for the some of the kernels.
|
||||
|
@ -14067,6 +14077,7 @@ with pkgs;
|
|||
linuxPackages_4_9 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_9);
|
||||
linuxPackages_4_14 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_14);
|
||||
linuxPackages_4_17 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_17);
|
||||
linuxPackages_4_18 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_18);
|
||||
# Don't forget to update linuxPackages_latest!
|
||||
|
||||
# Intentionally lacks recurseIntoAttrs, as -rc kernels will quite likely break out-of-tree modules and cause failed Hydra builds.
|
||||
|
|
Loading…
Reference in a new issue