Compile with Clang / LLVM
This commit is contained in:
parent
f8f6adeccd
commit
d5cba52ab2
7
base.nix
7
base.nix
|
@ -79,13 +79,12 @@
|
|||
STACKPROTECTOR = yes;
|
||||
STACKPROTECTOR_STRONG = yes;
|
||||
|
||||
LTO_CLANG_FULL = option yes;
|
||||
LTO_CLANG_FULL = yes;
|
||||
CFI_CLANG = yes;
|
||||
|
||||
VMAP_STACK = yes;
|
||||
RANDOMIZE_KSTACK_OFFSET_DEFAULT = yes;
|
||||
|
||||
GCC_PLUGINS = yes;
|
||||
|
||||
BLK_DEV_WRITE_MOUNTED = yes;
|
||||
BLK_WBT = yes;
|
||||
BLK_WBT_MQ = yes;
|
||||
|
@ -325,8 +324,6 @@
|
|||
|
||||
BUG_ON_DATA_CORRUPTION = yes;
|
||||
|
||||
RANDSTRUCT_PERFORMANCE = option yes;
|
||||
|
||||
CRYPTO_ZSTD = yes;
|
||||
|
||||
SWIOTLB_DYNAMIC = yes;
|
||||
|
|
|
@ -4,11 +4,16 @@ let
|
|||
lib
|
||||
buildEnv
|
||||
buildLinux
|
||||
buildPackages
|
||||
fetchFromGitHub
|
||||
gccStdenv
|
||||
overrideCC
|
||||
runCommand;
|
||||
|
||||
kernel = let
|
||||
inherit (pkgs.llvmPackages_latest)
|
||||
llvm clang-unwrapped lld
|
||||
clang bintools;
|
||||
|
||||
args = {
|
||||
inherit (pkgs) lib hostPlatform;
|
||||
};
|
||||
|
@ -23,35 +28,53 @@ let
|
|||
];
|
||||
};
|
||||
in buildLinux rec {
|
||||
pname = "linux-hardened";
|
||||
version = "6.10.4-hardened1";
|
||||
pname = "linux-hardened";
|
||||
version = "6.10.4-hardened1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "anthraxx";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-qq2vmrUIYUuXEwuZoXrXbZY/li+ReFNuqhsy1R0yx0s=";
|
||||
};
|
||||
|
||||
defconfig = "allnoconfig";
|
||||
extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
|
||||
enableCommonConfig = false;
|
||||
|
||||
structuredExtraConfig =
|
||||
(import ./base.nix args) //
|
||||
(import config args) //
|
||||
lib.optionalAttrs (firmware != [ ]) {
|
||||
EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware);
|
||||
EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareEnv}/lib/firmware";
|
||||
};
|
||||
|
||||
features = {
|
||||
efiBootStub = true;
|
||||
};
|
||||
|
||||
isHardened = true;
|
||||
stdenv = gccStdenv;
|
||||
src = fetchFromGitHub {
|
||||
owner = "anthraxx";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-qq2vmrUIYUuXEwuZoXrXbZY/li+ReFNuqhsy1R0yx0s=";
|
||||
};
|
||||
|
||||
defconfig = "allnoconfig";
|
||||
enableCommonConfig = false;
|
||||
|
||||
extraMakeFlags = [
|
||||
"LLVM=1"
|
||||
|
||||
"HOSTCC=${clang}/bin/clang"
|
||||
"HOSTCXX=${clang}/bin/clang++"
|
||||
"HOSTLD=${bintools}/bin/ld.lld"
|
||||
"HOSTAR=${bintools}/bin/ar"
|
||||
|
||||
"CC=${clang-unwrapped}/bin/clang"
|
||||
"LD=${lld}/bin/ld.lld"
|
||||
"AR=${llvm}/bin/llvm-ar"
|
||||
"NM=${llvm}/bin/llvm-nm"
|
||||
"OBJCOPY=${llvm}/bin/llvm-objcopy"
|
||||
"OBJDUMP=${llvm}/bin/llvm-objdump"
|
||||
"READELF=${llvm}/bin/llvm-readelf"
|
||||
"STRIP=${llvm}/bin/llvm-strip"
|
||||
|
||||
"KCFLAGS=-march=${arch}"
|
||||
];
|
||||
|
||||
structuredExtraConfig =
|
||||
(import ./base.nix args) //
|
||||
(import config args) //
|
||||
lib.optionalAttrs (firmware != [ ]) {
|
||||
EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware);
|
||||
EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareEnv}/lib/firmware";
|
||||
};
|
||||
|
||||
features = {
|
||||
efiBootStub = true;
|
||||
};
|
||||
|
||||
isHardened = true;
|
||||
};
|
||||
in kernel.overrideAttrs (base: {
|
||||
installFlags = base.installFlags or [ ] ++ [ "INSTALL_MOD_PATH=$(out)" ];
|
||||
|
||||
|
|
Reference in a new issue