diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-06 12:51:56 +0100 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-06 12:51:56 +0100 |
commit | 99fb79ae843e9bc29513365e17418d4f1aee4ce0 (patch) | |
tree | 95fe1827d215ad2d101d15590332a8b46c09dc4c /pkgs/os-specific | |
parent | c7176d55ac8a801a0368014a3c76c4ebbd5eacaa (diff) | |
parent | da04a8e39741bbf336344b75b9842f2a7dc76ac1 (diff) |
Merge master into staging-next
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 30 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.9.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/pam_mount/default.nix | 47 | ||||
-rw-r--r-- | pkgs/os-specific/linux/pam_mount/support_luks2.patch | 47 | ||||
-rw-r--r-- | pkgs/os-specific/linux/r8168/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/zfs/default.nix | 4 |
9 files changed, 105 insertions, 47 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index ff410b2ab2c5e..f97474556ce92 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,27 +1,27 @@ { "4.14": { - "name": "linux-hardened-4.14.202.a.patch", - "sha256": "0ns5yq087m7i7ciq2b4skxclnlym0zm5v0vjqvzi9r375fd0gm9s", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.202.a/linux-hardened-4.14.202.a.patch" + "name": "linux-hardened-4.14.204.a.patch", + "sha256": "1vwja9mqycw3322p8a896l9mkxvzym6r9q17zfgwpqi3kvr9k74h", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.204.a/linux-hardened-4.14.204.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.152.a.patch", - "sha256": "0zc36yklzjb3sqd61m12c1988mazkrv242wbk7cn0a2b5sw7a373", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.152.a/linux-hardened-4.19.152.a.patch" + "name": "linux-hardened-4.19.155.a.patch", + "sha256": "0jrvd9yws7cym08j28r7wv3i83zlk5z0vl0l1mibak04h43mibgf", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.155.a/linux-hardened-4.19.155.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.72.a.patch", - "sha256": "1w4sfkx4qj9vx47z06bkf4biaiz58z2qp536g7dss26zdbx1im26", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.72.a/linux-hardened-5.4.72.a.patch" + "name": "linux-hardened-5.4.75.a.patch", + "sha256": "169m2a3wm5lsyzp7cp8nvxarhgcnan41ap7k5r7jx7x1frx2vzxm", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.75.a/linux-hardened-5.4.75.a.patch" }, "5.8": { - "name": "linux-hardened-5.8.16.a.patch", - "sha256": "0b7bfzknz2am9pfypazqzky9bcd6659sakcdx2a7p1i3bj6zxnn1", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.8.16.a/linux-hardened-5.8.16.a.patch" + "name": "linux-hardened-5.8.18.a.patch", + "sha256": "1r2n74nbyi3dp5zql9sk504xkpil6ylbyd99zqqva4nd3qg17c99", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.8.18.a/linux-hardened-5.8.18.a.patch" }, "5.9": { - "name": "linux-hardened-5.9.1.a.patch", - "sha256": "07897dgkldm2dxsriapjlg9b118sd32qmd1z8xja01xcgd3r6vp7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.1.a/linux-hardened-5.9.1.a.patch" + "name": "linux-hardened-5.9.6.a.patch", + "sha256": "1h25jkbp0yz2jfmbnwrldd1rcpag8mbf8dv6kc79j7qg1agafxkn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.6.a/linux-hardened-5.9.6.a.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index a28531ee4012c..dedd3485c25d4 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.203"; + version = "4.14.204"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0c9r1s83mrn9lzgrr4wzvk4d72q70sbgf7lql6z9ivkf12v3p5mc"; + sha256 = "1ncacsy2g80zigfx8nmr1f7v50s1y9ys1xy9jgizrnvmxjcji0wy"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 7a63297578ba5..dcde8fceba263 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.19.154"; + version = "4.19.155"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0ik6anz6ly0dl0lp8m5mighlvzkifnk2kljwajxa56vbhj691339"; + sha256 = "1lj81aadyskmxs3j4s923nhnk69dfj2kiwm0nxabbcjw83sliinb"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 881e72f5cf17c..9db1ada350bd3 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.4.74"; + version = "5.4.75"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1drs2pngr5w3rmpydljirmibp30qb4hdrhqsi92knshlw6nz817c"; + sha256 = "0w0lpiy56zqdm2vpx9ckxakna334n88pnqbv52zyfcslxgb6yinj"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.9.nix b/pkgs/os-specific/linux/kernel/linux-5.9.nix index 9d9f1eaa7f001..59f18baa8c837 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.9.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "5.9.3"; + version = "5.9.6"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0wwa6557i9l4vyswz26ixz8c2ykxnzqrsc9pwkr76nyjx7gjibni"; + sha256 = "0w2kcng09nzk09dwkx4azdfgnwzbd2mz8lyl4j69bwx837z85hbc"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/pam_mount/default.nix b/pkgs/os-specific/linux/pam_mount/default.nix index 18bc84effa06d..3e026be6abb26 100644 --- a/pkgs/os-specific/linux/pam_mount/default.nix +++ b/pkgs/os-specific/linux/pam_mount/default.nix @@ -1,37 +1,48 @@ -{ stdenv, fetchurl, autoconf, automake, pkgconfig, libtool, pam, libHX, libxml2, pcre, perl, openssl, cryptsetup, utillinux }: +{ stdenv, fetchurl, autoreconfHook, pkgconfig, libtool, pam, libHX, libxml2, pcre, perl, openssl, cryptsetup, utillinux }: stdenv.mkDerivation rec { - name = "pam_mount-2.16"; + pname = "pam_mount"; + version = "2.16"; src = fetchurl { - url = "mirror://sourceforge/pam-mount/pam_mount/2.16/${name}.tar.xz"; + url = "mirror://sourceforge/pam-mount/pam_mount/${version}/${pname}-${version}.tar.xz"; sha256 = "1rvi4irb7ylsbhvx1cr6islm2xxw1a4b19q6z4a9864ndkm0f0mf"; }; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ autoconf automake libtool pam libHX utillinux libxml2 pcre perl openssl cryptsetup ]; + patches = [ + ./insert_utillinux_path_hooks.patch + ./support_luks2.patch + ]; - patches = [ ./insert_utillinux_path_hooks.patch ]; + postPatch = '' + substituteInPlace src/mtcrypt.c \ + --replace @@NIX_UTILLINUX@@ ${utillinux}/bin + ''; - preConfigure = '' - substituteInPlace src/mtcrypt.c --replace @@NIX_UTILLINUX@@ ${utillinux}/bin - sh autogen.sh --prefix=$out - ''; + nativeBuildInputs = [ autoreconfHook libtool pkgconfig ]; - makeFlags = [ "DESTDIR=$(out)" ]; + buildInputs = [ pam libHX utillinux libxml2 pcre perl openssl cryptsetup ]; + + enableParallelBuilding = true; + + configureFlags = [ + "--prefix=${placeholder "out"}" + "--localstatedir=${placeholder "out"}/var" + "--sbindir=${placeholder "out"}/bin" + "--sysconfdir=${placeholder "out"}/etc" + "--with-slibdir=${placeholder "out"}/lib" + "--with-ssbindir=${placeholder "out"}/bin" + ]; - # Probably a hack, but using DESTDIR and PREFIX makes everything work! postInstall = '' - mkdir -p $out - cp -r $out/$out/* $out - rm -r $out/nix - ''; + rm -r $out/var + ''; meta = with stdenv.lib; { - homepage = "http://pam-mount.sourceforge.net/"; description = "PAM module to mount volumes for a user session"; - maintainers = [ maintainers.tstrobel ]; + homepage = "https://pam-mount.sourceforge.net/"; license = with licenses; [ gpl2 gpl3 lgpl21 lgpl3 ]; + maintainers = with maintainers; [ tstrobel ]; platforms = platforms.linux; }; } diff --git a/pkgs/os-specific/linux/pam_mount/support_luks2.patch b/pkgs/os-specific/linux/pam_mount/support_luks2.patch new file mode 100644 index 0000000000000..0b8557f1bae0d --- /dev/null +++ b/pkgs/os-specific/linux/pam_mount/support_luks2.patch @@ -0,0 +1,47 @@ +commit d4434c05e7c0cf05d87089404cfa2deedc60811a +Author: Ingo Franzki <ifranzki@linux.ibm.com> +Date: Mon Oct 29 16:47:40 2018 +0100 + + crypto: Add support for LUKS2 + + Cryptsetup version 2.0 added support for LUKS2. + This patch adds support for mounting LUKS2 volumes with + pam_mount. + + Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> + +diff --git a/src/crypto-dmc.c b/src/crypto-dmc.c +index d0ab6ca..abd0358 100644 +--- a/src/crypto-dmc.c ++++ b/src/crypto-dmc.c +@@ -21,6 +21,12 @@ + #include "libcryptmount.h" + #include "pam_mount.h" + ++#ifndef CRYPT_LUKS ++ #define CRYPT_LUKS NULL /* Passing NULL to crypt_load will ++ default to LUKS(1) on older ++ libcryptsetup versions. */ ++#endif ++ + /** + * dmc_is_luks - check if @path points to a LUKS volume (cf. normal dm-crypt) + * @path: path to the crypto container +@@ -48,7 +54,7 @@ EXPORT_SYMBOL int ehd_is_luks(const char *path, bool blkdev) + + ret = crypt_init(&cd, device); + if (ret == 0) { +- ret = crypt_load(cd, CRYPT_LUKS1, NULL); ++ ret = crypt_load(cd, CRYPT_LUKS, NULL); + if (ret == -EINVAL) + ret = false; + else if (ret == 0) +@@ -106,7 +112,7 @@ static bool dmc_run(const struct ehd_mount_request *req, + #endif + } + +- ret = crypt_load(cd, CRYPT_LUKS1, NULL); ++ ret = crypt_load(cd, CRYPT_LUKS, NULL); + if (ret == 0) { + ret = crypt_activate_by_passphrase(cd, mt->crypto_name, + CRYPT_ANY_SLOT, req->key_data, req->key_size, flags); diff --git a/pkgs/os-specific/linux/r8168/default.nix b/pkgs/os-specific/linux/r8168/default.nix index b3d8965704fda..91e15db2eeb67 100644 --- a/pkgs/os-specific/linux/r8168/default.nix +++ b/pkgs/os-specific/linux/r8168/default.nix @@ -6,7 +6,7 @@ let modDestDir = "$out/lib/modules/${kernel.modDirVersion}/kernel/drivers/net/wi in stdenv.mkDerivation rec { name = "r8168-${kernel.version}-${version}"; # on update please verify that the source matches the realtek version - version = "8.047.04"; + version = "8.048.03"; # This is a mirror. The original website[1] doesn't allow non-interactive # downloads, instead emailing you a download link. @@ -17,7 +17,7 @@ in stdenv.mkDerivation rec { owner = "mtorromeo"; repo = "r8168"; rev = version; - sha256 = "1rni8jimwdhyx75603mdcylrdxgfwfpyprf1lf5x5cli2i4bbijg"; + sha256 = "1l8llpcnapcaafxp7wlyny2ywh7k6q5zygwwjl9h0l6p04cghss4"; }; hardeningDisable = [ "pic" ]; @@ -29,8 +29,8 @@ in stdenv.mkDerivation rec { # based on the ArchLinux pkgbuild: https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/r8168 preBuild = '' makeFlagsArray+=("-C${kernel.dev}/lib/modules/${kernel.modDirVersion}/build") - makeFlagsArray+=("SUBDIRS=$PWD/src") - makeFlagsArray+=("EXTRA_CFLAGS=-DCONFIG_R8168_NAPI -DCONFIG_R8168_VLAN") + makeFlagsArray+=("M=$PWD/src") + makeFlagsArray+=("EXTRA_CFLAGS=-DCONFIG_R8168_NAPI -DCONFIG_R8168_VLAN -DCONFIG_ASPM -DENABLE_S5WOL -DENABLE_EEE") makeFlagsArray+=("modules") ''; diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index c6bd7ad93364d..bb4a2dcf9796a 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -202,9 +202,9 @@ in { # incompatibleKernelVersion = "4.19"; # this package should point to a version / git revision compatible with the latest kernel release - version = "2.0.0-rc4"; + version = "2.0.0-rc5"; - sha256 = "12ydycmmzqm70p6hgmmg7q93j8n1xlkk3j56vvqh1zmazr3sr6r0"; + sha256 = "0vnldx95c36yy18v1hfr8r4cmmh3hw4n6pwz30drkwgywakjwnsd"; isUnstable = true; }; } |