mikael/linux-hardened
Archived
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2024-08-18. You can view files and clone it, but cannot push or open issues or pull requests.
linux-hardened/linux-hardened.nix
Mikael Voss e7ac5fc058
linux-hardened: 6.10.3 → 6.10.4
2024-08-12 14:57:54 +02:00

78 lines
1.7 KiB
Nix
Raw Blame History

pkgs:
{
arch,
config,
firmware,
}:
let
inherit (pkgs)
lib
buildEnv
buildLinux
fetchFromGitHub
gccStdenv
runCommand
;
kernel =
let
args = {
inherit (pkgs) lib hostPlatform;
};
firmwareEnv = buildEnv {
name = "linux-firmware";
pathsToLink = [ "/lib/firmware" ];
paths = with pkgs; [
linux-firmware
sof-firmware
wireless-regdb
];
};
in
buildLinux rec {
pname = "linux-hardened";
version = "6.10.4-hardened1";
src = fetchFromGitHub {
owner = "anthraxx";
repo = pname;
rev = "v${version}";
hash = "sha256-qq2vmrUIYUuXEwuZoXrXbZY/li+ReFNuqhsy1R0yx0s=";
};
defconfig = "allnoconfig";
extraMakeFlags = [ "KCFLAGS=-march=${arch}" ];
enableCommonConfig = false;
structuredExtraConfig =
(import ./base.nix args)
// (import config args)
// lib.optionalAttrs (firmware != [ ]) {
EXTRA_FIRMWARE = lib.kernel.freeform (toString firmware);
EXTRA_FIRMWARE_DIR = lib.kernel.freeform "${firmwareEnv}/lib/firmware";
};
features = {
efiBootStub = true;
};
isHardened = true;
stdenv = gccStdenv;
};
in
kernel.overrideAttrs (base: {
installFlags = base.installFlags or [ ] ++ [ "INSTALL_MOD_PATH=$(out)" ];
postInstall = ''
if [ -z "''${dontStrip-}" ]; then
installFlagsArray+=( "INSTALL_MOD_STRIP=1" )
fi
make modules_install $makeFlags "''${makeFlagsArray[@]}" \
$installFlags "''${installFlagsArray[@]}"
depmod -b $out ${base.version}
touch $out/lib/modules/${base.version}/modules.order
'';
})
Reference in a new issue View git blame Copy permalink