colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

grsecurity: work around for #20490

Browse Source 
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line.  When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in

    make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long

The build does not fail, however, but the list of modules to be installed ends
up being empty.  Thus, the resulting kernel package output contains no modules,
rendering it useless.

We work around this by patching the makefile to use `find -exec` to
process files.  Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.

Fixes https://github.com/NixOS/nixpkgs/issues/20490
This commit is contained in:
Joachim Fasting 2016-11-18 15:04:39 +01:00
parent b399de2970
commit e38b74ba89
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
3 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkgs/os-specific/linux/kernel/grsecurity-modinst.patch Normal file
View File

@ -0,0 +1,12 @@
diff -ruN a/scripts/Makefile.modinst b/scripts/Makefile.modinst
--- a/scripts/Makefile.modinst 2016-11-15 07:49:06.000000000 +0100
+++ b/scripts/Makefile.modinst 2016-11-18 13:45:07.977270500 +0100
@@ -9,7 +9,7 @@
#
-__modules := $(sort $(shell grep -h '\.ko$$' /dev/null $(wildcard $(MODVERDIR)/*.mod)))
+__modules := $(shell find $(MODVERDIR) -name '*.mod' -exec grep -h '\.ko$$' '{}' \; | sort)
modules := $(patsubst %.o,%.ko,$(wildcard $(__modules:.ko=.o)))
PHONY += $(modules)

8
pkgs/os-specific/linux/kernel/patches.nix
View File

@ -99,6 +99,14 @@ rec {
patch = ./grsecurity-nixos-kmod.patch;
};
# A temporary work-around for execvp: arglist too long error during
# module_install. Without this, no modules are installed into the
# resulting output.
grsecurity_modinst =
{ name = "grsecurity-modinst";
patch = ./grsecurity-modinst.patch;
};
crc_regression =
{ name = "crc-backport-regression";
patch = ./crc-regression.patch;

2
pkgs/top-level/all-packages.nix
View File

@ -11154,7 +11154,7 @@ in
];
};
grsecPatch = self.kernelPatches.grsecurity_testing;
kernelPatches = [ self.kernelPatches.grsecurity_nixos_kmod ];
kernelPatches = with self.kernelPatches; [ grsecurity_nixos_kmod grsecurity_modinst ];
extraConfig = callPackage ../os-specific/linux/kernel/grsecurity-nixos-config.nix { };
};