linux: Init 4.18

This commit is contained in:
Tim Steinbach 2018-08-12 19:42:11 -04:00
parent c9035c6e12
commit 9236990057
No known key found for this signature in database
GPG Key ID: 472BFCCA96BD0EDA
3 changed files with 44 additions and 12 deletions

View File

@ -103,16 +103,17 @@ PAGE_POISONING_ZERO y
PANIC_ON_OOPS y
PANIC_TIMEOUT -1
GCC_PLUGINS y # Enable gcc plugin options
${optionalString (versionOlder version "4.18") ''
GCC_PLUGINS y # Enable gcc plugin options
# Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
GCC_PLUGIN_LATENT_ENTROPY y
# Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
GCC_PLUGIN_LATENT_ENTROPY y
${optionalString (versionAtLeast version "4.11") ''
GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
''}
${optionalString (versionAtLeast version "4.14") ''
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
${optionalString (versionAtLeast version "4.11") ''
GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
''}
${optionalString (versionAtLeast version "4.14") ''
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
''}
''}
# Disable various dangerous settings
@ -121,8 +122,10 @@ PROC_KCORE n # Exposes kernel text image layout
INET_DIAG n # Has been used for heap based attacks in the past
# Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
CC_STACKPROTECTOR_REGULAR n
CC_STACKPROTECTOR_STRONG y
${optionalString (versionOlder version "4.18") ''
CC_STACKPROTECTOR_REGULAR n
CC_STACKPROTECTOR_STRONG y
''}
# Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE
${optionalString (versionAtLeast version "4.13") ''

View File

@ -0,0 +1,18 @@
{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args:
with stdenv.lib;
buildLinux (args // rec {
version = "4.18";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg;
# branchVersion needs to be x.y
extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version)));
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
sha256 = "1wgay4k8wj08fc711j290fvi81x75yib8iaa6r7csc7mkvsbrn0r";
};
} // (args.argsOverride or {}))

View File

@ -13863,6 +13863,16 @@ with pkgs;
];
};
linux_4_18 = callPackage ../os-specific/linux/kernel/linux-4.18.nix {
kernelPatches =
[ kernelPatches.bridge_stp_helper
# See pkgs/os-specific/linux/kernel/cpu-cgroup-v2-patches/README.md
# when adding a new linux version
# kernelPatches.cpu-cgroup-v2."4.11"
kernelPatches.modinst_arg_list_too_long
];
};
linux_testing = callPackage ../os-specific/linux/kernel/linux-testing.nix {
kernelPatches = [
kernelPatches.bridge_stp_helper
@ -14056,7 +14066,7 @@ with pkgs;
linux = linuxPackages.kernel;
# Update this when adding the newest kernel major version!
linuxPackages_latest = linuxPackages_4_17;
linuxPackages_latest = linuxPackages_4_18;
linux_latest = linuxPackages_latest.kernel;
# Build the kernel modules for the some of the kernels.
@ -14067,6 +14077,7 @@ with pkgs;
linuxPackages_4_9 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_9);
linuxPackages_4_14 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_14);
linuxPackages_4_17 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_17);
linuxPackages_4_18 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_18);
# Don't forget to update linuxPackages_latest!
# Intentionally lacks recurseIntoAttrs, as -rc kernels will quite likely break out-of-tree modules and cause failed Hydra builds.