2013-05-11 07:44:30 +02:00
{ stdenv , fetchurl , fetchgit , apparmor }:
2009-12-14 16:28:55 +01:00
let
2011-03-21 16:53:22 +01:00
makeTuxonicePatch = { version , kernelVersion , sha256 ,
2013-11-19 21:36:55 +01:00
url ? " h t t p : / / t u x o n i c e . n i g e l c u n n i n g h a m . c o m . a u / d o w n l o a d s / a l l / t u x o n i c e - f o r - l i n u x - ${ kernelVersion } - ${ version } . p a t c h . b z 2 " } :
2011-03-21 16:53:22 +01:00
{ name = " t u x o n i c e - ${ kernelVersion } " ;
patch = stdenv . mkDerivation {
name = " t u x o n i c e - ${ version } - f o r - ${ kernelVersion } . p a t c h " ;
src = fetchurl {
inherit url sha256 ;
} ;
phases = [ " i n s t a l l P h a s e " ] ;
installPhase = ''
source $ stdenv/setup
bunzip2 - c $ src > $ out
'' ;
} ;
} ;
2011-11-29 15:49:32 +01:00
makeAufs3StandalonePatch = { version , rev , sha256 }:
2011-09-28 22:48:08 +02:00
2011-11-29 15:49:32 +01:00
stdenv . mkDerivation {
name = " a u f s 3 - s t a n d a l o n e - ${ version } . p a t c h " ;
2011-09-28 22:48:08 +02:00
2011-11-29 15:49:32 +01:00
src = fetchgit {
url = git://aufs.git.sourceforge.net/gitroot/aufs/aufs3-standalone.git ;
inherit sha256 rev ;
} ;
2011-09-28 22:48:08 +02:00
2011-11-29 15:49:32 +01:00
phases = [ " u n p a c k P h a s e " " i n s t a l l P h a s e " ] ;
2011-09-28 22:48:08 +02:00
2011-11-29 15:49:32 +01:00
# Instructions from http://aufs.git.sourceforge.net/git/gitweb.cgi?p=aufs/aufs3-standalone.git;a=blob;f=Documentation/filesystems/aufs/README;h=b8cf077635b323d1b454266366f05f476bbd09cb;hb=1067b9d8d64d23c70d905c9cd3c90a669e39c4d4
installPhase = ''
cat aufs3-base . patch aufs3-proc_map . patch aufs3-standalone . patch > $ out
'' ;
} ;
2011-09-28 22:48:08 +02:00
2013-05-11 07:44:30 +02:00
makeAppArmorPatch = { apparmor , version }:
stdenv . mkDerivation {
name = " a p p a r m o r - ${ version } . p a t c h " ;
phases = [ " i n s t a l l P h a s e " ] ;
installPhase = ''
cat $ { apparmor } /kernel-patches / $ { version } /* > $ o u t
'' ;
} ;
2009-12-14 16:28:55 +01:00
in
2011-07-11 15:59:40 +02:00
rec {
2009-12-14 16:28:55 +01:00
2013-05-12 13:11:49 +02:00
apparmor_3_2 = rec {
version = " 3 . 2 " ;
name = " a p p a r m o r - ${ version } " ;
patch = makeAppArmorPatch { inherit apparmor version ; } ;
2013-05-11 07:44:30 +02:00
features . apparmor = true ;
} ;
2013-07-21 04:14:16 +02:00
apparmor_3_4 = rec {
version = " 3 . 4 " ;
name = " a p p a r m o r - ${ version } " ;
patch = makeAppArmorPatch { inherit apparmor version ; } ;
features . apparmor = true ;
} ;
2009-12-14 16:28:55 +01:00
sec_perm_2_6_24 =
{ name = " s e c _ p e r m - 2 . 6 . 2 4 " ;
patch = ./sec_perm-2.6.24.patch ;
features . secPermPatch = true ;
} ;
2012-02-22 21:29:18 +01:00
aufs3_2 = rec {
name = " a u f s 3 . 2 " ;
2012-12-13 11:45:11 +01:00
version = " 3 . 2 . 2 0 1 2 1 2 1 0 " ;
2012-09-16 10:52:22 +02:00
utilRev = " 9 1 a f 1 5 f 9 7 7 d 1 2 e 0 2 1 6 5 7 5 9 6 2 0 0 0 5 f 6 c e 1 a 4 d 7 6 0 2 " ;
utilHash = " d d a 4 d f 8 9 8 2 8 d c f 0 e 4 0 1 2 d 8 8 b 4 a a 3 e d a 8 c 3 0 a f 6 9 d 6 5 3 0 f f 5 f e d c 2 4 1 1 d e 8 7 2 c 9 9 6 " ;
2012-02-22 21:29:18 +01:00
patch = makeAufs3StandalonePatch {
inherit version ;
2012-12-13 11:45:11 +01:00
rev = " 0 b f 5 0 c 3 b 8 2 f 9 8 e 2 d d c 4 c 9 b a 0 6 5 7 f 2 8 e b f a 8 d 1 5 c b " ;
sha256 = " b c 4 b 6 5 c b 7 7 c 6 2 7 4 4 d b 2 5 1 d a 9 8 4 8 8 f d f 4 9 6 2 f 1 4 a 1 4 4 c 0 4 5 c e a 6 c b b b d 4 2 7 1 8 f f 8 9 " ;
2012-02-22 21:29:18 +01:00
} ;
features . aufsBase = true ;
features . aufs3 = true ;
} ;
2012-06-11 19:41:05 +02:00
aufs3_4 = rec {
name = " a u f s 3 . 4 " ;
2012-12-13 11:45:11 +01:00
version = " 3 . 4 . 2 0 1 2 1 2 1 0 " ;
2012-06-11 19:41:05 +02:00
utilRev = " 9 1 a f 1 5 f 9 7 7 d 1 2 e 0 2 1 6 5 7 5 9 6 2 0 0 0 5 f 6 c e 1 a 4 d 7 6 0 2 " ;
utilHash = " d d a 4 d f 8 9 8 2 8 d c f 0 e 4 0 1 2 d 8 8 b 4 a a 3 e d a 8 c 3 0 a f 6 9 d 6 5 3 0 f f 5 f e d c 2 4 1 1 d e 8 7 2 c 9 9 6 " ;
patch = makeAufs3StandalonePatch {
inherit version ;
2012-12-13 11:45:11 +01:00
rev = " 2 f a a c d 9 b a f f b 3 7 d f 3 b 9 0 6 2 c c 5 5 4 3 5 3 e e b e 6 8 d f 1 e " ;
sha256 = " 3 e c f 9 7 4 6 8 f 5 e 8 5 9 7 0 d 9 f d 2 b f c 6 1 e 3 8 c 7 f 5 a e 2 c 6 d d e 0 0 4 5 d 5 a 1 7 d e 0 8 5 c 4 1 1 d 4 5 2 " ;
2012-03-12 03:19:05 +01:00
} ;
features . aufsBase = true ;
features . aufs3 = true ;
} ;
2010-07-18 23:10:46 +02:00
no_xsave =
{ name = " n o - x s a v e " ;
2012-07-02 16:16:27 +02:00
patch = ./no-xsave.patch ;
2010-07-18 23:10:46 +02:00
features . noXsave = true ;
2010-06-20 22:52:08 +02:00
} ;
2010-07-25 14:15:59 +02:00
2012-06-16 12:49:03 +02:00
mips_fpureg_emu =
{ name = " m i p s - f p u r e g - e m u l a t i o n " ;
patch = ./mips-fpureg-emulation.patch ;
} ;
mips_fpu_sigill =
{ name = " m i p s - f p u - s i g i l l " ;
patch = ./mips-fpu-sigill.patch ;
} ;
2012-11-06 00:16:13 +01:00
mips_ext3_n32 =
{ name = " m i p s - e x t 3 - n 3 2 " ;
patch = ./mips-ext3-n32.patch ;
} ;
2013-11-19 21:36:55 +01:00
tuxonice_3_10 = makeTuxonicePatch {
version = " 2 0 1 3 - 1 1 - 0 7 " ;
kernelVersion = " 3 . 1 0 . 1 8 " ;
sha256 = " 0 0 b 1 r q g d 4 y r 2 0 6 d x p 4 m c y m r 5 6 y m b j c j f a 4 m 8 2 p x w 7 3 k h j 0 3 2 q w 3 j " ;
} ;
2013-12-04 01:58:50 +01:00
grsecurity_3_0_3_2_53 =
{ name = " g r s e c u r i t y - 3 . 0 - 3 . 2 . 5 3 " ;
2013-08-01 00:20:20 +02:00
patch = fetchurl {
2013-12-04 01:58:50 +01:00
url = https://grsecurity.net/stable/grsecurity-3.0-3.2.53-201312021727.patch ;
sha256 = " 1 i f n d c b p z 5 5 2 d 0 n 2 d g b 3 8 d i 8 l h q d 4 x 2 m s s h d b d x 3 3 j l f d l 7 m k 6 x 4 " ;
2013-08-01 00:20:20 +02:00
} ;
2013-11-02 12:43:11 +01:00
features . grsecurity = true ;
2013-12-04 01:58:50 +01:00
# The grsec kernel patch seems to include the apparmor patches as of 3.0-3.2.53
2013-08-05 20:09:12 +02:00
features . apparmor = true ;
2013-07-22 21:44:31 +02:00
} ;
2013-12-04 01:58:50 +01:00
grsecurity_3_0_3_12_2 =
{ name = " g r s e c u r i t y - 3 . 0 - 3 . 1 2 . 2 " ;
2013-11-02 12:43:11 +01:00
patch = fetchurl {
2013-12-04 01:58:50 +01:00
url = https://grsecurity.net/test/grsecurity-3.0-3.12.2-201312021733.patch ;
sha256 = " 0 x c s q 6 7 7 8 r k 9 a f g 3 0 7 8 d 7 7 2 i f l z 7 p 4 a h v r 6 w d q 5 c 4 s 3 j y s s a m 7 8 3 " ;
2013-11-02 12:43:11 +01:00
} ;
features . grsecurity = true ;
2013-12-04 01:58:50 +01:00
# The grsec kernel patch seems to include the apparmor patches as of 3.0-3.12.2
2013-11-02 12:43:11 +01:00
features . apparmor = true ;
} ;
2013-11-26 23:08:51 +01:00
grsec_path =
{ name = " g r s e c - p a t h " ;
patch = ./grsec-path.patch ;
} ;
2009-12-14 16:28:55 +01:00
}