From 3a2ee6e5c3bfae64c604859c7cc1ee6b069ea5b5 Mon Sep 17 00:00:00 2001
From: Jan Malakhovski <oxij@oxij.org>
Date: Fri, 15 Sep 2017 21:07:24 +0000
Subject: [PATCH 1/3] linuxPackages: introduce `hardenedLinuxPackagesFor` and
 cleanup some expressions using it

---
 ...head.nix => linux-copperhead-hardened.nix} |  0
 pkgs/top-level/all-packages.nix               | 26 +++++++++----------
 2 files changed, 12 insertions(+), 14 deletions(-)
 rename pkgs/os-specific/linux/kernel/{linux-hardened-copperhead.nix => linux-copperhead-hardened.nix} (100%)

diff --git a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix b/pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix
similarity index 100%
rename from pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
rename to pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 12b00338723a..eeff517ebf17 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12876,16 +12876,12 @@ with pkgs;
       ];
   };
 
-  linux_hardened_copperhead = callPackage ../os-specific/linux/kernel/linux-hardened-copperhead.nix {
+  linux_copperhead = callPackage ../os-specific/linux/kernel/linux-copperhead-hardened.nix {
     kernelPatches = with kernelPatches; [
       kernelPatches.bridge_stp_helper
       kernelPatches.modinst_arg_list_too_long
       kernelPatches.tag_hardened
     ];
-    extraConfig = import ../os-specific/linux/kernel/hardened-config.nix {
-      inherit stdenv;
-      inherit (linux_hardened_copperhead) version;
-    };
   };
 
   # linux mptcp is based on the 4.4 kernel
@@ -13019,8 +13015,6 @@ with pkgs;
     ];
   };
 
-  linux_samus_latest = linux_samus_4_12;
-
   /* Linux kernel modules are inherently tied to a specific kernel.  So
      rather than provide specific instances of those packages for a
      specific kernel, we have a function that builds those packages
@@ -13172,7 +13166,6 @@ with pkgs;
 
   # Build the kernel modules for the some of the kernels.
   linuxPackages_beagleboard = linuxPackagesFor pkgs.linux_beagleboard;
-  linuxPackages_hardened_copperhead = linuxPackagesFor pkgs.linux_hardened_copperhead;
   linuxPackages_mptcp = linuxPackagesFor pkgs.linux_mptcp;
   linuxPackages_rpi = linuxPackagesFor pkgs.linux_rpi;
   linuxPackages_4_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_4);
@@ -13198,19 +13191,24 @@ with pkgs;
   linuxPackages_latest_xen_dom0 = recurseIntoAttrs (linuxPackagesFor (pkgs.linux_latest.override { features.xen_dom0=true; }));
 
   # Hardened linux
-  linux_hardened = let linux = pkgs.linuxPackages_latest.kernel; in linux.override {
+  hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override {
     extraConfig = import ../os-specific/linux/kernel/hardened-config.nix {
       inherit stdenv;
-      inherit (linux) version;
+      inherit (kernel) version;
     };
-  };
+  });
 
-  linuxPackages_hardened =
-    recurseIntoAttrs (linuxPackagesFor linux_hardened);
+  linuxPackages_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_latest);
+  linux_hardened = linuxPackages_hardened.kernel;
+
+  linuxPackages_copperhead_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_copperhead);
+  linux_copperhead_hardened = linuxPackages_copperhead_hardened.kernel;
+  linux_hardened_copperhead = linux_copperhead_hardened; # alias for backward compatibility
 
   # Samus kernels
   linuxPackages_samus_4_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_samus_4_12);
-  linuxPackages_samus_latest = recurseIntoAttrs (linuxPackagesFor pkgs.linux_samus_latest);
+  linuxPackages_samus_latest = linuxPackages_samus_4_12;
+  linux_samus_latest = linuxPackages_samus_latest.kernel;
 
   # A function to build a manually-configured kernel
   linuxManualConfig = pkgs.buildLinux;

From ac073fe77ac72382d699aec2d53682c18f0dc7a4 Mon Sep 17 00:00:00 2001
From: Jan Malakhovski <oxij@oxij.org>
Date: Fri, 15 Sep 2017 21:08:01 +0000
Subject: [PATCH 2/3] linuxPackages: point linux_hardened to the hardened
 default linux, not hardened linux_latest

---
 pkgs/top-level/all-packages.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index eeff517ebf17..a308704e2c8a 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13198,9 +13198,12 @@ with pkgs;
     };
   });
 
-  linuxPackages_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_latest);
+  linuxPackages_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux);
   linux_hardened = linuxPackages_hardened.kernel;
 
+  linuxPackages_latest_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_latest);
+  linux_latest_hardened = linuxPackages_latest_hardened.kernel;
+
   linuxPackages_copperhead_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_copperhead);
   linux_copperhead_hardened = linuxPackages_copperhead_hardened.kernel;
   linux_hardened_copperhead = linux_copperhead_hardened; # alias for backward compatibility

From a5227789d280477d806f05d29c3021a7b5bcfd89 Mon Sep 17 00:00:00 2001
From: Jan Malakhovski <oxij@oxij.org>
Date: Fri, 15 Sep 2017 21:08:13 +0000
Subject: [PATCH 3/3] linuxPackages: add more predefined kernels with Xen Dom0

---
 pkgs/top-level/all-packages.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a308704e2c8a..ce60ac1b9ac6 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13188,6 +13188,8 @@ with pkgs;
   linuxPackages_testing_bcachefs = recurseIntoAttrs (linuxPackagesFor pkgs.linux_testing_bcachefs);
 
   # Build a kernel for Xen dom0
+  linuxPackages_xen_dom0 = recurseIntoAttrs (linuxPackagesFor (pkgs.linux.override { features.xen_dom0=true; }));
+
   linuxPackages_latest_xen_dom0 = recurseIntoAttrs (linuxPackagesFor (pkgs.linux_latest.override { features.xen_dom0=true; }));
 
   # Hardened linux
@@ -13204,6 +13206,10 @@ with pkgs;
   linuxPackages_latest_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_latest);
   linux_latest_hardened = linuxPackages_latest_hardened.kernel;
 
+  linuxPackages_xen_dom0_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor (pkgs.linux.override { features.xen_dom0=true; }));
+
+  linuxPackages_latest_xen_dom0_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor (pkgs.linux_latest.override { features.xen_dom0=true; }));
+
   linuxPackages_copperhead_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_copperhead);
   linux_copperhead_hardened = linuxPackages_copperhead_hardened.kernel;
   linux_hardened_copperhead = linux_copperhead_hardened; # alias for backward compatibility