nixpkgs/pkgs/os-specific/linux/kernel/patches.nix

{ stdenv, fetchurl, fetchgit, apparmor }:

let

  makeTuxonicePatch = { version, kernelVersion, sha256,
    url ? "http://tuxonice.nigelcunningham.com.au/downloads/all/tuxonice-for-linux-${kernelVersion}-${version}.patch.bz2" }:
    { name = "tuxonice-${kernelVersion}";
      patch = stdenv.mkDerivation {
        name = "tuxonice-${version}-for-${kernelVersion}.patch";
        src = fetchurl {
          inherit url sha256;
        };
        phases = [ "installPhase" ];
        installPhase = ''
          source $stdenv/setup
          bunzip2 -c $src > $out
        '';
      };
    };

  makeAufs3StandalonePatch = {version, rev, sha256}:

    stdenv.mkDerivation {
      name = "aufs3-standalone-${version}.patch";

      src = fetchgit {
        url = git://aufs.git.sourceforge.net/gitroot/aufs/aufs3-standalone.git;
        inherit sha256 rev;
      };

      phases = [ "unpackPhase" "installPhase" ];

      # Instructions from http://aufs.git.sourceforge.net/git/gitweb.cgi?p=aufs/aufs3-standalone.git;a=blob;f=Documentation/filesystems/aufs/README;h=b8cf077635b323d1b454266366f05f476bbd09cb;hb=1067b9d8d64d23c70d905c9cd3c90a669e39c4d4
      installPhase = ''
        cat aufs3-base.patch aufs3-proc_map.patch aufs3-standalone.patch > $out
      '';
    };

  makeAppArmorPatch = {apparmor, version}:
    stdenv.mkDerivation {
      name = "apparmor-${version}.patch";
      phases = ["installPhase"];
      installPhase = ''
        cat ${apparmor}/kernel-patches/${version}/* > $out
      '';
    };
in

rec {

  apparmor_3_2 = rec {
    version = "3.2";
    name = "apparmor-${version}";
    patch = makeAppArmorPatch { inherit apparmor version; };
    features.apparmor = true;
  };

  apparmor_3_4 = rec {
    version = "3.4";
    name = "apparmor-${version}";
    patch = makeAppArmorPatch { inherit apparmor version; };
    features.apparmor = true;
  };

  sec_perm_2_6_24 =
    { name = "sec_perm-2.6.24";
      patch = ./sec_perm-2.6.24.patch;
      features.secPermPatch = true;
    };

  aufs3_2 = rec {
    name = "aufs3.2";
    version = "3.2.20121210";
    utilRev = "91af15f977d12e02165759620005f6ce1a4d7602";
    utilHash = "dda4df89828dcf0e4012d88b4aa3eda8c30af69d6530ff5fedc2411de872c996";
    patch = makeAufs3StandalonePatch {
      inherit version;
      rev = "0bf50c3b82f98e2ddc4c9ba0657f28ebfa8d15cb";
      sha256 = "bc4b65cb77c62744db251da98488fdf4962f14a144c045cea6cbbbd42718ff89";
    };
    features.aufsBase = true;
    features.aufs3 = true;
  };

  aufs3_4 = rec {
    name = "aufs3.4";
    version = "3.4.20121210";
    utilRev = "91af15f977d12e02165759620005f6ce1a4d7602";
    utilHash = "dda4df89828dcf0e4012d88b4aa3eda8c30af69d6530ff5fedc2411de872c996";
    patch = makeAufs3StandalonePatch {
      inherit version;
      rev = "2faacd9baffb37df3b9062cc554353eebe68df1e";
      sha256 = "3ecf97468f5e85970d9fd2bfc61e38c7f5ae2c6dde0045d5a17de085c411d452";
    };
    features.aufsBase = true;
    features.aufs3 = true;
  };

  no_xsave =
    { name = "no-xsave";
      patch = ./no-xsave.patch;
      features.noXsave = true;
    };

  mips_fpureg_emu =
    { name = "mips-fpureg-emulation";
      patch = ./mips-fpureg-emulation.patch;
    };

  mips_fpu_sigill =
    { name = "mips-fpu-sigill";
      patch = ./mips-fpu-sigill.patch;
    };

  mips_ext3_n32 =
    { name = "mips-ext3-n32";
      patch = ./mips-ext3-n32.patch;
    };

  tuxonice_3_10 = makeTuxonicePatch {
    version = "2013-11-07";
    kernelVersion = "3.10.18";
    sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j";
  };


  grsecurity_2_9_1_3_2_52 =
    { name = "grsecurity-2.9.1-3.2.52";
      patch = fetchurl {
        url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.52-201310271550.patch;
        sha256 = "08y4y323y2lfvdj67gmg3ca8gaf3snhr3pyrmgvj877avaz0475m";
      };
      # The grsec kernel patch seems to include the apparmor patches as of 2.9.1-3.2.52
      features.apparmor = true;
    };

}
AppArmor: add a sample patched kernel. 2013-05-11 05:44:30 +00:00			`{ stdenv, fetchurl, fetchgit, apparmor }:`
* Use the kernel config generator for Linux 2.6.27. * Move kernel patches out of all-packages.nix to os-specific/linux/kernel/patches.nix. * Make the kernel config available under $out/config (it's also in $out/lib/modules/$version/build/.config, but that's kind of hard to find). svn path=/nixpkgs/branches/kernel-config/; revision=18937 2009-12-14 15:28:55 +00:00
			`let`

Adding tuxonice for some recent kernels. svn path=/nixpkgs/trunk/; revision=26447 2011-03-21 15:53:22 +00:00			`makeTuxonicePatch = { version, kernelVersion, sha256,`
TuxOnIce: Add a 3.10 linux kernel with the TuxOnIce hibernation patch 2013-11-19 20:36:55 +00:00			`url ? "http://tuxonice.nigelcunningham.com.au/downloads/all/tuxonice-for-linux-${kernelVersion}-${version}.patch.bz2" }:`
Adding tuxonice for some recent kernels. svn path=/nixpkgs/trunk/; revision=26447 2011-03-21 15:53:22 +00:00			`{ name = "tuxonice-${kernelVersion}";`
			`patch = stdenv.mkDerivation {`
			`name = "tuxonice-${version}-for-${kernelVersion}.patch";`
			`src = fetchurl {`
			`inherit url sha256;`
			`};`
			`phases = [ "installPhase" ];`
			`installPhase = ''`
			`source $stdenv/setup`
			`bunzip2 -c $src > $out`
			`'';`
			`};`
			`};`

* Remove broken tux-on-ice kernels. svn path=/nixpkgs/trunk/; revision=30619 2011-11-29 14:49:32 +00:00			`makeAufs3StandalonePatch = {version, rev, sha256}:`
linux-3.0: Add aufs3 patch svn path=/nixpkgs/trunk/; revision=29532 2011-09-28 20:48:08 +00:00
* Remove broken tux-on-ice kernels. svn path=/nixpkgs/trunk/; revision=30619 2011-11-29 14:49:32 +00:00			`stdenv.mkDerivation {`
			`name = "aufs3-standalone-${version}.patch";`
linux-3.0: Add aufs3 patch svn path=/nixpkgs/trunk/; revision=29532 2011-09-28 20:48:08 +00:00
* Remove broken tux-on-ice kernels. svn path=/nixpkgs/trunk/; revision=30619 2011-11-29 14:49:32 +00:00			`src = fetchgit {`
			`url = git://aufs.git.sourceforge.net/gitroot/aufs/aufs3-standalone.git;`
			`inherit sha256 rev;`
			`};`
linux-3.0: Add aufs3 patch svn path=/nixpkgs/trunk/; revision=29532 2011-09-28 20:48:08 +00:00
* Remove broken tux-on-ice kernels. svn path=/nixpkgs/trunk/; revision=30619 2011-11-29 14:49:32 +00:00			`phases = [ "unpackPhase" "installPhase" ];`
linux-3.0: Add aufs3 patch svn path=/nixpkgs/trunk/; revision=29532 2011-09-28 20:48:08 +00:00
* Remove broken tux-on-ice kernels. svn path=/nixpkgs/trunk/; revision=30619 2011-11-29 14:49:32 +00:00			`# Instructions from http://aufs.git.sourceforge.net/git/gitweb.cgi?p=aufs/aufs3-standalone.git;a=blob;f=Documentation/filesystems/aufs/README;h=b8cf077635b323d1b454266366f05f476bbd09cb;hb=1067b9d8d64d23c70d905c9cd3c90a669e39c4d4`
			`installPhase = ''`
			`cat aufs3-base.patch aufs3-proc_map.patch aufs3-standalone.patch > $out`
			`'';`
			`};`
linux-3.0: Add aufs3 patch svn path=/nixpkgs/trunk/; revision=29532 2011-09-28 20:48:08 +00:00
AppArmor: add a sample patched kernel. 2013-05-11 05:44:30 +00:00			`makeAppArmorPatch = {apparmor, version}:`
			`stdenv.mkDerivation {`
			`name = "apparmor-${version}.patch";`
			`phases = ["installPhase"];`
			`installPhase = ''`
			`cat ${apparmor}/kernel-patches/${version}/* > $out`
			`'';`
			`};`
* Use the kernel config generator for Linux 2.6.27. * Move kernel patches out of all-packages.nix to os-specific/linux/kernel/patches.nix. * Make the kernel config available under $out/config (it's also in $out/lib/modules/$version/build/.config, but that's kind of hard to find). svn path=/nixpkgs/branches/kernel-config/; revision=18937 2009-12-14 15:28:55 +00:00			`in`

Suffixed cifs timeout patch with kernel version. Currently suffixed with 2.6.32. This pre-patch prepares the landing of several versions of this patch to support other Linux kernel versions. svn path=/nixpkgs/trunk/; revision=27709 2011-07-11 13:59:40 +00:00			`rec {`
* Use the kernel config generator for Linux 2.6.27. * Move kernel patches out of all-packages.nix to os-specific/linux/kernel/patches.nix. * Make the kernel config available under $out/config (it's also in $out/lib/modules/$version/build/.config, but that's kind of hard to find). svn path=/nixpkgs/branches/kernel-config/; revision=18937 2009-12-14 15:28:55 +00:00
apparmor patch: should have a name, broke nixpkgs tarball 2013-05-12 11:11:49 +00:00			`apparmor_3_2 = rec {`
			`version = "3.2";`
			`name = "apparmor-${version}";`
			`patch = makeAppArmorPatch { inherit apparmor version; };`
AppArmor: add a sample patched kernel. 2013-05-11 05:44:30 +00:00			`features.apparmor = true;`
			`};`

apparmor: Update to kernel 3.4 series (the current default) 2013-07-21 02:14:16 +00:00			`apparmor_3_4 = rec {`
			`version = "3.4";`
			`name = "apparmor-${version}";`
			`patch = makeAppArmorPatch { inherit apparmor version; };`
			`features.apparmor = true;`
			`};`

* Use the kernel config generator for Linux 2.6.27. * Move kernel patches out of all-packages.nix to os-specific/linux/kernel/patches.nix. * Make the kernel config available under $out/config (it's also in $out/lib/modules/$version/build/.config, but that's kind of hard to find). svn path=/nixpkgs/branches/kernel-config/; revision=18937 2009-12-14 15:28:55 +00:00			`sec_perm_2_6_24 =`
			`{ name = "sec_perm-2.6.24";`
			`patch = ./sec_perm-2.6.24.patch;`
			`features.secPermPatch = true;`
			`};`

linux kernel 3.2 : added aufs patches svn path=/nixpkgs/trunk/; revision=32483 2012-02-22 20:29:18 +00:00			`aufs3_2 = rec {`
			`name = "aufs3.2";`
aufs3: upgrade to 1210 release, add linux-3.7 support 2012-12-13 10:45:11 +00:00			`version = "3.2.20121210";`
linux aufs3: upgrade patch and utils to 20120827 for all 3.x kernels 2012-09-16 08:52:22 +00:00			`utilRev = "91af15f977d12e02165759620005f6ce1a4d7602";`
			`utilHash = "dda4df89828dcf0e4012d88b4aa3eda8c30af69d6530ff5fedc2411de872c996";`
linux kernel 3.2 : added aufs patches svn path=/nixpkgs/trunk/; revision=32483 2012-02-22 20:29:18 +00:00			`patch = makeAufs3StandalonePatch {`
			`inherit version;`
aufs3: upgrade to 1210 release, add linux-3.7 support 2012-12-13 10:45:11 +00:00			`rev = "0bf50c3b82f98e2ddc4c9ba0657f28ebfa8d15cb";`
			`sha256 = "bc4b65cb77c62744db251da98488fdf4962f14a144c045cea6cbbbd42718ff89";`
linux kernel 3.2 : added aufs patches svn path=/nixpkgs/trunk/; revision=32483 2012-02-22 20:29:18 +00:00			`};`
			`features.aufsBase = true;`
			`features.aufs3 = true;`
			`};`

linux kernel aufs (needed for livecd): added to 3.4 upgraded 3.3 version to stable svn path=/nixpkgs/trunk/; revision=34468 2012-06-11 17:41:05 +00:00			`aufs3_4 = rec {`
			`name = "aufs3.4";`
aufs3: upgrade to 1210 release, add linux-3.7 support 2012-12-13 10:45:11 +00:00			`version = "3.4.20121210";`
linux kernel aufs (needed for livecd): added to 3.4 upgraded 3.3 version to stable svn path=/nixpkgs/trunk/; revision=34468 2012-06-11 17:41:05 +00:00			`utilRev = "91af15f977d12e02165759620005f6ce1a4d7602";`
			`utilHash = "dda4df89828dcf0e4012d88b4aa3eda8c30af69d6530ff5fedc2411de872c996";`
			`patch = makeAufs3StandalonePatch {`
			`inherit version;`
aufs3: upgrade to 1210 release, add linux-3.7 support 2012-12-13 10:45:11 +00:00			`rev = "2faacd9baffb37df3b9062cc554353eebe68df1e";`
			`sha256 = "3ecf97468f5e85970d9fd2bfc61e38c7f5ae2c6dde0045d5a17de085c411d452";`
Linux 3.3-rc7 svn path=/nixpkgs/trunk/; revision=33007 2012-03-12 02:19:05 +00:00			`};`
			`features.aufsBase = true;`
			`features.aufs3 = true;`
			`};`

* Apply a patch that is apparently required to make the kernel work properly on Amazon EC2. * Always apply the CIFS timeout patch. It's rather annoying to have to build a separate kernel for the VM tests. svn path=/nixpkgs/trunk/; revision=22630 2010-07-18 21:10:46 +00:00			`no_xsave =`
			`{ name = "no-xsave";`
Linux no-xsave.patch: commit patch into Nixpkgs since fetchurl no longer works Patch submitted by Jan Malakhovski <oxij@oxij.org>. 2012-07-02 14:16:27 +00:00			`patch = ./no-xsave.patch;`
* Apply a patch that is apparently required to make the kernel work properly on Amazon EC2. * Always apply the CIFS timeout patch. It's rather annoying to have to build a separate kernel for the VM tests. svn path=/nixpkgs/trunk/; revision=22630 2010-07-18 21:10:46 +00:00			`features.noXsave = true;`
* In the VM tests, apply a patch to increase the 15s timeout on CIFS operations to 120s. This is necessary if the host is heavily loaded. For instance, in the Hydra build farm, if there are many concurrent jobs, VM builds often fail because they hit the timeout. svn path=/nixpkgs/trunk/; revision=22347 2010-06-20 20:52:08 +00:00			`};`
* Ensure that the dell-bluetooth device does not stay in the "hard blocked" state. svn path=/nixpkgs/branches/x-updates/; revision=22730 2010-07-25 12:15:59 +00:00
Adding two kernel patches for mips, that make the life easier on loongson2f (less sigill, less sigbus). Related to bad handling of FPU instructions. I apply them only to linux 3.4, although I think they can apply to many older kernels too. svn path=/nixpkgs/trunk/; revision=34522 2012-06-16 10:49:03 +00:00			`mips_fpureg_emu =`
			`{ name = "mips-fpureg-emulation";`
			`patch = ./mips-fpureg-emulation.patch;`
			`};`

			`mips_fpu_sigill =`
			`{ name = "mips-fpu-sigill";`
			`patch = ./mips-fpu-sigill.patch;`
			`};`

mips linux: Adding a patch to fix an ext3 bug in 3.5 and 3.6 I made it apply to all Mips, although the bug works only for n32 and o32 ABIs. We don't support any n64 by now. 2012-11-05 23:16:13 +00:00			`mips_ext3_n32 =`
			`{ name = "mips-ext3-n32";`
			`patch = ./mips-ext3-n32.patch;`
			`};`

TuxOnIce: Add a 3.10 linux kernel with the TuxOnIce hibernation patch 2013-11-19 20:36:55 +00:00			`tuxonice_3_10 = makeTuxonicePatch {`
			`version = "2013-11-07";`
			`kernelVersion = "3.10.18";`
			`sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j";`
			`};`


grsecurity: Update to 2.9.1-3.2.52-201310271550 2013-10-29 12:18:44 +00:00			`grsecurity_2_9_1_3_2_52 =`
			`{ name = "grsecurity-2.9.1-3.2.52";`
Style fix 2013-07-31 22:20:20 +00:00			`patch = fetchurl {`
grsecurity: Update to 2.9.1-3.2.52-201310271550 2013-10-29 12:18:44 +00:00			`url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.52-201310271550.patch;`
			`sha256 = "08y4y323y2lfvdj67gmg3ca8gaf3snhr3pyrmgvj877avaz0475m";`
Style fix 2013-07-31 22:20:20 +00:00			`};`
grsecurity: Update to 2.9.1-3.2.52-201310271550 2013-10-29 12:18:44 +00:00			`# The grsec kernel patch seems to include the apparmor patches as of 2.9.1-3.2.52`
grsecurity: generate linuxPackages and declare that apparmor is included 2013-08-05 18:09:12 +00:00			`features.apparmor = true;`
Add linux 3.2.48 with grsecurity patches 2013-07-22 19:44:31 +00:00			`};`

* Use the kernel config generator for Linux 2.6.27. * Move kernel patches out of all-packages.nix to os-specific/linux/kernel/patches.nix. * Make the kernel config available under $out/config (it's also in $out/lib/modules/$version/build/.config, but that's kind of hard to find). svn path=/nixpkgs/branches/kernel-config/; revision=18937 2009-12-14 15:28:55 +00:00			`}`