Commit graph

221 commits

Author SHA1 Message Date
Ricardo M. Correia
5d5ca7b260 grsecurity: Update all patches
stable:  3.0-3.2.57-201404131252            -> 3.0-3.2.57-201404182109
test:    3.0-3.13.10-201404141717           -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
Ricardo M. Correia
1b113178ee grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717 2014-04-15 00:16:29 +02:00
Austin Seipp
788d9a13fb grsecurity: stable/vserver/testing updates
- stable:  201404111812            -> 201404131252
 - vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
 - testing: 201404111815            -> 201404131254

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Ricardo M. Correia
5dfc6584a5 grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758 2014-04-10 00:37:33 +02:00
Ricardo M. Correia
807fad571a grsecurity: Update stable and test patches
stable: 3.0-3.2.56-201404012135 -> 3.0-3.2.56-201404062126
test:   3.0-3.13.8-201404011912 -> 3.0-3.13.9-201404062127
2014-04-07 15:31:12 +02:00
Ricardo M. Correia
52d233af22 grsecurity: Update stable patch from 3.0-3.2.55-201403300851 -> 3.0-3.2.56-201404012135 2014-04-02 15:11:33 +02:00
Ricardo M. Correia
407a6857c6 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403252026 -> 3.0-3.2.55-201403300851
test:   3.0-3.13.7-201403252047 -> 3.0-3.13.8-201404011912
2014-04-02 02:16:59 +02:00
Ricardo M. Correia
911f332279 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403202347 -> 3.0-3.2.55-201403252026
test:   3.0-3.13.6-201403202349 -> 3.0-3.13.7-201403252047
2014-03-26 23:07:57 +00:00
Ricardo M. Correia
9db587bf7d grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403172027 -> 3.0-3.2.55-201403202347
test:   3.0-3.13.6-201403172032 -> 3.0-3.13.6-201403202349
2014-03-21 15:41:32 +01:00
Shea Levy
e4961c63f7 Remove sec_perm patch that was needed by AUFS
Now the kernel is unpatched by default on non-MIPS!
2014-03-21 04:37:23 -04:00
Ricardo M. Correia
cc69228119 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403142107 -> 3.0-3.2.55-201403172027
test:   3.0-3.13.6-201403142112 -> 3.0-3.13.6-201403172032
2014-03-18 16:51:25 +01:00
Ricardo M. Correia
ceec014020 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403122114 -> 3.0-3.2.55-201403142107
test:   3.0-3.13.6-201403122116 -> 3.0-3.13.6-201403142112
2014-03-15 04:15:28 +01:00
Ricardo M. Correia
86b8cf954a grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403072107 -> 3.0-3.2.55-201403122114
test:   3.0-3.13.6-201403072241 -> 3.0-3.13.6-201403122116
2014-03-13 02:28:58 +01:00
Ricardo M. Correia
d999872b8d grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403022154 -> 3.0-3.2.55-201403072107
test:   3.0-3.13.5-201403031445 -> 3.0-3.13.6-201403072241
2014-03-10 17:23:17 +01:00
Austin Seipp
c4d5757e29 grsecurity updates
- stable:  3.0-3.2.55-201402241936 -> 3.0-3.2.55-201403022154
  - testing: 3.0-3.13.5-201402241943 -> 3.0-3.13.5-201403031445

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-04 01:13:22 +01:00
Ricardo M. Correia
69a83ba99f grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201402221305 -> 3.0-3.2.55-201402241936
test:   3.0-3.13.4-201402221308 -> 3.0-3.13.5-201402241943
2014-03-03 02:16:58 +01:00
Austin Seipp
7f4b97d495 grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402201903 -> 3.0-3.2.55-201402221305
 - testing: 3.0-3.13.4-201402201908 -> 3.0-3.13.4-201402221308

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 20:29:25 +01:00
Austin Seipp
18f65f3640 grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402192249 -> 3.0-3.2.55-201402201903
  - testing: 3.0-3.13.3-201402192252 -> 3.0-3.13.4-201402201908

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:16 -06:00
Austin Seipp
58e08a1a4f grsecurity: stable/testing updates
- stable:  3.0-3.2.55-201402152203 -> 3.0-3.2.55-201402192249
  - testing: 3.0-3.13.3-201402152204 -> 3.0-3.13.3-201402192252

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:53:19 -06:00
Austin Seipp
c137015328 grsecurity updates.
- stable:  3.0-3.2.54-201402062221 -> 3.0-3.2.55-201402152203
  - testing: 3.0-3.13.3-201402132113 -> 3.0-3.13.3-201402152204

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-17 07:27:51 -06:00
Evgeny Egorochkin
daa2827b99 grsecurity: update patch 2014-02-14 18:13:05 +02:00
Ricardo M. Correia
b31547654d grsecurity: Update stable and test patches
stable: 3.0-3.2.54-201401191012 -> 3.0-3.2.54-201402062221
test:   3.0-3.12.8-201401191015 -> 3.0-3.13.2-201402062224
2014-02-08 16:16:58 +01:00
Ricardo M. Correia
aeda8d63b9 grsecurity: Update stable and test patches
stable: 3.0-3.2.53-201312021727 -> 3.0-3.2.54-201401191012
test:   3.0-3.12.2-201312021733 -> 3.0-3.12.8-201401191015
2014-01-22 02:14:35 +01:00
Shea Levy
a589bfae17 Update and fix kernel packages to new kernel build
In most cases, this just meant changing kernelDev (now removed from
linuxPackagesFor) to kernel.dev. Some packages needed more work (though
whether that was because of my changes or because they were already
broken, I'm not sure). Specifics:

* psmouse-alps builds on 3.4 but not 3.10, as noted in the comments that
  were already there
* blcr builds on 3.4 but not 3.10, as noted in comments that were
  already there
* open-iscsi, ati-drivers, wis-go7007, and openafsClient don't build on
  3.4 or 3.10 on this branch or on master, so they're marked broken
* A version-specific kernelHeaders package was added

The following packages were removed:

* atheros/madwifi is superceded by official ath*k modules
* aufs is no longer used by any of our kernels
* broadcom-sta v6 (which was already packaged) replaces broadcom-sta
* exmap has not been updated since 2011 and doesn't build
* iscis-target has not been updated since 2010 and doesn't build
* iwlwifi is part of mainline now and doesn't build
* nivida-x11-legacy-96 hasn't been updated since 2008 and doesn't build

Everything not specifically mentioned above builds successfully on 3.10.
I haven't yet tested on 3.4, but will before opening a pull request.

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-04 21:17:04 -05:00
Ricardo M. Correia
61adb5962c grsecurity: Update to 3.0-3.2.53-201312021727 and 3.0-3.12.2-201312021733 2013-12-04 15:28:21 +01:00
Ricardo M. Correia
2106191003 grsecurity: Fix module loading during boot due to path restrictions 2013-11-27 01:32:50 +01:00
Ricardo M. Correia
36955aa721 grsecurity: Update to 3.0-3.2.52-201311261307 and add patch for 3.12 2013-11-27 01:32:14 +01:00
Cillian de Róiste
a34354ef81 TuxOnIce: Add a 3.10 linux kernel with the TuxOnIce hibernation patch 2013-11-23 17:21:19 +01:00
Shea Levy
504ea7662c Remove EOL'd kernels
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-11-01 11:10:05 -04:00
Ricardo M. Correia
57e9fd8bcf grsecurity: Update to 2.9.1-3.2.52-201310271550 2013-10-29 13:32:53 +01:00
Ricardo M. Correia
d32636dac4 grsecurity: Update to 2.9.1-3.2.51-201309281102 2013-10-20 08:14:28 +03:00
Ricardo M. Correia
90a2341300 grsecurity: generate linuxPackages and declare that apparmor is included 2013-10-20 08:14:28 +03:00
Ricardo M. Correia
342fcfc82f grsecurity: Update to 2.9.1-3.2.51-201309101928 2013-09-13 05:13:25 +02:00
Mathijs Kwik
273689bcbd linux-3.10: remove the btrfs send patch
it helps, but is incomplete.
more fixes are coming, but including these would change too much
generic btrfs code, which might cause trouble for others.

so the best advice is not to use btrfs send yet and wait for 3.11 or 3.12
2013-08-19 07:04:18 +02:00
Evgeny Egorochkin
27dcd771c3 Merge pull request #802 from wizeman/kernel_update
Kernel update
2013-08-11 15:08:45 -07:00
Mathijs Kwik
59025453e7 linux-3.10: backport a fix for "btrfs send"
It has been submitted for inclusion in mainline, so it will probably
make it into 3.11 (or 3.12 as 3.11 is fairly close to release).

It is very local, only affecting people who use the "send" feature.
Without it, send is unstable/unsafe to use incrementally.

It can probably be applied to 3.9 and 3.8 as well, but as I only
tested it against 3.10, so I didn't bother.
2013-08-10 13:53:17 +02:00
Ricardo M. Correia
36c2711f8b linux: update grsecurity patch 2013-08-06 02:21:00 +00:00
Eelco Dolstra
c564d012f8 Style fix 2013-08-01 01:40:41 +02:00
Eelco Dolstra
b976e00ff2 linux: Remove obsolete AUFS 3.7 patch 2013-08-01 01:40:40 +02:00
Eelco Dolstra
ff99631753 linux: Remove CIFS timeout patch
We longer use CIFS in the VM tests so we don't need this anymore.
2013-08-01 01:40:40 +02:00
Eelco Dolstra
956d71f843 linux: Remove some unused patches 2013-08-01 01:40:40 +02:00
Rob Vermaas
af2a127551 Add linux 3.2.48 with grsecurity patches 2013-07-22 21:44:31 +02:00
Ricardo M. Correia
22689567ed apparmor: Update to kernel 3.4 series (the current default) 2013-07-22 18:03:26 +02:00
Mathijs Kwik
e18f4eb50f apparmor patch: should have a name, broke nixpkgs tarball 2013-05-12 13:11:49 +02:00
Evgeny Egorochkin
8d7e1a79cc AppArmor: add a sample patched kernel. 2013-05-11 08:50:34 +03:00
Eelco Dolstra
916c1adb84 Delete all kernels older than 2.6.39
Systemd doesn't support those kernels, so there is no point in keeping
them around.
2013-03-27 23:00:02 +01:00
Shea Levy
af26af6fc7 Remove EOL'd Linux 3.6 2013-02-14 14:33:42 -05:00
Shea Levy
0ad870eb5e Remove EOL'd Linux 3.5 2013-02-14 14:32:44 -05:00
Shea Levy
c23084906b Remove EOL'd Linux 3.3 2013-02-14 14:30:31 -05:00
Shea Levy
0178a3b7b1 Remove EOL'd Linux 3.1 2013-02-14 14:28:53 -05:00
Mathijs Kwik
caf561d41a aufs3: upgrade to 1210 release, add linux-3.7 support 2012-12-13 14:00:28 +01:00
David Guibert
c604ff045e add cifs_timeout to kernel 3.5 2012-11-15 07:41:11 +01:00
Lluís Batlle i Rossell
bb3b603ea7 mips linux: Adding a patch to fix an ext3 bug in 3.5 and 3.6
I made it apply to all Mips, although the bug works only for n32 and o32 ABIs.
We don't support any n64 by now.
2012-11-06 00:16:13 +01:00
Mathijs Kwik
8f480e3035 linux-3.6: upgrade to 3.6.1
- enable aufs3 patch
- check other patches needing upgrade/enable
2012-10-09 16:05:24 +02:00
Mathijs Kwik
ce3e42df72 linux aufs3: upgrade patch and utils to 20120827 for all 3.x kernels 2012-09-16 13:05:52 +02:00
Mathijs Kwik
192b29181b linux-3.4: upgrade to 3.4.9
- aufs patch: upgrade to latest stable 3.4
2012-08-21 10:27:13 +02:00
Mathijs Kwik
6e9a6a5924 linux-3.3: upgrade to 3.3.8
- aufs patch: upgrade to latest stable 3.3
2012-08-21 10:26:44 +02:00
Mathijs Kwik
03228d60fe linux-3.5: upgrade aufs3 patch to latest stable 2012-08-16 12:00:25 +02:00
Lluís Batlle i Rossell
734bb84f09 linux-3.5: fix perf build with a patch from the perf mailing list 2012-08-10 09:41:43 +02:00
Mathijs Kwik
fb99c24d7c kernel-3.5: add aufs3 patch 2012-08-05 01:55:31 +02:00
Peter Simons
82b2588e35 Linux no-xsave.patch: commit patch into Nixpkgs since fetchurl no longer works
Patch submitted by Jan Malakhovski <oxij@oxij.org>.
2012-07-02 16:53:53 +02:00
Eelco Dolstra
1582276602 * Drop some old obsolete kernels and unused patches.
svn path=/nixpkgs/trunk/; revision=34558
2012-06-19 15:56:17 +00:00
Lluís Batlle i Rossell
3874e5812d Adding two kernel patches for mips, that make the life easier on loongson2f
(less sigill, less sigbus). Related to bad handling of FPU instructions.

I apply them only to linux 3.4, although I think they can apply to many older kernels too.


svn path=/nixpkgs/trunk/; revision=34522
2012-06-16 10:49:03 +00:00
Mathijs Kwik
46beccef20 linux kernel aufs (needed for livecd): added to 3.4
upgraded 3.3 version to stable

svn path=/nixpkgs/trunk/; revision=34468
2012-06-11 17:41:05 +00:00
Shea Levy
497a4afe72 We no longer need the bootstub config patch
svn path=/nixpkgs/trunk/; revision=33987
2012-05-05 14:26:20 +00:00
Shea Levy
50a0b839af Linux 3.3.3
This incorporates the btrfs fix, so remove that patch. Also, I will test
that this builds after committing, and fix it if it fails

svn path=/nixpkgs/trunk/; revision=33885
2012-04-23 00:12:47 +00:00
Lluís Batlle i Rossell
b35d2c6b89 Adding a patch for linux 3.3 for btrfs regarding ENOSPC.
This should solve the problem I had, where I could not boot either 3.3 or 3.3.1
in my system, as I got ENOSPC all the time.


svn path=/nixpkgs/trunk/; revision=33714
2012-04-09 21:02:17 +00:00
Shea Levy
dfcd4dd559 Add a kernel patch for the efi boot stub to read a config file when booted without arguments, and base removable media booting off of that patch
The patch is currently being discussed on LKML and hopefully will be included
in mainline in some form in the future. Note that booting from the livecd has
to do a lot of work before anything is output to the console, so if the drive
is still busy don't assume the boot has hanged

svn path=/nixpkgs/trunk/; revision=33235
2012-03-18 17:14:52 +00:00
Shea Levy
76832793f2 Linux 3.3-rc7
svn path=/nixpkgs/trunk/; revision=33007
2012-03-12 02:19:05 +00:00
Yury G. Kudryashov
38e3d7bc86 svn merge ^/nixpkgs/trunk
Not merged r32497 (tree conflict, glibc GNU Hurd update). Ludovic, could you
please look at this?

svn path=/nixpkgs/branches/stdenv-updates/; revision=32520
2012-02-23 20:06:21 +00:00
Peter Simons
9db6840814 linux kernel 3.2 : added aufs patches
svn path=/nixpkgs/trunk/; revision=32483
2012-02-22 20:29:18 +00:00
Eelco Dolstra
0beb6c6266 * Remove some obsolete patches.
svn path=/nixpkgs/branches/stdenv-updates/; revision=32379
2012-02-17 23:53:49 +00:00
Eelco Dolstra
752203c3ca * Remove broken tux-on-ice kernels.
svn path=/nixpkgs/trunk/; revision=30619
2011-11-29 14:49:32 +00:00
Shea Levy
c65ff0d37d Update aufs3.0, add aufs3.1
svn path=/nixpkgs/trunk/; revision=30329
2011-11-08 16:00:19 +00:00
Shea Levy
5e5dd16842 Remove the efi stub patch
svn path=/nixpkgs/trunk/; revision=30264
2011-11-06 17:38:51 +00:00
Shea Levy
72f41379be Add a patch to enable adding efi stub code to the linux kernel
svn path=/nixpkgs/trunk/; revision=29555
2011-10-01 23:00:48 +00:00
Shea Levy
f979d3de4e Add features.aufs2 to old kernels
svn path=/nixpkgs/trunk/; revision=29536
2011-09-28 22:13:59 +00:00
Shea Levy
ed38cc3545 aufs3-util
svn path=/nixpkgs/trunk/; revision=29535
2011-09-28 21:59:07 +00:00
Shea Levy
4add420a48 aufs3 kernelPackage
svn path=/nixpkgs/trunk/; revision=29534
2011-09-28 21:46:07 +00:00
Shea Levy
2e012018bb makeAufs3StandalonePatch: Don't unpack the kernel source
svn path=/nixpkgs/trunk/; revision=29533
2011-09-28 21:09:54 +00:00
Shea Levy
60b155479d linux-3.0: Add aufs3 patch
svn path=/nixpkgs/trunk/; revision=29532
2011-09-28 20:48:08 +00:00
David Guibert
4b3530f55d apply aufs patch to other kernels.
svn path=/nixpkgs/trunk/; revision=28708
2011-08-20 07:55:53 +00:00
David Guibert
db3eb9de85 utrace: fix urls.
But it still does not apply to recent 2.6.32 kernels.

svn path=/nixpkgs/trunk/; revision=28707
2011-08-20 06:47:13 +00:00
David Guibert
22ee5aba7a aufs for 2.6.36/39 and 3.0
svn path=/nixpkgs/trunk/; revision=28705
2011-08-20 06:39:29 +00:00
Ludovic Stordeur
e381c7c385 Added CIFS timeout patch for Linux 2.6.15
svn path=/nixpkgs/trunk/; revision=27715
2011-07-11 14:00:01 +00:00
Ludovic Stordeur
388ba0981b Added CIFS timeout patch for Linux 2.6.{25 --> 28}
svn path=/nixpkgs/trunk/; revision=27713
2011-07-11 13:59:54 +00:00
Ludovic Stordeur
b2cf02eb5e Renamed cifs-timeout-2.6.{32 --> 29} patch
Renamed cifs-timeout-2.6.32 patch to cifs-timeout-2.6.29 as this is the
older kernel version this patch applies to.

svn path=/nixpkgs/trunk/; revision=27711
2011-07-11 13:59:47 +00:00
Ludovic Stordeur
c551998c82 Added CIFS timeout patch for Linux 2.6.{35 --> 38}
svn path=/nixpkgs/trunk/; revision=27710
2011-07-11 13:59:43 +00:00
Ludovic Stordeur
df0a6394b3 Suffixed cifs timeout patch with kernel version.
Currently suffixed with 2.6.32.
This pre-patch prepares the landing of several versions of this patch to
support other Linux kernel versions.

svn path=/nixpkgs/trunk/; revision=27709
2011-07-11 13:59:40 +00:00
Shea Levy
dedd972a16 Add fbcondecor for 2.6.38
svn path=/nixpkgs/trunk/; revision=26876
2011-04-18 15:13:04 +00:00
Shea Levy
d86630472b Add aufs2.1 for 2.6.38
svn path=/nixpkgs/trunk/; revision=26811
2011-04-12 18:36:33 +00:00
Ludovic Courtès
16d86dcbe2 Linux 2.6.{25,28}: Allow compilation with recent Glibc.
svn path=/nixpkgs/trunk/; revision=26741
2011-04-07 13:57:43 +00:00
Lluís Batlle i Rossell
6eaaa06077 Committing on behalf of Shea Levy:
This patch adds a "features.aufs2_1" to the aufs-2.1 patch for Linux
2.6.37 to prevent aufs2_1 and aufs2_1_util from being options for
kernels without an aufs 2.1 patch. There were several Hydra build
failures as a result of attempting to build aufs2.1 against older
kernels.

svn path=/nixpkgs/trunk/; revision=26597
2011-03-30 08:16:44 +00:00
Lluís Batlle i Rossell
1357904982 Committing the aufs2.1 patch by Shea Levy. His comments:
* My motivation for this patch is that kernels < 2.6.36 contain an
     e1000e that does not support the ethernet card that is part of the
     chipset for the second-generation Core-i Intel CPUs, so in order
     to have a more useful livecd I needed to get aufs working with a
     newer kernel, and 2.6.37 is the latest kernel with an official
     aufs release.
   * All sources are downloaded with fetchgit. This is because the aufs
     upstream doesn't provide release tarballs, they just add a tag to
     their git tree for an official release.
   * The make target for the aufs2.1 headers uses a Makefile in the
     kernel build directory that requires that unifdef be in the
     scripts/ subdirectory of the build directory. The way I've dealt
     with this here is by adding "make $makeFlags -C scripts unifdef"
     to the postBuild in the kernel builder. Since the builder is used
     by all kernel versions, this will require rebuilding every kernel
     and kernel-dependent package if the patch is accepted, so one
     alternative I thought of would be to create a fake kernel build
     directory where everything is symlinked to the real build
     directory except scripts/, which is first copied and then make
     unifdef is run before building aufs2.1. If that more complicated
     solution is preferred, or if anyone has ideas for another one, I
     can do that and submit a new patch.
   * The patch was tested by building a livecd ISO that uses it, then
     running the ISO from within virtualbox and installing aufs2.1-util
     from within the livecd environment.
   * The livecd was built using installation-cd-minimal.nix, with two
     changes to the Nixos tree:
        1. boot.kernelPackages = pkgs.linuxPackages_2_6_37 was added to
           profiles/minimal.nix
        2. config.boot.kernelPackages.aufs2 was changed to
           config.boot.kernelPackages.aufs2_1 in iso-image.nix
     I would have preferred to keep all changes within
     profiles/minimal.nix, but I couldn't figure out how to override
     iso-image.nix's definition of boot.extraModulePackages. Livecds
     that use an older kernel can't be built with this iso-image.nix,
     since we don't have aufs2.1 for them (just aufs2). If someone can
     point me to how I can override things set in iso-image.nix, I'd
     appreciate it.

make -C scripts unifdef compiles the unifdef application in the
scripts/ directory, and when Nix copies over the build tree to
$out/lib/modules/$version/build for kernel modules to reference, it
copies over all of scripts/ except the .o files. I can't speak for
other kernel versions, but at the least for 2.6.37.1 unifdef is not
built by default. If you look at the Makefile in scripts, unifdef is
listed  under a comment saying that the following programs are only
built on-demand.

svn path=/nixpkgs/trunk/; revision=26548
2011-03-27 15:18:39 +00:00
Lluís Batlle i Rossell
f6e3d3e10d Adding tuxonice for some recent kernels.
svn path=/nixpkgs/trunk/; revision=26447
2011-03-21 15:53:22 +00:00
Lluís Batlle i Rossell
84ca32b293 Adding tuxonice for 2.6.35
svn path=/nixpkgs/trunk/; revision=26446
2011-03-21 15:42:21 +00:00
Lluís Batlle i Rossell
8ab38a2828 Adding the fbcondecor patch for 2.6.37, by Shea Levy
svn path=/nixpkgs/trunk/; revision=26428
2011-03-19 20:44:45 +00:00
Eelco Dolstra
5cc5e16104 * Remove the xen-pvclock-resume patch, which has finally been merged
into 2.6.32.

svn path=/nixpkgs/trunk/; revision=26149
2011-03-03 15:36:13 +00:00
Lluís Batlle i Rossell
13a8b34a81 Fix for a syscall restart bug on linux-mips
svn path=/nixpkgs/branches/stdenv-updates/; revision=24791
2010-11-21 15:26:36 +00:00
Lluís Batlle i Rossell
f4f84af4ab Updating from trunk. I only had to take away the usual stdenv2 in
all-packages.nix


svn path=/nixpkgs/branches/stdenv-updates/; revision=24553
2010-10-31 19:30:31 +00:00
Eelco Dolstra
85a0cd1385 * A better fix for the Xen clock problem.
svn path=/nixpkgs/trunk/; revision=24488
2010-10-26 13:08:51 +00:00
Eelco Dolstra
5762edd607 * Linux 2.6.32: revert upstream patch
489fb490dbf8dab0249ad82b56688ae3842a79e8.  It causes the DomU clock
  to jump into the future and freeze after being saved and restored
  across a Dom0 reboot.  See 

    http://lists.xensource.com/archives/html/xen-devel/2010-10/msg00498.html
    http://lists.xensource.com/archives/html/xen-devel/2010-10/msg01174.html

svn path=/nixpkgs/trunk/; revision=24473
2010-10-25 16:36:42 +00:00
Lluís Batlle i Rossell
bf6f39fb7c Adding a patch fixing ARM trouble on the recent linux 2.6.35
svn path=/nixpkgs/branches/stdenv-updates/; revision=24158
2010-10-07 22:10:28 +00:00
Lluís Batlle i Rossell
2c5de61327 Updating from trunk.
svn path=/nixpkgs/branches/stdenv-updates/; revision=23840
2010-09-17 19:10:21 +00:00
Ludovic Courtès
078353fc15 Linux: Add GuruPlug-related patches.
svn path=/nixpkgs/trunk/; revision=23833
2010-09-17 15:56:42 +00:00
Lluís Batlle i Rossell
a42e571e33 Trying to fix an URL for a patch (the previous URL did not work anyamore)
svn path=/nixpkgs/branches/stdenv-updates/; revision=23700
2010-09-09 17:07:12 +00:00
Lluís Batlle i Rossell
bd17763fbb Fixing an url on kernel patches
svn path=/nixpkgs/branches/stdenv-updates/; revision=23639
2010-09-05 05:59:55 +00:00
Michael Raskin
d3d44dc6d3 Add AUFS patch for 2.6.35
svn path=/nixpkgs/trunk/; revision=23288
2010-08-20 20:46:12 +00:00
Yury G. Kudryashov
10c5146a78 Add fbcondecor-2.6.35
svn path=/nixpkgs/trunk/; revision=23286
2010-08-20 20:12:03 +00:00
Eelco Dolstra
3f287cfb1d * Ensure that the dell-bluetooth device does not stay in the "hard
blocked" state.

svn path=/nixpkgs/branches/x-updates/; revision=22730
2010-07-25 12:15:59 +00:00
Eelco Dolstra
3d442ad185 * Apply a patch that is apparently required to make the kernel work
properly on Amazon EC2.
* Always apply the CIFS timeout patch.  It's rather annoying to have
  to build a separate kernel for the VM tests.

svn path=/nixpkgs/trunk/; revision=22630
2010-07-18 21:10:46 +00:00
Eelco Dolstra
cb5bcfa04a * In the VM tests, apply a patch to increase the 15s timeout on CIFS
operations to 120s.  This is necessary if the host is heavily
  loaded.  For instance, in the Hydra build farm, if there are many
  concurrent jobs, VM builds often fail because they hit the timeout.

svn path=/nixpkgs/trunk/; revision=22347
2010-06-20 20:52:08 +00:00
David Guibert
c6b05c7164 aufs2: patch for kernel 2.6.34
svn path=/nixpkgs/trunk/; revision=22178
2010-06-08 06:29:02 +00:00
Eelco Dolstra
6daa7866ca * Only build aufs2 for kernels that have the requisite base/standalone
patch applied.

svn path=/nixpkgs/trunk/; revision=22037
2010-05-28 09:29:39 +00:00
Eelco Dolstra
74b6d94ed5 * Get aufs2 and aufs2-util to build against Linux 2.6.32.
svn path=/nixpkgs/trunk/; revision=22032
2010-05-28 07:09:15 +00:00
Ludovic Courtès
588be9d6db Add a Linux kernel suitable for SystemTap.
svn path=/nixpkgs/trunk/; revision=21618
2010-05-05 19:48:46 +00:00
Eelco Dolstra
61c9c2434f * Updated fbcondecor for Linux 2.6.33.
svn path=/nixpkgs/trunk/; revision=20257
2010-02-25 14:15:42 +00:00
Eelco Dolstra
e3c2b77c11 * Add the gcov patch to patches.nix.
svn path=/nixpkgs/trunk/; revision=19190
2010-01-03 17:57:08 +00:00
Eelco Dolstra
2e5908b1df * Use the kernel config generator for Linux 2.6.25.
svn path=/nixpkgs/branches/kernel-config/; revision=18948
2009-12-14 19:08:20 +00:00
Eelco Dolstra
03b4efe9c8 * Use the kernel config generator for Linux 2.6.27.
* Move kernel patches out of all-packages.nix to
  os-specific/linux/kernel/patches.nix.
* Make the kernel config available under $out/config (it's also in
  $out/lib/modules/$version/build/.config, but that's kind of hard to
  find).

svn path=/nixpkgs/branches/kernel-config/; revision=18937
2009-12-14 15:28:55 +00:00