grsecurity: work around #19698

This is a temporary work-around to fix using grsecurity on NixOS with
the new kernelPackages/kernelPatches machinery.

For whatever reason, when `security.grsecurity.enable = true`, the grsec
patch ends up being applied twice, causing the kernel build to fail.

Until the root cause of this is identified, we hack around it by simply
pruning duplicate patches in the grsec kernel builder.

Closes #19698
This commit is contained in:
Joachim Fasting 2016-10-23 18:15:07 +02:00
parent 2406387fd6
commit 6d1bf921fa
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08

View File

@ -21,7 +21,7 @@ assert (kernel.version == grsecPatch.kver);
overrideDerivation (kernel.override { overrideDerivation (kernel.override {
inherit modDirVersion; inherit modDirVersion;
kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []); kernelPatches = lib.unique ([ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []));
extraConfig = '' extraConfig = ''
GRKERNSEC y GRKERNSEC y
PAX y PAX y