linux/hardened/5.19: fix build
The options GCC_PLUGIN_RANDSTRUCT{,_PERFORMANCE} have been renamed to
`RANDSTRUCT_*` in 595b893e2087de306d0781795fb8ec47873596a6 since CLang
is about to support this as well and thus the options had to be
generalized.
Also, the file that is used to generate the seed has changed, only the
reference to the file in the patch was changed on adding Linux 5.19[1]
[1] b4d0cb4497
This commit is contained in:
parent
073f7b179c
commit
dd6727e7b8
2 changed files with 14 additions and 7 deletions
|
@ -72,8 +72,12 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4");
|
||||||
GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin
|
GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin
|
||||||
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address
|
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address
|
||||||
GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin
|
GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin
|
||||||
GCC_PLUGIN_RANDSTRUCT = whenAtLeast "4.13" yes; # A port of the PaX randstruct plugin
|
GCC_PLUGIN_RANDSTRUCT = whenBetween "4.13" "5.19" yes; # A port of the PaX randstruct plugin
|
||||||
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenAtLeast "4.13" yes;
|
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenBetween "4.13" "5.19" yes;
|
||||||
|
|
||||||
|
# Same as GCC_PLUGIN_RANDSTRUCT*, but has been renamed to `RANDSTRUCT*` in 5.19.
|
||||||
|
RANDSTRUCT = whenAtLeast "5.19" yes;
|
||||||
|
RANDSTRUCT_PERFORMANCE = whenAtLeast "5.19" yes;
|
||||||
|
|
||||||
# Disable various dangerous settings
|
# Disable various dangerous settings
|
||||||
ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory
|
ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory
|
||||||
|
|
|
@ -131,11 +131,14 @@ let
|
||||||
# the buildFlags, but that would require also patching the kernel's
|
# the buildFlags, but that would require also patching the kernel's
|
||||||
# toplevel Makefile to add a variable export. This would be likely to
|
# toplevel Makefile to add a variable export. This would be likely to
|
||||||
# cause future patch conflicts.
|
# cause future patch conflicts.
|
||||||
if [ -f scripts/gcc-plugins/gen-random-seed.sh ]; then
|
for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do
|
||||||
substituteInPlace scripts/gcc-plugins/gen-random-seed.sh \
|
if [ -f "$file" ]; then
|
||||||
|
substituteInPlace "$file" \
|
||||||
--replace NIXOS_RANDSTRUCT_SEED \
|
--replace NIXOS_RANDSTRUCT_SEED \
|
||||||
$(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n')
|
$(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n')
|
||||||
|
break
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
patchShebangs scripts
|
patchShebangs scripts
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue