cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
64060 commits 1 branch 0 tags 3.7 GiB
Commit graph

1233 commits

Author SHA1 Message Date
Peter Simons
ec6b82a0c2 Merge branch 'master' into staging. 2015-01-19 18:41:17 +01:00
William A. Kennington III
fb921695b6 kernel: Fix grsec patch for 3.18.3 2015-01-18 21:11:07 -08:00
William A. Kennington III
2c02b7caff kernel: 3.14.28 -> 3.14.29 2015-01-18 21:11:07 -08:00
William A. Kennington III
f23cb7d925 kernel: 3.12.35 -> 3.12.36 2015-01-18 21:11:07 -08:00
William A. Kennington III
9fce7cced9 kernel: 3.10.64 -> 3.10.65 2015-01-18 21:11:07 -08:00
Aristid Breitkreuz
46a938ad3a linux 3.18.3 2015-01-17 16:31:13 +00:00
Vladimír Čunát
88089559b9 Merge #5676: gcc-wrapper -> cc-wrapper and related 2015-01-17 08:43:04 +01:00
Ricardo M. Correia
1f28bfa284 grsecurity: Update stable and test patches 
stable: 3.0-3.14.28-201501120819 -> 3.0-3.14.28-201501142323
test:   3.0-3.18.2-201501120821  -> 3.0-3.18.2-201501142325
 2015-01-16 02:47:12 +01:00
William A. Kennington III
1ec68e0d13 kernel: Fix path to stp bridge helper 2015-01-14 10:34:28 -08:00
William A. Kennington III
3d4b315d91 Revert "kernel: Add a patch to remove checks for bridge stp helpers" 
This reverts commit f64c3ce18d.
 2015-01-13 15:34:26 -08:00
William A. Kennington III
f64c3ce18d kernel: Add a patch to remove checks for bridge stp helpers 2015-01-13 15:24:02 -08:00
Vladimír Čunát
1575bc652e Merge branch 'master' into staging 
Conflicts (simple):
	pkgs/os-specific/linux/util-linux/default.nix

It seems this merge creates a new stdenv hash,
because we had changes on both branches :-/
 2015-01-13 18:07:11 +01:00
Ricardo M. Correia
757071af5b grsecurity: Update stable and test patches 
stable: 3.0-3.14.28-201501111421 -> 3.0-3.14.28-201501120819
test:   3.0-3.18.2-201501111422  -> 3.0-3.18.2-201501120821
 2015-01-12 18:21:22 +01:00
William A. Kennington III
97783b87c0 kernel: 3.14.27 -> 3.14.28 2015-01-11 23:59:13 -08:00
William A. Kennington III
33651bb865 kernel: 3.18.1 -> 3.18.2 2015-01-11 23:58:19 -08:00
William A. Kennington III
6521141d09 kernel: Remove 3.16 2015-01-11 23:55:38 -08:00
William A. Kennington III
ba6648b142 kernel: 3.2.65 -> 3.2.66 2015-01-11 23:55:37 -08:00
William A. Kennington III
980758bdee kernel: 3.17.7 -> 3.17.8 2015-01-11 23:55:37 -08:00
William A. Kennington III
38eb7af3cd kernel: 3.10.63 -> 3.10.64 2015-01-11 23:55:37 -08:00
William A. Kennington III
e0098e8408 Revert "linux kernel: set VFIO_PCI_VGA to y for versions > 3.9" 
This reverts commit 774486a149.
 2015-01-07 10:55:06 -08:00
Jan Malakhovski
774486a149 linux kernel: set VFIO_PCI_VGA to y for versions > 3.9 
This allows to passthrough PCI video adapters to KVM virtual machines.
VFIO_PCI is set to `m` by default, which means this will not affect
non-users.
 2015-01-07 11:08:58 +00:00
Ricardo M. Correia
e90bfba2f6 grsecurity: Update stable and test patches 
stable: 3.0-3.14.27-201412280859 -> 3.0-3.14.27-201501042018
test:   3.0-3.18.1-201412281149  -> 3.0-3.18.1-201501042021
 2015-01-07 05:49:56 +01:00
Nikolay Amiantov
e9d868de63 kernel: enable intel_pstate 2015-01-06 03:07:32 +03:00
Vladimír Čunát
6671aff83e linux kernel determinism: unify timestamp style 
Testing showed the linux build is sensitive to /usr/include/ncursesw
unless chrooted (on non-nixos).
On a single chrooted nixos machine, -A linux is binary reproducible.

CC #2281 & @alexanderkjeldaas.
 2015-01-03 13:54:32 +01:00
Domen Kožar
c510f3da49 fix eval /cc @vcunat 2015-01-02 13:55:19 +01:00
Vladimír Čunát
d8c5d95330 determinism: change some fixed timestamp to != (time_t)0 
vcunat removed the unrelated glib change.
Conflicts:
	pkgs/development/libraries/glib/default.nix
	pkgs/os-specific/linux/kernel/generic.nix
	pkgs/os-specific/linux/kernel/manual-config.nix
 2014-12-30 17:03:39 +01:00
Ricardo M. Correia
1d44322d53 grsecurity: Update stable and test patches 
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test:   3.0-3.17.7-201412211910  -> 3.0-3.18.1-201412281149
 2014-12-29 03:00:47 +01:00
Ricardo M. Correia
a8e33da2dd grsecurity: Update stable and test patches 
stable: 3.0-3.14.27-201412170659 -> 3.0-3.14.27-201412211908
test:   3.0-3.17.7-201412170700  -> 3.0-3.17.7-201412211910
 2014-12-22 20:33:00 +01:00
William A. Kennington III
7e8c5b578a kernel: 3.14.26 -> 3.14.27 2014-12-17 14:36:38 -08:00
William A. Kennington III
eea5383b48 kernel: 3.17.6 -> 3.17.7 2014-12-17 14:36:29 -08:00
William A. Kennington III
be96c7e283 Revert "kernel: 3.14.26 -> 3.14.27" 
This reverts commit 4eaecca7b1.
 2014-12-16 14:15:55 -08:00
William A. Kennington III
66332cdee1 Revert "kernel: 3.17.6 -> 3.17.7" 
This reverts commit d3a61d88aa.
 2014-12-16 14:15:47 -08:00
William A. Kennington III
d3a61d88aa kernel: 3.17.6 -> 3.17.7 2014-12-16 14:13:03 -08:00
William A. Kennington III
4eaecca7b1 kernel: 3.14.26 -> 3.14.27 2014-12-16 14:12:57 -08:00
William A. Kennington III
8643578aa5 kernel: 3.2.64 -> 3.2.65 2014-12-16 14:12:21 -08:00
William A. Kennington III
980c702342 kernel: 3.18 -> 3.18.1 2014-12-16 14:12:21 -08:00
William A. Kennington III
6ea3763f22 kernel: 3.12.34 -> 3.12.35 2014-12-16 14:11:13 -08:00
William A. Kennington III
7c2b8b333f kernel: 3.10.62 -> 3.10.63 2014-12-16 14:11:07 -08:00
William A. Kennington III
042f266e10 kernel: 3.14.25 -> 3.14.26 2014-12-08 23:24:50 -08:00
William A. Kennington III
c8abfe37ab kernel: 3.17.4 -> 3.17.6 2014-12-08 23:23:42 -08:00
William A. Kennington III
20e2d94089 kernel: 3.4.104 -> 3.4.105 2014-12-08 23:21:40 -08:00
William A. Kennington III
845f647b86 kernel: 3.12.33 -> 3.12.34 2014-12-08 23:21:07 -08:00
William A. Kennington III
98791f57c8 kernel: 3.10.61 -> 3.10.62 2014-12-08 23:21:04 -08:00
William A. Kennington III
a6f4c3624e kernel: Add 3.18 2014-12-08 23:18:04 -08:00
Domen Kožar
4aa3eec330 Merge branch 'master' into staging 
Conflicts:
	pkgs/development/libraries/fontconfig/default.nix
 2014-12-07 14:02:48 +01:00
Ricardo M. Correia
7ce1cbed93 grsecurity: Update stable and test patches 
stable: 3.0-3.14.25-201411260106 -> 3.0-3.14.25-201412040016
test:   3.0-3.17.4-201411260107  -> 3.0-3.17.4-201412040017
 2014-12-05 18:26:21 +01:00
William A. Kennington III
fe21ac3903 linux: 3.18.0-rc6 -> 3.18.0-rc7 2014-12-01 01:49:05 -08:00
Vladimír Čunát
cbd2305d4d Merge branch 'master' into staging 2014-11-28 18:59:07 +01:00
Ricardo M. Correia
6f31905563 grsecurity: Update stable and test patches 
stable: 3.0-3.14.25-201411231452 -> 3.0-3.14.25-201411260106
test:   3.0-3.17.4-201411231452  -> 3.0-3.17.4-201411260107
 2014-11-27 18:36:01 +01:00
Vladimír Čunát
a68c1adc35 *: fix builds by disregarding warning from new glibc 
Says: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
CC: #4803. There will likely appear more of these errors on Hydra in time.
 2014-11-26 23:40:03 +01:00
Ricardo M. Correia
c07f81ce89 grsecurity: Update stable and test patches 
stable: 3.0-3.14.25-201411220954 -> 3.0-3.14.25-201411231452
test:   3.0-3.17.4-201411220955  -> 3.0-3.17.4-201411231452
 2014-11-24 03:53:28 +01:00
William A. Kennington III
acefc22209 kernel: 3.18.0-rc5 -> 3.18.0-rc6 2014-11-23 16:49:25 -08:00
William A. Kennington III
d1493bc1ee kernel: 3.14.24 -> 3.14.25 2014-11-23 02:47:36 -08:00
Jonathan Rudenberg
30578e30d8 kernel: 3.17.3 -> 3.17.4 2014-11-22 16:50:16 -05:00
William A. Kennington III
30597a9c7a kernel: 3.12.32 -> 3.12.33 2014-11-21 14:39:15 -08:00
William A. Kennington III
f1b9f88e5b kernel: 3.10.60 -> 3.10.61 2014-11-21 14:38:48 -08:00
William A. Kennington III
eac8fcff1a kernel: 3.18-rc4 -> 3.18-rc5 2014-11-17 00:13:04 -08:00
William A. Kennington III
f4a27311b7 kernel: 3.14.23 -> 3.14.24 2014-11-14 23:03:54 -08:00
William A. Kennington III
0ef4ee5d06 kernel: 3.17.2 -> 3.17.3 2014-11-14 23:03:47 -08:00
William A. Kennington III
1a405c999e kernel: Remove 3.15 2014-11-14 11:05:51 -08:00
William A. Kennington III
256669cf41 kernel: Remove 3.17 buildfix 2014-11-14 10:59:46 -08:00
William A. Kennington III
642a161112 kernel: 3.2.63 -> 3.2.64 2014-11-14 10:59:46 -08:00
William A. Kennington III
2fab8d1198 kernel: 3.10.59 -> 3.10.60 2014-11-14 10:49:29 -08:00
William A. Kennington III
557a3c92e3 kernel: Don't enable the iommu by default as this breaks for some hardware 2014-11-13 16:23:49 -08:00
Domen Kožar
7ff9cd2c41 more kernel fixes 2014-11-11 09:22:18 +01:00
William A. Kennington III
189e73de98 kernel-testing: 3.18-rc3 -> 3.18-rc4 2014-11-10 22:30:43 -08:00
Domen Kožar
b9388e9711 fix kernel builds on 32bit linux 2014-11-11 07:06:09 +01:00
Eelco Dolstra
e78a1603fc linux: Enable BPF_JIT only on 64-bit 
It's not supported on i686.

http://hydra.nixos.org/build/16834647
 2014-11-10 20:21:28 +01:00
Ricardo M. Correia
c108ab47be grsecurity: Update stable and test patches 
stable: 3.0-3.14.23-201411062033 -> 3.0-3.14.23-201411091053
test:   3.0-3.17.2-201411062034  -> 3.0-3.17.2-201411091054
 2014-11-10 19:34:00 +01:00
Ricardo M. Correia
5701e40681 grsecurity: Update stable and test patches 
stable: 3.0-3.14.23-201410312212 -> 3.0-3.14.23-201411062033
test:   3.0-3.17.2-201410312213  -> 3.0-3.17.2-201411062034
 2014-11-09 02:47:54 +01:00
lethalman
27b79a0469 Merge pull request #4780 from ambrop72/kernel-ppp-filter 
kernel: Enable PPP_FILTER by default.
 2014-11-08 12:41:13 +01:00
William A. Kennington III
d88c5eed1d kernel: Add more supported features 2014-11-08 02:44:19 -08:00
Domen Kožar
a0696b4536 linux_3_12: fix hash 2014-11-07 12:39:04 +01:00
Eelco Dolstra
1d5147dd17 linux: Update to 3.12.32 2014-11-06 15:12:01 +01:00
Jonathan Rudenberg
a97452a000 linux: Update testing 3.17-rc2 -> 3.18-rc3 2014-11-03 14:14:53 -05:00
ambrop7@gmail.com
fc533f0e84 kernel: Enable PPP_FILTER by default. 
pppd will try to use it to improve efficiency and complain if it's not available
(but is is not mandatory).
 2014-11-02 15:10:09 +01:00
Ricardo M. Correia
268c72b92b grsecurity: Update stable and test patches 
stable: 3.0-3.14.22-201410250026 -> 3.0-3.14.23-201410312212
test:   3.0-3.17.1-201410281754  -> 3.0-3.17.2-201410312213
 2014-11-01 17:25:22 +01:00
Alexander Kjeldaas
85972fb58d Document likely breakage when people update the kernel. 2014-11-01 09:35:20 +01:00
William A. Kennington III
0467a79129 kernel: 3.16.6 -> 3.16.7 2014-10-30 14:39:17 -07:00
William A. Kennington III
5b37f998fd kernel: 3.14.22 -> 3.14.23 2014-10-30 14:38:41 -07:00
William A. Kennington III
3ff30fa254 kernel: 3.10.58 -> 3.10.59 2014-10-30 14:38:10 -07:00
William A. Kennington III
6e91f53d87 kernel: Add update script 2014-10-30 14:37:22 -07:00
Shea Levy
659db7e5b2 linux-3.17: bump 2014-10-30 13:09:18 -04:00
Ricardo M. Correia
a9170c0dba grsecurity: Update stable and test patches 
stable: 3.0-3.14.22-201410192047 -> 3.0-3.14.22-201410250026
test:   3.0-3.17.1-201410192051  -> 3.0-3.17.1-201410281754
 2014-10-30 12:47:36 +01:00
Eelco Dolstra
bac50c5c1f linux: Update to 3.12.31 2014-10-27 11:21:18 +01:00
lethalman
2c0cc6cedc Merge pull request #4587 from uzska/master 
Added line SCSI_SAS_ATA y on line 62
 2014-10-24 09:39:40 +02:00
Alexander Kjeldaas
005bb796e6 Updated grsec. 2014-10-22 02:18:41 +02:00
Eelco Dolstra
38ed4d4d0f linux: Enable FW_LOADER_USER_HELPER_FALLBACK 
We don't really need this anymore, except that our docs say that you
can put firmware in /root/test-firmware, which doesn't work via
/sys/module/firmware_class/parameters/path.
 2014-10-20 13:25:00 +02:00
uzska
0fa57137cf Added line SCSI_SAS_ATA y on line 62 
This kernel change will make the nixOS live cd detect the hard drive upon boot.
 2014-10-17 13:31:08 -07:00
William A. Kennington III
13b9917298 kernel: Fix missing ; 2014-10-16 13:58:18 -07:00
William A. Kennington III
1962fd80f6 kernel: 3.4.103 -> 3.4.104 2014-10-16 13:56:14 -07:00
William A. Kennington III
fdb4e34459 kernel: 3.2.62 -> 3.2.63 2014-10-16 13:56:10 -07:00
William A. Kennington III
0a82ce360d kernel: 3.17 -> 3.17.1 2014-10-16 13:56:06 -07:00
William A. Kennington III
b8ee248137 kernel: 3.16.4 -> 3.16.6 2014-10-16 13:56:01 -07:00
William A. Kennington III
287ce68d38 kernel: 3.14.20 -> 3.14.22 2014-10-16 13:55:55 -07:00
William A. Kennington III
8c138fd489 kernel: 3.12.29 -> 3.12.30 2014-10-16 13:55:50 -07:00
William A. Kennington III
242070abfc kernel: 3.10.56 -> 3.10.58 2014-10-16 13:55:38 -07:00
Ricardo M. Correia
c615793317 grsecurity: Update stable and test patches 
stable: 3.0-3.14.19-201409282024 -> 3.0-3.14.20-201410062037
test:   3.0-3.16.3-201409282025  -> 3.0-3.16.4-201410062041
 2014-10-07 16:55:49 +02:00
William A. Kennington III
5b80f24b9d kernel: 3.16.3 -> 3.16.4 2014-10-05 21:34:31 -07:00
William A. Kennington III
c2a301731a kernel: 3.14.19 -> 3.14.20 2014-10-05 21:34:18 -07:00
William A. Kennington III
4a2ecb2c62 kernel: 3.12.28 -> 3.12.29 2014-10-05 21:34:04 -07:00
William A. Kennington III
c4c28e36e6 kernel: 3.10.55 -> 3.10.56 2014-10-05 21:33:50 -07:00
Michael Raskin
4397ec5cab Add Linux 3.17 2014-10-06 02:43:58 +04:00
Ricardo M. Correia
bbdc35d4dd grsecurity: Update stable and test patches 
stable: 3.0-3.14.19-201409180900 -> 3.0-3.14.19-201409282024
test:   3.0-3.16.3-201409180901  -> 3.0-3.16.3-201409282025
 2014-09-29 14:44:20 +02:00
Ricardo M. Correia
cf61fa8013 grsecurity: Update stable and test patches 
stable: 3.0-3.14.18-201409060013 -> 3.0-3.14.19-201409180900
test:   3.0-3.16.2-201409060014  -> 3.0-3.16.3-201409180901
 2014-09-25 23:37:26 +02:00
William A. Kennington III
df12cc6ad0 kernel: 3.16.2 -> 3.16.3 2014-09-19 16:28:45 -07:00
William A. Kennington III
a235f6fc70 kernel: 3.14.18 -> 3.14.19 2014-09-19 16:28:32 -07:00
William A. Kennington III
03f044bb5a kernel: 3.10.54 -> 3.10.55 2014-09-19 16:28:20 -07:00
Eelco Dolstra
19b1fafe5f linux: Update to 3.12.28 2014-09-08 15:49:27 +02:00
Ricardo M. Correia
238a84ac78 grsecurity: Update stable and test patches 
stable: 3.0-3.14.17-201408260041 -> 3.0-3.14.18-201409060013
test:   3.0-3.15.10-201408212335 -> 3.0-3.16.2-201409060014
 2014-09-08 15:16:38 +02:00
William A. Kennington III
844aef5bcf kernel: 3.16.1 -> 3.16.2 2014-09-06 18:10:13 -07:00
William A. Kennington III
ed7ce2bd81 kernel: 3.14.17 -> 3.14.18 2014-09-06 18:10:01 -07:00
William A. Kennington III
d3f80b36ba kernel: 3.10.53 -> 3.10.54 2014-09-06 18:09:48 -07:00
Daniel Peebles
0bb14e4fea Disable NFC on 3.17 or above 
This should only be temporary, but there's a bug in the 3.17 rc1 and rc2 that leads to cyclic module dependencies and a segfault during the build process.
 2014-08-29 01:49:32 -04:00
Daniel Peebles
1eb08ee693 Add patch to fix 3.17 build breakage (also submitted to lkml, but not yet merged) 2014-08-28 22:45:32 -04:00
Austin Seipp
2dc2699ca4 linux/grsec: updates 
3.15.10 is EOL soon, but grsecurity/unstable hasn't moved to 3.16.x yet.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-08-27 15:14:19 -05:00
Eelco Dolstra
ce6b86cc68 Fix various evaluation problems 
http://hydra.nixos.org/build/13616685
 2014-08-22 11:57:40 +02:00
Eelco Dolstra
e4752d7877 linux: Enable ACLs in ext3 
http://hydra.nixos.org/build/13462892
 2014-08-18 14:33:09 +02:00
William A. Kennington III
83b2d409ff kernel: 3.2.60 -> 3.2.62 2014-08-14 12:48:06 -05:00
William A. Kennington III
b07f77b2fb kernel: 3.4.101 -> 3.4.103 2014-08-14 12:46:53 -05:00
William A. Kennington III
ca68015291 kernel: 3.10.51 -> 3.10.53 2014-08-14 12:45:14 -05:00
William A. Kennington III
f143df3a09 kernel 3.14.15 -> 3.14.17 2014-08-14 12:44:25 -05:00
William A. Kennington III
ca0aa7e8d1 kernel: 3.15.8 -> 3.15.10 2014-08-14 12:43:41 -05:00
William A. Kennington III
e9ae222199 kernel: 3.16 -> 3.16.1 2014-08-14 12:42:53 -05:00
Eelco Dolstra
8a7f3c3618 Mark a bunch of packages as broken or not supported on Darwin 2014-08-08 17:59:02 +02:00
aszlig
4834717507
linux-kernel: Add new upstream version 3.16. 
Also set linux_latest to it as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-08-04 02:41:54 +02:00
William A. Kennington III
317d4253ea kernel: 3.15.7 -> 3.15.8 2014-08-02 18:04:08 -05:00
William A. Kennington III
63cc1fd8ad kernel: 3.14.14 -> 3.14.15 2014-08-02 18:02:15 -05:00
William A. Kennington III
eb9ee180d9 kernel: 3.12.25 -> 3.12.26 2014-08-02 18:00:46 -05:00
William A. Kennington III
89d5655670 kernel: 3.10.50 -> 3.10.51 2014-08-02 17:58:31 -05:00
William A. Kennington III
ae11e59949 kernel: 3.4.100 -> 3.4.101 2014-08-02 17:56:53 -05:00
William A. Kennington III
ff747dd24f kernel: 3.15.5 -> 3.15.7 2014-07-29 13:17:11 -05:00
William A. Kennington III
2494e2bb09 kernel: 3.14.12 -> 3.14.14 2014-07-29 13:15:42 -05:00
William A. Kennington III
dd9a5aeade kernel: 3.10.48 -> 3.10.50 2014-07-29 13:13:38 -05:00
William A. Kennington III
47d50bf684 kernel: 3.4.98 -> 3.4.100 2014-07-29 13:08:37 -05:00
Mateusz Kowalczyk
7a45996233 Turn some license strings into lib.licenses values 2014-07-28 11:31:14 +02:00
Eelco Dolstra
0852d9e364 linux: Update to 3.12.25 2014-07-24 18:14:53 +02:00
Bjørn Forsman
28cb0f58c4 linux: only enable CONFIG_NFS_SWAP for v3.6+ kernels 
Linux v3.6 is the earliest version with CONFIG_NFS_SWAP support. This
change unbreaks NixOS tests for older kernels.
 2014-07-16 12:13:06 +02:00
Ricardo M. Correia
85e444f4f8 linux: Enable NFSv4.1, v4.2 clients and swap on NFS 
I'm only enabling for kernels >= 3.11 to be conservative, because clients and
servers automatically negotiate and use the highest mutually supported version
by default, but only in kernel 3.11 server NFSv4.1 support actually became RFC
compliant.

I'm also adding support for swap on NFS, which is enabled by default on
Ubuntu kernels.
 2014-07-15 15:07:25 +02:00
Vladimír Čunát
eb659e89b4 linux_*: update, including CVE-2014-4699 (most likely) 
CC #3196. No updates yet on 3.2 and 3.12 branches.
 2014-07-09 22:54:08 +02:00
Eelco Dolstra
1596c3a012 linux: Update to 3.12.24 
CVE-2014-4508, CVE-2014-0206.
 2014-07-07 18:21:34 +02:00
Ricardo M. Correia
b50074929e grsecurity: Update stable and test patches 
stable: 3.0-3.14.9-201406262057 -> 3.0-3.14.10-201407012152
test:   3.0-3.15.2-201406262058 -> 3.0-3.15.3-201407012153
 2014-07-03 11:37:19 +02:00
Ricardo M. Correia
d4243e2a00 linux: Update to 3.14.10 2014-07-03 11:35:28 +02:00
Michael Raskin
e303e18608 Update Linux 3.15 to 3.15.3 2014-07-01 14:28:52 +04:00
Michael Raskin
efb0c56db4 Update linux_testing and enable parallel build of Linux kernel 2014-06-30 10:52:33 +04:00
Michael Raskin
0ecfc6cb49 Merge pull request #2213 from thoughtpolice/kernel-config 
nixos: make several kernel common-config options optional
 2014-06-30 09:01:08 +04:00
Austin Seipp
dd56bfbd00 kernel/grsec: updates 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-06-27 00:52:12 -05:00
Vladimír Čunát
7998a598b6 linux-3.13: remove, as it's vulnerable 
CC #3090.
 2014-06-26 11:50:15 +02:00
Vladimír Čunát
7f97fafe4f linux-3.12: security update .22 ->.23, CVE-2014-0206 
CC #3090.
 2014-06-26 11:33:00 +02:00
Austin Seipp
0399c5ee24 grsecurity: update stable/testing kernels, refactoring 
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-06-22 22:29:10 -05:00
Michael Raskin
c68e3418fb Update 3.16-rc to -rc2: -rc1 has problems with mounting BtrFS, will test -rc2 2014-06-22 19:45:07 +04:00
Austin Seipp
b8ede68b25 kernel/grsec: updates 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-06-21 22:13:49 -05:00
Michael Raskin
8297a26746 Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16. 2014-06-18 00:23:48 +02:00
Mathijs Kwik
5bc69209b1 linux-3.15: upgrade to 3.15.1 2014-06-17 08:17:38 +02:00
Eelco Dolstra
27c72f337b linux: Update to 3.12.22 
Fixes CVE-2014-3153 (local privilege escalation via futex()).
 2014-06-13 17:44:02 +02:00
William A. Kennington III
8bb2313915 kernel: Add 3.15 2014-06-08 16:39:47 -05:00
William A. Kennington III
d91eacd720 kernel: 3.14.5 -> 3.14.6 (close #2868) 2014-06-08 09:12:05 +02:00
Austin Seipp
b43421221f kernel/grsec: updates; add mainline package for brave souls 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-06-05 06:06:19 -05:00
Eelco Dolstra
246edc3df2 linux: Update to 3.12.21 2014-06-05 12:54:37 +02:00
William A. Kennington III
3a0b265af9 kernel: 3.14.4 -> 3.14.5 (close #2831) 2014-06-05 10:34:40 +02:00
Michael Raskin
f9c05a3bad Merge pull request #2378 from wizeman/u/kernel-zram 
linux: Add support for zram
 2014-05-27 01:40:18 -07:00
Eelco Dolstra
2ee6c0c63e linux: Update to 3.12.20 2014-05-19 16:03:37 +02:00
Austin Seipp
ac38b32974 kernel/grsec: another optional option 
This should fix the testing kernels.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-18 08:57:10 -05:00
Austin Seipp
e64e3ad88a kernel: only use DEBUG_STACKOVERFLOW if !grsecurity 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-18 08:56:52 -05:00
Austin Seipp
80d0e31a94 kernel: allow features to be used in common-config 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-18 08:49:32 -05:00
Austin Seipp
657998dbcb kernel/common-config: Another optional option 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 19:44:03 -05:00
Austin Seipp
b5b434c98a kernel: make some common-config options optional for grsec 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1 grsec: refactor grsecurity packages 
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 14:09:43 -05:00
Austin Seipp
cb894d4fc3 grsec: updates 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 14:09:09 -05:00
Austin Seipp
92abc4c610 kernel: enable AppArmor by default 
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 14:09:09 -05:00
Austin Seipp
3efdeef6a3 linux-3.{4,10}: update 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 14:09:09 -05:00
Eelco Dolstra
3d1d9bb7dd linux-3.12: Apply patch for CVE-2014-0196 2014-05-14 14:11:48 +02:00
Vladimír Čunát
9c8ee7a7e5 linux: minor updates, probably often fixing CVE-2014-0196 2014-05-13 20:00:21 +02:00
Eelco Dolstra
abbf643ae2 linux: Update to 3.12.19 
Backport: 14.04
 2014-05-13 13:28:14 +02:00
Austin Seipp
92f7781f00 kernel/grsecurity: stable/longterm/testing updates 
kernels:

  - longterm: 3.4.87  -> 3.4.88
  - longterm: 3.10.37 -> 3.10.38
  - stable:   3.13.10 -> 3.13.11
  - stable:   3.14.1  -> 3.14.2

grsecurity:

  - test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907

NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-27 08:41:42 -05:00
Ricardo M. Correia
efae8ce543 grsecurity: Update all patches 
stable:  3.0-3.2.57-201404182109            -> 3.0-3.2.57-201404241714
test:    3.0-3.14.1-201404201132            -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
 2014-04-25 04:41:58 +02:00
Ricardo M. Correia
f0e3775f2e linux: Add support for zram 2014-04-24 23:47:08 +02:00
Vladimír Čunát
116d52c6df linux-3.12: bump .17 -> .18 2014-04-24 20:02:34 +02:00
Ricardo M. Correia
5d5ca7b260 grsecurity: Update all patches 
stable:  3.0-3.2.57-201404131252            -> 3.0-3.2.57-201404182109
test:    3.0-3.13.10-201404141717           -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
 2014-04-21 18:46:41 +02:00
Eelco Dolstra
4e8c2f0ff9 Merge branch 'systemd-update' 2014-04-20 19:31:01 +02:00
Eelco Dolstra
5da309fcaa linux: Enable SND_DYNAMIC_MINORS 
This is necessary if you get:

  kernel: Too many HDMI devices
  kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
 2014-04-18 21:50:00 +02:00
Eelco Dolstra
3f01caa89f linux: Enable transparent hugepages 2014-04-16 22:40:07 +02:00
Austin Seipp
ba2f861f05 kernel: stable/longterm updates 
- stable:   3.14    -> 3.14.1
 - longterm: 3.10.36 -> 3.10.37
 - longterm: 3.4.86  -> 3.4.86

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-14 19:46:39 -05:00
Ricardo M. Correia
1b113178ee grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717 2014-04-15 00:16:29 +02:00
Ricardo M. Correia
3a1c9a2945 linux: Update to 3.13.10 2014-04-15 00:16:29 +02:00
Eelco Dolstra
73b4b287bb linux: Don't use underscores in the timestamp 2014-04-14 21:06:04 +02:00
Austin Seipp
788d9a13fb grsecurity: stable/vserver/testing updates 
- stable:  201404111812            -> 201404131252
 - vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
 - testing: 201404111815            -> 201404131254

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-13 13:11:17 -05:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875) 
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-11 22:43:51 -05:00
Austin Seipp
acbf28145c nixos: make several kernel common-config options optional 
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.

The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.

This is really just an arbitrary picking at the moment, but it should be
OK.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-11 22:39:29 -05:00
Ricardo M. Correia
5dfc6584a5 grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758 2014-04-10 00:37:33 +02:00
Ricardo M. Correia
c50abd0e13 linux: Update to 3.2.57 2014-04-10 00:37:33 +02:00
Austin Seipp
3ff158289a lockdep: refactor into non-kernel package 
Lockdep doesn't *really* require the kernel package - just the kernel
sources. It's really a user-space tool just compiled from some portable
code within the kernel, nothing more.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-08 19:21:55 -05:00
Austin Seipp
05ec851050 kernel: longterm updates 
- longterm: 3.4.85  -> 3.4.86
 - longterm: 3.10.35 -> 3.10.36
 - longterm: 3.12.15 -> 3.12.17

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-04-07 13:56:50 -05:00
Ricardo M. Correia
807fad571a grsecurity: Update stable and test patches 
stable: 3.0-3.2.56-201404012135 -> 3.0-3.2.56-201404062126
test:   3.0-3.13.8-201404011912 -> 3.0-3.13.9-201404062127
 2014-04-07 15:31:12 +02:00
Ricardo M. Correia
c494289c12 linux: Update to 3.13.9 2014-04-07 15:31:12 +02:00
Alexander Kjeldaas
c69eb7c2c1 Remove timestamp from the kernel. 2014-04-05 08:40:55 +02:00
Shea Levy
0c66dbaee6 Enable CC_STACKPROTECTOR_REGULAR on linux 3.14+ 2014-04-02 17:58:54 -04:00
Vladimír Čunát
8146737127 Merge #2090: add new lockdep tool from Linux 3.14 2014-04-02 20:55:30 +02:00
Ricardo M. Correia
52d233af22 grsecurity: Update stable patch from 3.0-3.2.55-201403300851 -> 3.0-3.2.56-201404012135 2014-04-02 15:11:33 +02:00
Ricardo M. Correia
e8c6c60b93 linux: Update to 3.2.56 2014-04-02 15:11:32 +02:00