suzanne.soy/nixpkgs
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

linux: fix kernel config options

Browse Source 
Some of the options didn't have correct kernel version constraints,
others had been removed or made optional unnecessarily in #84032.
This commit is contained in:
Ricardo M. Correia 2020-05-26 14:09:20 +02:00
parent 6e9bb30566
commit 9dd9bc7bcc
1 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -63,7 +63,7 @@ let
PM_WAKELOCKS = yes; PM_WAKELOCKS = yes;
# Power-capping framework and support for INTEL RAPL # Power-capping framework and support for INTEL RAPL
POWERCAP = yes; POWERCAP = yes;
INTEL_RAPL = module; INTEL_RAPL = whenAtLeast "5.3" module;
}; };
external-firmware = { external-firmware = {
@ -120,7 +120,7 @@ let
HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes;
BPF_STREAM_PARSER = whenAtLeast "4.19" yes; BPF_STREAM_PARSER = whenAtLeast "4.19" yes;
XDP_SOCKETS = whenAtLeast "4.19" yes; XDP_SOCKETS = whenAtLeast "4.19" yes;
XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes; XDP_SOCKETS_DIAG = whenAtLeast "5.1" yes;
WAN = yes; WAN = yes;
TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19 TCP_CONG_CUBIC = yes; # This is the default congestion control algorithm since 2.6.19
# Required by systemd per-cgroup firewalling # Required by systemd per-cgroup firewalling
@ -167,13 +167,18 @@ let
NF_CONNTRACK_TIMEOUT = yes; NF_CONNTRACK_TIMEOUT = yes;
NF_CONNTRACK_TIMESTAMP = yes; NF_CONNTRACK_TIMESTAMP = yes;
NETFILTER_NETLINK_GLUE_CT = yes; NETFILTER_NETLINK_GLUE_CT = yes;
NF_TABLES_INET = whenAtLeast "4.19" yes; NF_TABLES_INET = mkMerge [ (whenOlder "4.17" module)
NF_TABLES_NETDEV = whenAtLeast "4.19" yes; (whenAtLeast "4.17" yes) ];
NF_TABLES_NETDEV = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
# IP: Netfilter Configuration # IP: Netfilter Configuration
NF_TABLES_IPV4 = yes; NF_TABLES_IPV4 = mkMerge [ (whenOlder "4.17" module)
NF_TABLES_ARP = whenAtLeast "4.19" yes; (whenAtLeast "4.17" yes) ];
NF_TABLES_ARP = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
# IPv6: Netfilter Configuration # IPv6: Netfilter Configuration
NF_TABLES_IPV6 = yes; NF_TABLES_IPV6 = mkMerge [ (whenOlder "4.17" module)
(whenAtLeast "4.17" yes) ];
# Bridge Netfilter Configuration # Bridge Netfilter Configuration
NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes) NF_TABLES_BRIDGE = mkMerge [ (whenBetween "4.19" "5.3" yes)
(whenAtLeast "5.3" module) ]; (whenAtLeast "5.3" module) ];
@ -183,7 +188,8 @@ let
NET_DROP_MONITOR = yes; NET_DROP_MONITOR = yes;
# needed for ss # needed for ss
INET_DIAG = yes; INET_DIAG = module;
INET_TCP_DIAG = module;
INET_UDP_DIAG = module; INET_UDP_DIAG = module;
INET_RAW_DIAG = whenAtLeast "4.14" module; INET_RAW_DIAG = whenAtLeast "4.14" module;
INET_DIAG_DESTROY = whenAtLeast "4.9" yes; INET_DIAG_DESTROY = whenAtLeast "4.9" yes;
@ -364,7 +370,7 @@ let
CIFS_STATS = whenOlder "4.19" yes; CIFS_STATS = whenOlder "4.19" yes;
CIFS_WEAK_PW_HASH = yes; CIFS_WEAK_PW_HASH = yes;
CIFS_UPCALL = yes; CIFS_UPCALL = yes;
CIFS_ACL = option yes; CIFS_ACL = whenOlder "5.3" yes;
CIFS_DFS_UPCALL = yes; CIFS_DFS_UPCALL = yes;
CIFS_SMB2 = whenOlder "4.13" yes; CIFS_SMB2 = whenOlder "4.13" yes;
@ -395,7 +401,7 @@ let
DEBUG_SET_MODULE_RONX = { optional = true; tristate = whenOlder "4.11" "y"; }; DEBUG_SET_MODULE_RONX = { optional = true; tristate = whenOlder "4.11" "y"; };
RANDOMIZE_BASE = option yes; RANDOMIZE_BASE = option yes;
STRICT_DEVMEM = option yes; # Filter access to /dev/mem STRICT_DEVMEM = option yes; # Filter access to /dev/mem
SECURITY_SELINUX_BOOTPARAM_VALUE = option (freeform "0"); # Disable SELinux by default SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default
# Prevent processes from ptracing non-children processes # Prevent processes from ptracing non-children processes
SECURITY_YAMA = option yes; SECURITY_YAMA = option yes;
DEVKMEM = mkIf (!features.grsecurity) no; # Disable /dev/kmem DEVKMEM = mkIf (!features.grsecurity) no; # Disable /dev/kmem
@ -707,8 +713,9 @@ let
KEXEC_FILE = option yes; KEXEC_FILE = option yes;
KEXEC_JUMP = option yes; KEXEC_JUMP = option yes;
PARTITION_ADVANCED = yes; # Needed for LDM_PARTITION
# Windows Logical Disk Manager (Dynamic Disk) support # Windows Logical Disk Manager (Dynamic Disk) support
LDM_PARTITION = option yes; LDM_PARTITION = yes;
LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback LOGIRUMBLEPAD2_FF = yes; # Logitech Rumblepad 2 force feedback
LOGO = no; # not needed LOGO = no; # not needed
MEDIA_ATTACH = yes; MEDIA_ATTACH = yes;
@ -793,7 +800,7 @@ let
SUN8I_DE2_CCU = whenAtLeast "4.13" yes; SUN8I_DE2_CCU = whenAtLeast "4.13" yes;
# See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647 # See comments on https://github.com/NixOS/nixpkgs/commit/9b67ea9106102d882f53d62890468071900b9647
CRYPTO_AEGIS128_SIMD = no; CRYPTO_AEGIS128_SIMD = whenAtLeast "5.4" no;
}; };
}; };
in in