grsecurity: Update to 3.0-3.2.52-201311261307 and add patch for 3.12

This commit is contained in:
Ricardo M. Correia 2013-11-02 12:43:11 +01:00
parent 139c5b5069
commit 36955aa721
2 changed files with 30 additions and 12 deletions

View file

@ -124,14 +124,25 @@ rec {
};
grsecurity_2_9_1_3_2_52 =
{ name = "grsecurity-2.9.1-3.2.52";
grsecurity_3_0_3_2_52 =
{ name = "grsecurity-3.0-3.2.52";
patch = fetchurl {
url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.52-201310271550.patch;
sha256 = "08y4y323y2lfvdj67gmg3ca8gaf3snhr3pyrmgvj877avaz0475m";
url = https://grsecurity.net/stable/grsecurity-3.0-3.2.52-201311261307.patch;
sha256 = "1zmzgjpbq90q2w3yl3dgdc79qan7qkh5w6g3y3nvzr6ww6jl8hqw";
};
# The grsec kernel patch seems to include the apparmor patches as of 2.9.1-3.2.52
features.grsecurity = true;
# The grsec kernel patch seems to include the apparmor patches as of 3.0-3.2.52
features.apparmor = true;
};
grsecurity_3_0_3_12_1 =
{ name = "grsecurity-3.0-3.12.1";
patch = fetchurl {
url = https://grsecurity.net/test/grsecurity-3.0-3.12.1-201311261309.patch;
sha256 = "129q740m2iivc4i9a465lvzcph9gxlivxzg2p9dsi7c136p42mdz";
};
features.grsecurity = true;
# The grsec kernel patch seems to include the apparmor patches as of 3.0-3.12.1
features.apparmor = true;
};
}

View file

@ -6665,12 +6665,7 @@ let
];
};
# Note: grsec is not enabled automatically, you need to specify which kernel
# config options you need (e.g. by overriding extraConfig). See list of options here:
# https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options
linux_3_2_grsecurity = lowPrio (lib.overrideDerivation (linux_3_2.override (args: {
kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_2_9_1_3_2_52 ];
})) (args: {
grsecurityOverrider = args: {
# Install gcc plugins. These are needed for compiling dependant packages.
postInstall = ''
${args.postInstall or ""}
@ -6685,7 +6680,18 @@ let
sed -i 's|HOST_EXTRACFLAGS +=|HOST_EXTRACFLAGS += -I${gmp}/include|' tools/gcc/Makefile
sed -i 's|HOST_EXTRACXXFLAGS +=|HOST_EXTRACXXFLAGS += -I${gmp}/include|' tools/gcc/Makefile
'';
}));
};
# Note: grsec is not enabled automatically, you need to specify which kernel
# config options you need (e.g. by overriding extraConfig). See list of options here:
# https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options
linux_3_2_grsecurity = lowPrio (lib.overrideDerivation (linux_3_2.override (args: {
kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_3_0_3_2_52 ];
})) (args: grsecurityOverrider args));
linux_3_12_grsecurity = lowPrio (lib.overrideDerivation (linux_3_12.override (args: {
kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_3_0_3_12_1 ];
})) (args: grsecurityOverrider args));
linux_3_2_apparmor = lowPrio (linux_3_2.override {
kernelPatches = [ kernelPatches.apparmor_3_2 ];
@ -6890,6 +6896,7 @@ let
linuxPackages_3_10_tuxonice = linuxPackagesFor pkgs.linux_3_10_tuxonice linuxPackages_3_10_tuxonice;
linuxPackages_3_11 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_11 linuxPackages_3_11);
linuxPackages_3_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_12 linuxPackages_3_12);
linuxPackages_3_12_grsecurity = linuxPackagesFor pkgs.linux_3_12_grsecurity linuxPackages_3_12_grsecurity;
# Update this when adding a new version!
linuxPackages_latest = pkgs.linuxPackages_3_12;