93 lines
2.2 KiB
Nix
93 lines
2.2 KiB
Nix
pkgs:
|
|
{
|
|
arch,
|
|
config,
|
|
firmware,
|
|
}:
|
|
let
|
|
inherit (pkgs)
|
|
lib
|
|
buildLinux
|
|
fetchFromGitHub
|
|
gccStdenv
|
|
runCommand
|
|
;
|
|
|
|
kernel =
|
|
let
|
|
args = {
|
|
inherit (pkgs) lib hostPlatform;
|
|
};
|
|
|
|
firmwareCollection =
|
|
runCommand "linux-firmware"
|
|
{
|
|
inherit firmware;
|
|
firmwarePackages = with pkgs; [
|
|
linux-firmware
|
|
sof-firmware
|
|
wireless-regdb
|
|
];
|
|
}
|
|
''
|
|
for dir in ''${firmwarePackages[@]}; do
|
|
pushd "$dir/lib/firmware"
|
|
|
|
for fw in ''${firmware}; do
|
|
if [ -e "$fw" ]; then
|
|
local base="$(dirname "$fw")"
|
|
mkdir -p "$out/lib/firmware/$base"
|
|
ln -s "$dir/lib/firmware/$fw" "$out/lib/firmware/$base"
|
|
fi
|
|
done
|
|
|
|
popd
|
|
done
|
|
'';
|
|
in
|
|
buildLinux rec {
|
|
pname = "linux-hardened";
|
|
version = "6.10.2-hardened1";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "anthraxx";
|
|
repo = pname;
|
|
rev = "v${version}";
|
|
hash = "sha256-a9kxt09pQjUJUsdqaIMyA7Us6sxueaacetWKv59Xy3s=";
|
|
};
|
|
|
|
defconfig = "allnoconfig";
|
|
extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
|
|
enableCommonConfig = false;
|
|
|
|
structuredExtraConfig =
|
|
(import ./base.nix args)
|
|
// (import config args)
|
|
// lib.optionalAttrs (firmware != [ ]) {
|
|
EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware);
|
|
EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareCollection}/lib/firmware";
|
|
};
|
|
|
|
features = {
|
|
efiBootStub = true;
|
|
};
|
|
isHardened = true;
|
|
stdenv = gccStdenv;
|
|
};
|
|
in
|
|
kernel.overrideAttrs (base: {
|
|
installFlags = base.installFlags or [ ] ++ [ "INSTALL_MOD_PATH=$(out)" ];
|
|
|
|
postInstall = ''
|
|
if [ -z "''${dontStrip-}" ]; then
|
|
installFlagsArray+=( "INSTALL_MOD_STRIP=1" )
|
|
fi
|
|
|
|
make modules_install $makeFlags "''${makeFlagsArray[@]}" \
|
|
$installFlags "''${installFlagsArray[@]}"
|
|
|
|
depmod -b $out ${base.version}
|
|
touch $out/lib/modules/${base.version}/modules.order
|
|
'';
|
|
})
|