linux: further cleanup config after drop of 4.9

This commit is contained in:
Fabián Heredia Montiel 2022-10-23 11:28:32 -05:00
parent 8ae7fa8541
commit 13f89aee64
3 changed files with 14 additions and 20 deletions

View file

@ -390,7 +390,7 @@ let
TMPFS = yes;
TMPFS_POSIX_ACL = yes;
FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else whenAtLeast "4.9" (option module);
FS_ENCRYPTION = if (versionAtLeast version "5.1") then yes else option module;
EXT2_FS_XATTR = yes;
EXT2_FS_POSIX_ACL = yes;
@ -628,7 +628,6 @@ let
media = {
MEDIA_DIGITAL_TV_SUPPORT = yes;
MEDIA_CAMERA_SUPPORT = yes;
MEDIA_RC_SUPPORT = whenOlder "4.14" yes;
MEDIA_CONTROLLER = yes;
MEDIA_PCI_SUPPORT = yes;
MEDIA_USB_SUPPORT = yes;
@ -708,7 +707,7 @@ let
LOCK_TORTURE_TEST = option no;
MTD_TESTS = option no;
NOTIFIER_ERROR_INJECTION = option no;
RCU_PERF_TEST = whenBetween "4.13" "5.9" no;
RCU_PERF_TEST = whenOlder "5.9" no;
RCU_SCALE_TEST = whenAtLeast "5.10" no;
RCU_TORTURE_TEST = option no;
TEST_ASYNC_DRIVER_PROBE = option no;

View file

@ -21,10 +21,6 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4");
# Report BUG() conditions and kill the offending process.
BUG = yes;
# Safer page access permissions (wrt. code injection). Default on >=4.11.
DEBUG_RODATA = whenOlder "4.11" yes;
DEBUG_SET_MODULE_RONX = whenOlder "4.11" yes;
# Mark LSM hooks read-only after init. SECURITY_WRITABLE_HOOKS n
# conflicts with SECURITY_SELINUX_DISABLE y; disabling the latter
# implicitly marks LSM hooks read-only after init.
@ -33,10 +29,10 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4");
#
# We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the
# config builder fails to detect that it has indeed been unset.
SECURITY_SELINUX_DISABLE = whenAtLeast "4.12" no;
SECURITY_WRITABLE_HOOKS = whenAtLeast "4.12" (option no);
SECURITY_SELINUX_DISABLE = no;
SECURITY_WRITABLE_HOOKS = option no;
STRICT_KERNEL_RWX = whenAtLeast "4.11" yes;
STRICT_KERNEL_RWX = yes;
# Perform additional validation of commonly targeted structures.
DEBUG_CREDENTIALS = yes;
@ -46,7 +42,7 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4");
DEBUG_SG = yes;
SCHED_STACK_END_CHECK = yes;
REFCOUNT_FULL = whenBetween "4.13" "5.5" yes;
REFCOUNT_FULL = whenOlder "5.5" yes;
# Randomize page allocator when page_alloc.shuffle=1
SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes;
@ -69,11 +65,11 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4");
# Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
GCC_PLUGIN_LATENT_ENTROPY = yes;
GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address
GCC_PLUGIN_STRUCTLEAK = yes; # A port of the PaX structleak plugin
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = yes; # Also cover structs passed by address
GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin
GCC_PLUGIN_RANDSTRUCT = whenBetween "4.13" "5.19" yes; # A port of the PaX randstruct plugin
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenBetween "4.13" "5.19" yes;
GCC_PLUGIN_RANDSTRUCT = whenOlder "5.19" yes; # A port of the PaX randstruct plugin
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenOlder "5.19" yes;
# Same as GCC_PLUGIN_RANDSTRUCT*, but has been renamed to `RANDSTRUCT*` in 5.19.
RANDSTRUCT = whenAtLeast "5.19" yes;

View file

@ -55,8 +55,7 @@ let
hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms;
# Dependencies that are required to build kernel modules
moduleBuildDependencies = [ perl ]
++ optional (lib.versionAtLeast version "4.14") libelf
moduleBuildDependencies = [ perl libelf ]
++ optional (lib.versionAtLeast version "5.13") zstd;
drvAttrs = config_: kernelConf: kernelPatches: configfile:
@ -100,7 +99,7 @@ let
patches =
map (p: p.patch) kernelPatches
# Required for deterministic builds along with some postPatch magic.
++ optional (lib.versionAtLeast version "4.13" && lib.versionOlder version "5.19") ./randstruct-provide-seed.patch
++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch
++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch
# Fixes determinism by normalizing metadata for the archive of kheaders
++ optional (lib.versionAtLeast version "5.2" && lib.versionOlder version "5.4") ./gen-kheaders-metadata.patch;
@ -353,7 +352,7 @@ let
};
in
assert (lib.versionAtLeast version "4.14" && lib.versionOlder version "5.8") -> libelf != null;
assert lib.versionOlder version "5.8" -> libelf != null;
assert lib.versionAtLeast version "5.8" -> elfutils != null;
stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) // {
@ -365,7 +364,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPat
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal ]
++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools
++ optional (lib.versionAtLeast version "4.14" && lib.versionOlder version "5.8") libelf
++ optional (lib.versionOlder version "5.8") libelf
# Removed util-linuxMinimal since it should not be a dependency.
++ optionals (lib.versionAtLeast version "4.16") [ bison flex ]
++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ]