linux/hardened/5.19: fix build

The options GCC_PLUGIN_RANDSTRUCT{,_PERFORMANCE} have been renamed to
`RANDSTRUCT_*` in 595b893e2087de306d0781795fb8ec47873596a6 since CLang
is about to support this as well and thus the options had to be
generalized.

Also, the file that is used to generate the seed has changed, only the
reference to the file in the patch was changed on adding Linux 5.19[1]

[1] b4d0cb4497
This commit is contained in:
Maximilian Bosch 2022-09-17 16:19:08 +02:00
parent 073f7b179c
commit dd6727e7b8
No known key found for this signature in database
GPG key ID: 9A6EEA275CA5BE0A
2 changed files with 14 additions and 7 deletions

View file

@ -72,8 +72,12 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4");
GCC_PLUGIN_STRUCTLEAK = whenAtLeast "4.11" yes; # A port of the PaX structleak plugin
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = whenAtLeast "4.14" yes; # Also cover structs passed by address
GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin
GCC_PLUGIN_RANDSTRUCT = whenAtLeast "4.13" yes; # A port of the PaX randstruct plugin
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenAtLeast "4.13" yes;
GCC_PLUGIN_RANDSTRUCT = whenBetween "4.13" "5.19" yes; # A port of the PaX randstruct plugin
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenBetween "4.13" "5.19" yes;
# Same as GCC_PLUGIN_RANDSTRUCT*, but has been renamed to `RANDSTRUCT*` in 5.19.
RANDSTRUCT = whenAtLeast "5.19" yes;
RANDSTRUCT_PERFORMANCE = whenAtLeast "5.19" yes;
# Disable various dangerous settings
ACPI_CUSTOM_METHOD = no; # Allows writing directly to physical memory

View file

@ -131,11 +131,14 @@ let
# the buildFlags, but that would require also patching the kernel's
# toplevel Makefile to add a variable export. This would be likely to
# cause future patch conflicts.
if [ -f scripts/gcc-plugins/gen-random-seed.sh ]; then
substituteInPlace scripts/gcc-plugins/gen-random-seed.sh \
for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do
if [ -f "$file" ]; then
substituteInPlace "$file" \
--replace NIXOS_RANDSTRUCT_SEED \
$(echo ${randstructSeed}${src} ${configfile} | sha256sum | cut -d ' ' -f 1 | tr -d '\n')
break
fi
done
patchShebangs scripts