nixpkgs/pkgs/os-specific/linux/wireguard/default.nix
Joachim Fasting ca465eeeb1
wireguard: disable build against -grsec kernels
Looks to be incompatible with the PaX constification plugin:

> /tmp/nix-build-wireguard-unstable-2016-08-08.drv-0/WireGuard-experimental-0.0.20160808/src/device.c:329:29: error: constified variable 'link_ops' placed into writable section ".data..read_mostly"
 static struct rtnl_link_ops link_ops __read_mostly = {

https://hydra.nixos.org/build/39671573/log/raw

See also https://github.com/NixOS/nixpkgs/issues/18209
2016-09-03 14:50:07 +02:00

61 lines
1.5 KiB
Nix

{ stdenv, fetchurl, libmnl, kernel ? null }:
# module requires Linux >= 4.1 https://www.wireguard.io/install/#kernel-requirements
assert kernel != null -> stdenv.lib.versionAtLeast kernel.version "4.1";
# module is incompatible with the PaX constification plugin
assert kernel != null -> !(kernel.features.grsecurity or false);
let
name = "wireguard-unstable-${version}";
version = "2016-08-08";
src = fetchurl {
url = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-experimental-0.0.20160808.tar.xz";
sha256 = "0z9s9xi8dzkmjnki7ialf2haxb0mn2x5676sjwmjij1jfi9ypxhw";
};
meta = with stdenv.lib; {
homepage = https://www.wireguard.io/;
downloadPage = https://git.zx2c4.com/WireGuard/refs/;
description = "Fast, modern, secure VPN tunnel";
maintainers = with maintainers; [ ericsagnes ];
license = licenses.gpl2;
platforms = platforms.linux;
};
module = stdenv.mkDerivation {
inherit src meta name;
preConfigure = ''
cd src
sed -i '/depmod/,+1d' Makefile
'';
hardeningDisable = [ "pic" ];
KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
INSTALL_MOD_PATH = "\${out}";
buildPhase = "make module";
};
tools = stdenv.mkDerivation {
inherit src meta name;
preConfigure = "cd src";
buildInputs = [ libmnl ];
makeFlags = [
"DESTDIR=$(out)"
"PREFIX=/"
"-C" "tools"
];
buildPhase = "make tools";
};
in if kernel == null
then tools
else module