Commit Graph

407 Commits

Author SHA1 Message Date
Sandro Jäckel
8547db919a
treewide: switch `builtins.fromJSON(builtins.readFile ./file.json)` to lib.importJSON ./file.json 2021-11-03 14:43:52 +01:00
Maximilian Bosch
bb5aa0109b
linux: build hardened kernel with matching releases
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].

This change aims to provide a solution this issue:

* The hardened patchset now references the kernel version it's released
  for (including a sha256 hash for the fixed-output path of the source
  tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
  now, but also overrides version & src to match the kernel version the
  patch was built & tested for.

Refs #140281

[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all
2021-10-20 23:51:52 +02:00
Yurii Matsiuk
2f0d1e41e2
Revert "linux: fix regression in bridge VLAN configuration"
This reverts commit 24a08441d5.
2021-07-02 15:10:00 +02:00
TredwellGit
24a08441d5 linux: fix regression in bridge VLAN configuration 2021-06-21 18:52:06 +00:00
Guillaume Girol
04af7c02cd
Merge pull request #108725 from veehaitch/ath_regd_optional
kernelPatches: ath driver: allow setting regulatory domain
2021-01-30 14:07:25 +00:00
Atemu
88f877e07d kernelPatches: drop export_kernel_fpu_functions
Hasn't been necessary since ZFS 0.8.3
2021-01-27 18:06:01 -05:00
Tim Steinbach
071750d412 linux-hardened: Remove tag patch 2021-01-24 18:17:56 -05:00
Tim Steinbach
18b09d883f
linux: 5.11-rc2 -> 5.11-rc3 2021-01-11 11:10:07 -05:00
Vincent Haupert
af8abf141d
kernelPatches: ath driver: allow setting regulatory domain
Ports an OpenWRT patch for Atheros wireless drivers (ath*) which allows
the user to change the regulatory domain code to the one which actually
applies.

All Atheros devices have a regulatory domain burned into their EEPROM.
When using a device as AP, this domain is frequently overly restrictive
when compared to the regulation which applies in the country the device
actually operates in; often, this restriction disallows IR on all
channels making it impossible to use the device as an AP at all.

This commit introduces the NixOS config option
networking.wireless.athUserRegulatoryDomain which, if enabled, applies
the patch and sets the kernel config option ATH_USER_REGD.

The original OpenWRT patch targets Linux 5.8.
2021-01-08 02:20:08 +01:00
Tim Steinbach
4312cd74f1 linux-hardened: Track extra version
Fixes #108707
2021-01-07 18:23:57 -05:00
Tim Steinbach
f284b44089
linux: 5.11-rc1 -> 5.11-rc2
Added temporary patch for a syntax error in the wireless drivers
2021-01-04 13:41:30 -05:00
Eduard Bopp
6ac71f593d linux: backport support for RTL8761b to 5.4 2020-12-20 14:36:07 +01:00
Orivej Desh
4376b91b40 linux-rt_5_9: export symbols needed by zfs
Upstream issue: https://github.com/openzfs/zfs/issues/11097#issuecomment-740682245
2020-12-10 10:34:44 +00:00
Emily
d6fe0a4e2d linux/hardened: move files into directory 2020-05-08 15:49:35 +01:00
Emily
2c1db9649e linux_*_hardened: index patches by major kernel version
This will avoid breaking the build whenever a non-major kernel update
happens. In the update script, we map each kernel version to the latest
patch for the latest kernel version less than or equal to what we
have packaged.
2020-04-23 18:50:26 +01:00
Emily
0d4f35efd4 linux_*_hardened: use linux-hardened patch set
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.

The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
2020-04-17 16:13:39 +01:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Tim Steinbach
baa243d508
linux: Fix request-key for 4.4 and 4.9 2019-12-22 19:51:16 -05:00
Kai Wohlfahrt
ea55a2d8a9 linux: patch request-key binary path
This is necessary for id mapping to work with NFS + Kerberos, and also
touches #68106 and 634638.
2019-12-12 12:23:30 +00:00
Jörg Thalheim
96097ab665
linux: update fpu patches for 5.3
At the moment we experience bad instabilities with linux 5.3:

https://github.com/zfsonlinux/zfs/issues/9346

as the zfs-native method of disabling the FPU is buggy.
2019-10-03 11:13:28 +01:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Samuel Leathers
13d5fc4232
kernelPatches: mac nvme t2 support 2019-08-20 14:22:28 -04:00
Jörg Thalheim
7b77c27caa
linux_5_0: restore __kernel_fpu_{begin,restore}
In 5.0er these function were removed from the public interface also zfs needs
them for AVX/AES-NI support. Without this patch for example throughput on a
encrypted zfs dataset drops to 200 MB/s from 1.2 GB/s. These functions were
removed as their was no user within the linux kernel tree itself.
2019-05-06 14:14:40 +01:00
Tim Steinbach
c08aa32c90
linux: Remove i2c-oops patch 2019-04-27 08:08:33 -04:00
Ambroz Bizjak
a9c40eef1f
Fix kernel oops on boot due to bug in i2c driver.
https://github.com/NixOS/nixpkgs/issues/60126
https://lkml.org/lkml/2019/4/24/1123

The patch should be removed in the next round of stable releases because the fix should be included.

(cherry picked from commit 1e8a0805890fbb1cce1aa751296c82342b0cae7e)
2019-04-25 20:24:34 -04:00
Tim Steinbach
d607715ab3
linux: 5.0-rc6 -> 5.0-rc7
Also remove interpreter truncation patch, no longer needed in package tree.
2019-02-18 21:11:21 -05:00
Edmund Wu
f0b8a113dd linux: allow for interpreter to be truncated
via https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb5b020a8d38f77209d0472a0fea755299a8ec78
see https://github.com/NixOS/nixpkgs/issues/53672
2019-02-14 21:01:00 -05:00
Samuel Dionne-Riel
09af2fb9e0 linux: Removes the previously removed raspberry pi patch
There seems to have been an oopsie with the rebase.
2019-02-02 14:29:01 -05:00
Samuel Dionne-Riel
196af4b359 Revert "linuxPackages_4_{19,20}: works around bug with overlayfs."
This reverts commit de86af48faa03a824917ac90f4776481c7ce9e54.

(Manual revert due to conflicts.)

See #54509

The patch is causing overlayfs to misbehave.
2019-02-02 12:18:16 -05:00
Tim Steinbach
705207ec9b
linux: 4.20.5 -> 4.20.6 2019-01-31 07:19:07 -05:00
Bastian Köcher
a90fc6d3ef linux: Adds patch for fixing wifi on raspberry pi 2019-01-09 11:18:09 +01:00
Ivan Kozik
1c8fea18e2 kernel/patches.nix: remove hard tabs 2018-12-28 09:06:56 +01:00
Samuel Dionne-Riel
889ef35303 linuxPackages_4_{19,20}: works around bug with overlayfs.
See: https://github.com/NixOS/nixpkgs/issues/48828#issuecomment-445208626
2018-12-26 22:51:31 +00:00
Tim Steinbach
5fccac2b8d
kernel: Remove Copperhead
The patches are unmaintained and suggest a false sense of security
2018-09-03 11:18:11 -04:00
Bastian Köcher
fb33305423 linux-kernel: Removes bcm2835_mmal_v4l2_camera_driver patch
The patch was only required for kernel 4.16.
2018-08-06 17:36:18 +03:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
talyz
656335cd8b linux: Temporary fix for issue #42755
Fix a serious issue with the xen-netfront driver introduced in
upstream commit f599c64fdf7d ("xen-netfront: Fix race between device
setup and open") where the MTU of the device cannot be set
properly. This should be removed once it's included in upstream.
2018-07-07 10:08:57 +02:00
Tim Steinbach
a444dcad03
linux-copperhead: LTS based on regular 4.14 2018-06-10 21:00:47 -04:00
Tim Steinbach
5c4a404b0d
linux-copperhead: 4.16.12.a -> 4.16.13.a 2018-06-04 10:22:39 -04:00
Yegor Timoshenko
59edce6414 kernel: drop tuxOnIce patch (#40411)
Hasn't been updated since 3.14, abandoned by its author, not actually used despite being inside a let binding.
2018-05-13 02:16:59 +02:00
Tuomas Tynkkynen
83b3e6d705 kernel: Drop bitrotted MIPS patches
Not a single one of these applies to even 4.4 anymore, so these have
clearly bitrotted a long, long time ago.
2018-05-11 12:27:31 +03:00
Bastian Köcher
438631e401 kernelPatches: Adds bcm2835_mmal_v4l2_camera_driver
The kernel patch is required for raspberry pi, to enable the camera
module.

[dezgeg: Add some comments indicating it's only needed for 4.16]
2018-04-16 04:26:02 +03:00
Shea Levy
cb025f2285
linux_riscv: Move patches to my Linux fork.
All patches there are also submitted upstream and will be removed if
rejected.

Also includes some fixes to get module loading working.
2018-02-23 05:53:31 -05:00
Shea Levy
39ff498418
kernelPatches: Add pointer to ml threads for riscv patches. 2018-02-20 11:26:44 -05:00
Shea Levy
f8b5b93b88
linux_riscv: Add patches for initrd support 2018-02-20 09:18:17 -05:00
Shea Levy
6173f2f945
linux_riscv: Add 4.16-rc1.
Fixes #35148.
2018-02-19 12:14:22 -05:00
Florian Klink
f919c7faec linux_4_14: fix iwlwifi fw reset
Currently, moving to kernel_4_14 breaks at least Intel Wireless 8260 and
8265 cards due to a API change in the firmware, which is not yet honored
in the driver.
2017-11-15 11:30:24 +00:00
Matthieu Coudron
7dce131b86 kernelmptcp: 0.91.3 -> 0.92.1 2017-11-02 13:14:57 +01:00
Jörg Thalheim
44f93731d6 linux_chromiumos_3_18: remove kernel due lack of maintainer/breakage
There is no maintainer for this package, probably not many users.
It requires effort to fix all third-party modules for this old kernel
versions. It might contain unpatched security holes.

For Pixel chromebooks, we have the samus-kernel.
Apart from that https://github.com/GalliumOS/linux might be a good choice.
2017-09-05 14:42:23 +02:00