nixpkgs/pkgs/build-support/grsecurity/default.nix
Joachim Fasting 1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00

37 lines
761 B
Nix

{ stdenv
, lib
, overrideDerivation
# required for gcc plugins
, gmp, libmpc, mpfr
# the base kernel
, kernel
, grsecPatch
, kernelPatches ? []
, localver ? "-grsec"
, modDirVersion ? "${kernel.version}${localver}"
, extraConfig ? ""
, ...
} @ args:
assert (kernel.version == grsecPatch.kver);
overrideDerivation (kernel.override {
inherit modDirVersion;
kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []);
extraConfig = ''
GRKERNSEC y
PAX y
${extraConfig}
'';
ignoreConfigErrors = true;
}) (attrs: {
nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);
preConfigure = ''
echo ${localver} >localversion-grsec
${attrs.preConfigure or ""}
'';
})