kernel: extend the RANDSTRUCT seed with a user-configurable section

pkgs/os-specific/linux/kernel/generic.nix

@@ -33,6 +33,10 @@
   # NixOS to implement kernel-specific behaviour.
   features ? {}
 
+, # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is
+  # automatically extended with extra per-version and per-config values.
+  randstructSeed ? ""
+
 , # A list of patches to apply to the kernel.  Each element of this list
   # should be an attribute set {name, patch} where `name' is a
   # symbolic name and `patch' is the actual patch.  The patch may
@@ -133,7 +137,7 @@ let
   };
 
   kernel = (callPackage ./manual-config.nix {}) {
-    inherit version modDirVersion src kernelPatches stdenv extraMeta configfile;
+    inherit version modDirVersion src kernelPatches randstructSeed stdenv extraMeta configfile;
 
     config = { CONFIG_MODULES = "y"; CONFIG_FW_LOADER = "m"; };
   };

pkgs/os-specific/linux/kernel/manual-config.nix

@@ -30,6 +30,9 @@ in {
   # Manually specified nixexpr representing the config
   # If unspecified, this will be autodetected from the .config
   config ? stdenv.lib.optionalAttrs allowImportFromDerivation (readConfig configfile),
+  # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is
+  # automatically extended with extra per-version and per-config values.
+  randstructSeed ? "",
   # Use defaultMeta // extraMeta
   extraMeta ? {},
   # Whether to utilize the controversial import-from-derivation feature to parse the config
@@ -111,7 +114,7 @@ let
         if [ -f scripts/gcc-plugins/gen-random-seed.sh ]; then
           substituteInPlace scripts/gcc-plugins/gen-random-seed.sh \
             --replace NIXOS_RANDSTRUCT_SEED \
-            $(echo ${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n')
+            $(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n')
         fi
       '';