suzanne.soy/nixpkgs
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Nix Packages collection
60,921 Commits 37 Branches 78 Tags 1.1 GiB
Nix 95.4%
Shell 2.6%
Python 0.6%
Perl 0.5%
C 0.3%
Other 0.2%
nixos/hardened
Go to file
Austin Seipp 26fa60ac55 Refactor grsecurity support. 
Nota bene: this probably does not work! Caveat emptor, etc.

This inverts the grsecurity builder, making it much simpler. Instead,
users just give a full description of the type of kernel they want to
build, and the result is an attribute set containing kernel and
kernelPackages results.

Now, in order to build a custom grsecurity kernel, you do something more
like:

    let
      kver  = "4.0.4";
      grver = "3.1-${kver}-201505222222";

      kernel = rec
        { version  = kver;
          localver = "-grsec";
          src      = fetchurl rec {
            name  = "linux-${kver}.tar.xz";
            url   = "mirror://kernel/linux/kernel/v4.x/${name}.tar.xz";
            sha256 = "1j5l87z6gd05cqzg680id0x1nk38kd6sjffd2lifl0fz5k6iqr9h";
        };
      };

      patches =
        [ fetchurl rec {
            name   = "grsecurity-${grver}.patch";
            url    = "https://grsecurity.net/test/grsecurity-${grver}.patch";
            sha256 = "0ampby10y3kr36f7rvzm5fdk9f2gcfmcdgkzf67b5kj78y52ypfz";
          }
        ];

      customGrsecKern = customGrsecKernelPackages { inherit kernel patches; };
    in
    {
      ...
      boot.kernelPackages = customGrsecKern.kernelPackages;
    }

Which is far more flexible and easier to think about; plus, it gives
full control over the kernel localver and modDirVer, as well as support
for other patches (because you may have other patches to apply on-top of
grsec, or you may bundle grsec with some other distribution, and still
need the builder support.) It also gives you full control of the kernel
tarball, in case you want to use e.g. libre-linux.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2015-05-25 10:58:26 -05:00
doc Update the ruby packaging docs to show how to bundle Ruby Gem-based 2015-03-31 19:04:42 +02:00
lib maintainers: Add dezgeg (Tuomas Tynkkynen) 2015-04-12 17:51:39 +03:00
maintainers Travis: disable tarball creating check, because travis can't handle it 2015-03-04 15:28:09 +01:00
nixos Refactor grsecurity support. 2015-05-25 10:58:26 -05:00
pkgs Refactor grsecurity support. 2015-05-25 10:58:26 -05:00
.gitignore gitignore: pkgs/development/libraries/qt-5/*/tmp/ 2015-02-21 11:39:20 -06:00
.travis.yml .travis.yml: add "sudo: required" to opt out of containers 2015-04-07 15:45:00 +02:00
.version release: 15.04 -> 15.05 2014-12-09 15:09:06 +01:00
COPYING * Applying an MIT-style license to Nixpkgs. 2006-04-25 16:50:34 +00:00
default.nix if we abort with too old Nix, hint docs 2015-01-21 21:41:40 +01:00
README.md add: logo 2015-04-06 20:10:25 +03:00

README.md

logo

Build Status Issue Stats Issue Stats

Nixpkgs is a collection of packages for Nix package manager.

NixOS linux distribution source code is located inside nixos/ folder.

Communication:

Throughput Graph