diff --git a/pkgs/os-specific/linux/lkrg/default.nix b/pkgs/os-specific/linux/lkrg/default.nix new file mode 100644 index 000000000000..4d6118f8b9f8 --- /dev/null +++ b/pkgs/os-specific/linux/lkrg/default.nix @@ -0,0 +1,53 @@ +{ lib, stdenv, fetchpatch, fetchFromGitHub, kernel }: +let + isKernelRT = (kernel.structuredExtraConfig ? PREEMPT_RT) && (kernel.structuredExtraConfig.PREEMPT_RT == lib.kernel.yes); +in +stdenv.mkDerivation rec { + name = "${pname}-${version}-${kernel.version}"; + pname = "lkrg"; + version = "0.9.5"; + + src = fetchFromGitHub { + owner = "lkrg-org"; + repo = "lkrg"; + rev = "v${version}"; + sha256 = "sha256-+yIKkTvfVbLnFBoXSKGebB1A8KqpaRmsLh8SsNuI9Dc="; + }; + patches = [ + (fetchpatch { + name = "fix-aarch64.patch"; + url = "https://github.com/lkrg-org/lkrg/commit/a4e5c00f13f7081b346bc3736e4c035e3d17d3f7.patch"; + sha256 = "sha256-DPscqi+DySHwFxGuGe7P2itPkoyb3XGu5Xp2S/ezP4Y="; + }) + ]; + + hardeningDisable = [ "pic" ]; + + nativeBuildInputs = kernel.moduleBuildDependencies; + + makeFlags = kernel.makeFlags ++ [ + "KERNEL=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + + dontConfigure = true; + + prePatch = '' + substituteInPlace Makefile --replace "KERNEL := " "KERNEL ?= " + ''; + + installPhase = '' + runHook preInstall + install -D lkrg.ko $out/lib/modules/${kernel.modDirVersion}/extra/lkrg.ko + runHook postInstall + ''; + + meta = with lib; { + description = "LKRG Linux Kernel module"; + longDescription = "LKRG performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel."; + homepage = "https://lkrg.org/"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ chivay ]; + platforms = platforms.linux; + broken = kernel.kernelOlder "5.10" || kernel.kernelAtLeast "6.1" || isKernelRT; + }; +} diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 9bcbe6cc586c..760e3b1f20bf 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -325,6 +325,8 @@ in { liquidtux = callPackage ../os-specific/linux/liquidtux {}; + lkrg = callPackage ../os-specific/linux/lkrg {}; + v4l2loopback = callPackage ../os-specific/linux/v4l2loopback { }; lttng-modules = callPackage ../os-specific/linux/lttng-modules { };