mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-11-05 17:56:46 +01:00
f19c961b4e
With the default kernel and thus with the build I have tested in
74ec94bfa2, we get an error during
modules_install:
make[2]: execvp: /nix/store/.../bin/bash: Argument list too long
I haven't noticed this build until I actually tried booting using this
kernel because make didn't fail here.
The reason this happens within Nix and probably didn't yet surface in
other distros is that programs only have a limited amount of memory
available for storing the environment and the arguments.
Environment variables however are quite common on Nix and thus we
stumble on problems like this way earlier - in this case Linux 4.8 - but
I have noticed this in 4.7-next as well already.
The fix is far from perfect and suffers performance overhead because we
now run grep for every *.mod file instead of passing all *.mod files
into one single invocation of grep.
But comparing the performance overhead (around 1s on my machine) with
the overall build time of the kernel I think the overhead really is
neglicible.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
157 lines
4.2 KiB
Nix
157 lines
4.2 KiB
Nix
{ stdenv, fetchurl, fetchpatch, pkgs }:
|
|
|
|
let
|
|
|
|
makeTuxonicePatch = { version, kernelVersion, sha256,
|
|
url ? "http://tuxonice.nigelcunningham.com.au/downloads/all/tuxonice-for-linux-${kernelVersion}-${version}.patch.bz2" }:
|
|
{ name = "tuxonice-${kernelVersion}";
|
|
patch = stdenv.mkDerivation {
|
|
name = "tuxonice-${version}-for-${kernelVersion}.patch";
|
|
src = fetchurl {
|
|
inherit url sha256;
|
|
};
|
|
phases = [ "installPhase" ];
|
|
installPhase = ''
|
|
source $stdenv/setup
|
|
bunzip2 -c $src > $out
|
|
'';
|
|
};
|
|
};
|
|
|
|
grsecPatch = { grbranch ? "test", grver ? "3.1", kver, grrev, sha256 }: rec {
|
|
name = "grsecurity-${grver}-${kver}-${grrev}";
|
|
|
|
# Pass these along to allow the caller to determine compatibility
|
|
inherit grver kver grrev;
|
|
|
|
patch = fetchurl {
|
|
# When updating versions/hashes, ALWAYS use the official version; we use
|
|
# this mirror only because upstream removes sources files immediately upon
|
|
# releasing a new version ...
|
|
url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch";
|
|
inherit sha256;
|
|
};
|
|
|
|
features.grsecurity = true;
|
|
};
|
|
in
|
|
|
|
rec {
|
|
|
|
link_lguest =
|
|
{ name = "gcc5-link-lguest";
|
|
patch = ./gcc5-link-lguest.patch;
|
|
};
|
|
|
|
link_apm =
|
|
{ name = "gcc5-link-apm";
|
|
patch = ./gcc5-link-apm.patch;
|
|
};
|
|
|
|
bridge_stp_helper =
|
|
{ name = "bridge-stp-helper";
|
|
patch = ./bridge-stp-helper.patch;
|
|
};
|
|
|
|
no_xsave =
|
|
{ name = "no-xsave";
|
|
patch = ./no-xsave.patch;
|
|
features.noXsave = true;
|
|
};
|
|
|
|
mips_fpureg_emu =
|
|
{ name = "mips-fpureg-emulation";
|
|
patch = ./mips-fpureg-emulation.patch;
|
|
};
|
|
|
|
mips_fpu_sigill =
|
|
{ name = "mips-fpu-sigill";
|
|
patch = ./mips-fpu-sigill.patch;
|
|
};
|
|
|
|
mips_ext3_n32 =
|
|
{ name = "mips-ext3-n32";
|
|
patch = ./mips-ext3-n32.patch;
|
|
};
|
|
|
|
modinst_arg_list_too_long =
|
|
{ name = "modinst-arglist-too-long";
|
|
patch = ./modinst-arg-list-too-long.patch;
|
|
};
|
|
|
|
ubuntu_fan_4_4 =
|
|
{ name = "ubuntu-fan";
|
|
patch = ./ubuntu-fan-4.4.patch;
|
|
};
|
|
|
|
ubuntu_unprivileged_overlayfs =
|
|
{ name = "ubuntu-unprivileged-overlayfs";
|
|
patch = ./ubuntu-unprivileged-overlayfs.patch;
|
|
};
|
|
|
|
tuxonice_3_10 = makeTuxonicePatch {
|
|
version = "2013-11-07";
|
|
kernelVersion = "3.10.18";
|
|
sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j";
|
|
};
|
|
|
|
grsecurity_3_14 = throw "grsecurity stable is no longer supported";
|
|
|
|
grsecurity_4_4 = throw "grsecurity stable is no longer supported";
|
|
|
|
grsecurity_testing = grsecPatch
|
|
{ kver = "4.7.2";
|
|
grrev = "201608211829";
|
|
sha256 = "1a7pvmb57w7j9s4ww8xvzzijlpnr2i7nhm7jhgfz4n5w3jvxcny3";
|
|
};
|
|
|
|
# This patch relaxes grsec constraints on the location of usermode helpers,
|
|
# e.g., modprobe, to allow calling into the Nix store.
|
|
grsecurity_nixos_kmod =
|
|
{
|
|
name = "grsecurity-nixos-kmod";
|
|
patch = ./grsecurity-nixos-kmod.patch;
|
|
};
|
|
|
|
crc_regression =
|
|
{ name = "crc-backport-regression";
|
|
patch = ./crc-regression.patch;
|
|
};
|
|
|
|
genksyms_fix_segfault =
|
|
{ name = "genksyms-fix-segfault";
|
|
patch = ./genksyms-fix-segfault.patch;
|
|
};
|
|
|
|
|
|
chromiumos_Kconfig_fix_entries_3_14 =
|
|
{ name = "Kconfig_fix_entries_3_14";
|
|
patch = ./chromiumos-patches/fix-double-Kconfig-entry-3.14.patch;
|
|
};
|
|
|
|
chromiumos_Kconfig_fix_entries_3_18 =
|
|
{ name = "Kconfig_fix_entries_3_18";
|
|
patch = ./chromiumos-patches/fix-double-Kconfig-entry-3.18.patch;
|
|
};
|
|
|
|
chromiumos_no_link_restrictions =
|
|
{ name = "chromium-no-link-restrictions";
|
|
patch = ./chromiumos-patches/no-link-restrictions.patch;
|
|
};
|
|
|
|
chromiumos_mfd_fix_dependency =
|
|
{ name = "mfd_fix_dependency";
|
|
patch = ./chromiumos-patches/mfd-fix-dependency.patch;
|
|
};
|
|
|
|
hiddev_CVE_2016_5829 =
|
|
{ name = "hiddev_CVE_2016_5829";
|
|
patch = fetchpatch {
|
|
url = "https://sources.debian.net/data/main/l/linux/4.6.3-1/debian/patches/bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch";
|
|
sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy";
|
|
};
|
|
};
|
|
|
|
cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;
|
|
}
|