This config value ensures that when booting through e.g. UEFI, the
existing framebuffer contents stay put until the first character is
printed. As the default NixOS stage-1 immediately outputs a welcome
message on init, this does not impact it, but it will allow for a cleaner boot when
configured as such.
With the fix in kernel configuration merging, some kernel configuration items
marked as mandatory now correctly trigger an error when unused (while they
previously were unused).
Since we select everything as a module, snd_hda_codec_ca0132 is built as
well. DSP loading is not enabled by default, but without it the
soundcard produces timeouts within ALSA and does not emit sound.
Explicitly enable the firmware loading to ensure Soundblaster
Z/Zx/ZxR/Recon devices can be used with NixOS.
The patch to enable this by default in the kernel is staged for 5.8.
This will switch the default TCP congestion control algorithm from
new Reno to CUBIC. CUBIC is the default since Linux kernel 2.6.19
(see 597811ec167fa) and most (all?) distributions keep this default
(e.g. Debian and Ubuntu). On NixOS the default was still new Reno
because generate-config.pl changes TCP_CONG_CUBIC from y to m (since we
try to build everything as a module by default).
To check the active and available algorithms:
$ sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = cubic
$ sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = cubic reno
Note: E.g. x86_64_defconfig sets TCP_CONG_CUBIC=y indirectly via
CONFIG_TCP_CONG_ADVANCED=y (but CUBIC is also the default if set to no,
see net/ipv4/Kconfig).
CONFIG_IP_MULTIPLE_TABLES is part of the default x86 kernel config but
absent from the Aarch64 one. Adding explicitely this flag together
with its dependency IP_ADVANCED_ROUTER.
Both of these config flags are needed to use the routing policy
facilities.
This reverts a small bit of af808bd82 from PR #73328. Fixes#79304:
tests.installer.simpleUefiSystemdBoot.x86_64-linux
I still don't know why the regression happened, but this feature doesn't
seem important enough to block channel now, though it reportedly helps
to mitigate spectre 2 attack CVE-2017-5715.
xdp socket support (AF_XDP) is the new way of implementing high
performance networking on linux. on arch linux and debian this is
already enabled (checked via the links from the nixos manual).
moreover, these flags are suggested by the bpf documentation at cilium:
https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel
additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help
spectre attack mitigations:
290af86629
Remove the "version" parameter in order to make it more widely
available.
Starts making some kernel configuration helpers available.
The intent is to be able to better build and check the linux kernel
configuration.
This allows to set queueing disciplines different than a simple fifo,
like fq_codel, which is the default in systemd since quite some time.
NET_SCHED is already set in the kernels x86_64_defconfig, but not on
arm/aarch64, so let's set it here.
These enable some power management settings. They are needed for [s-tui
to show power readings](https://github.com/amanusk/s-tui/issues/105).
The values chosen here match what Arch Linux has. In particular
the Intel specific code is loadable as a module rather than compiled in.
Fixes https://github.com/NixOS/nixpkgs/issues/58070, and brings NixOS
into line with Ubuntu/Fedora/Arch/etc.
Tested that all kernels in Nixpkgs that build before this change build
after it.
To quote block/Kconfig:
> Builds Logic for interfacing with Opal enabled controllers.
> Enabling this option enables users to setup/unlock/lock
> Locking ranges for SED devices using the Opal protocol.
Without `BLK_SED_OPAL`, it is impossible to resume from sleep when using
a locked self-encrypting drive.
This configuration option appeared in earlier kernels, but only reached
maturity in 4.14 according to discussion at:
- https://github.com/Drive-Trust-Alliance/sedutil/issues/90 and
- https://github.com/Drive-Trust-Alliance/sedutil/pull/190
This kernel option is enabled in the default kernels shipped with
Fedora, Debian, and other mainstream Linux distributions.
This should make the composability of kernel configurations more straigthforward.
- now distinguish freeform options from tristate ones
- will look for a structured config in kernelPatches too
one can now access the structuredConfig from a kernel via linux_test.configfile.structuredConfig
in order to reinject it into another kernel, no need to rewrite the config from scratch
The following merge strategies are used in case of conflict:
-- freeform items must be equal or they conflict (mergeEqualOption)
-- for tristate (y/m/n) entries, I use the mergeAnswer strategy which takes the best available value, "best" being defined by the user (by default "y" > "m" > "n", e.g. if one entry is both marked "y" and "n", "y" wins)
-- if one item is both marked optional/mandatory, mandatory wins (mergeFalseByDefault)
Instead of using a string to describe kernel config, use a nix
attribute set, then converted to a string.
- allows to override the config, aka convert 'yes' into 'modules' or
vice-versa
- while for now merging different configs is still crude (last spec wins),
at least there should be only one CONFIG_XYZ value compared to the current string
config where the first defined would be used and others ignored.
[initial idea by copumpkin in 2016, a major rebase to 2018 by teto]
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
Avoids the following warning:
File /.../systemd-journald.service:35 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
They got removed:
commit 003948c54e5b5034a9bbb4923336f5aba125eae6
Author: Benjamin Gilbert <benjamin.gilbert@coreos.com>
Date: Tue Jan 23 18:06:30 2018 -0800
USB: serial: keyspan: Drop firmware Kconfig options
The USB_SERIAL_KEYSPAN_* firmware options no longer do anything.
No reason to have complex version-dependent conditionals when the
question mark already handles this just as well.
Also add RUNTIME_TESTING_MENU setting which nicely disables all of this
on >= 4.16.
- defined buildLinux as generic.nix instead of manual-config.nix. This
makes kernel derivations a tad more similar to your typical derivations.
- moved $buildRoot to within the source folder, this way it doesn't have to be created before the unpackPhase
and make it easier to work on kernel source without running the unpackPhase
With this disabled, cameras would not get a `/dev/mediaX` entry matching
the `/dev/videoX` which broke any application (e.g: `uvcdynctrl -l`,
`media-ctl -p`) depending on this interface.
Since we don't have a split debug info output yet, don't waste time
writing several gigabytes of debug info that's all going to be stripped
out at the end.
This change only affects Aarch64 (where some joker has enabled it in the
architecture defconfig) and is a no-op on the others.
There is no maintainer for this package, probably not many users.
It requires effort to fix all third-party modules for this old kernel
versions. It might contain unpatched security holes.
For Pixel chromebooks, we have the samus-kernel.
Apart from that https://github.com/GalliumOS/linux might be a good choice.
There's an upstream build failure on ARM (not directly related to Xen
but rather some other config options it enables). The xen package is
x86_64-only anyways.
