1bb7b44cd7
These options should always be specified. Note, an implication of this change is that not specifying any grsec/PaX options results in a build failure.
37 lines
761 B
Nix
37 lines
761 B
Nix
{ stdenv
|
|
, lib
|
|
, overrideDerivation
|
|
|
|
# required for gcc plugins
|
|
, gmp, libmpc, mpfr
|
|
|
|
# the base kernel
|
|
, kernel
|
|
|
|
, grsecPatch
|
|
, kernelPatches ? []
|
|
|
|
, localver ? "-grsec"
|
|
, modDirVersion ? "${kernel.version}${localver}"
|
|
, extraConfig ? ""
|
|
, ...
|
|
} @ args:
|
|
|
|
assert (kernel.version == grsecPatch.kver);
|
|
|
|
overrideDerivation (kernel.override {
|
|
inherit modDirVersion;
|
|
kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []);
|
|
extraConfig = ''
|
|
GRKERNSEC y
|
|
PAX y
|
|
${extraConfig}
|
|
'';
|
|
ignoreConfigErrors = true;
|
|
}) (attrs: {
|
|
nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);
|
|
preConfigure = ''
|
|
echo ${localver} >localversion-grsec
|
|
${attrs.preConfigure or ""}
|
|
'';
|
|
})
|