From be3bd972d5f242340a28b65c31d2f16a97c59017 Mon Sep 17 00:00:00 2001
From: "tg(x)" <*@tg-x.net>
Date: Sun, 28 Feb 2016 15:00:05 +0100
Subject: [PATCH] grsecurity: add 4.1 kernel

---
 nixos/modules/security/grsecurity.nix         |  1 +
 .../linux/kernel/linux-grsecurity-4.1.nix     | 19 +++++++++++++++++++
 pkgs/os-specific/linux/kernel/patches.nix     |  8 ++++++++
 pkgs/top-level/all-packages.nix               | 17 +++++++++++++++++
 4 files changed, 45 insertions(+)
 create mode 100644 pkgs/os-specific/linux/kernel/linux-grsecurity-4.1.nix

diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index ea739264a14b4..3aabbc8fe1bc1 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -29,6 +29,7 @@ in
       kernelPatch = mkOption {
         type = types.attrs;
         default = pkgs.kernelPatches.grsecurity_latest;
+        example = pkgs.kernelPatches.grsecurity_4_1;
         description = ''
           Grsecurity patch to use.
         '';
diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.1.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity-4.1.nix
new file mode 100644
index 0000000000000..4359f4586c504
--- /dev/null
+++ b/pkgs/os-specific/linux/kernel/linux-grsecurity-4.1.nix
@@ -0,0 +1,19 @@
+{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
+
+import ./generic.nix (args // rec {
+  version = "4.1.7";
+  extraMeta.branch = "4.1";
+
+  src = fetchurl {
+    url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
+    sha256 = "0g1dnvak0pd03d4miy1025bw64wq71w29a058dzspdr6jcf9qwbn";
+  };
+
+  kernelPatches = args.kernelPatches;
+
+  features.iwlwifi = true;
+  features.efiBootStub = true;
+  features.needsCifsUtils = true;
+  features.canDisableNetfilterConntrackHelpers = true;
+  features.netfilterRPFilter = true;
+} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 9945361688e48..b20d53ef6dafc 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -91,6 +91,14 @@ rec {
       sha256    = "1sp1gwa7ahzflq7ayb51bg52abrn5zx1hb3pff3axpjqq7vfai6f";
     };
 
+  grsecurity_4_1 = grsecPatch
+    { kernel    = pkgs.grsecurity_base_linux_4_1;
+      patches   = [ grsecurity_fix_path_3_14 ];
+      kversion  = "4.1.7";
+      revision  = "201509201149";
+      sha256    = "1agv8c3c4vmh5algbzmrq2f6vwk72rikrlcbm4h7jbrb9js6fxk4";
+    };
+
   grsecurity_4_4 = grsecPatch
     { kernel    = pkgs.grsecurity_base_linux_4_4;
       patches   = [ grsecurity_fix_path_4_4 ];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b4d83c68c64ab..321e28f95b3a2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10418,6 +10418,15 @@ let
       ];
   };
 
+  grsecurity_base_linux_4_1 = callPackage ../os-specific/linux/kernel/linux-grsecurity-4.1.nix {
+    kernelPatches = [ kernelPatches.bridge_stp_helper ]
+      ++ lib.optionals ((platform.kernelArch or null) == "mips")
+      [ kernelPatches.mips_fpureg_emu
+        kernelPatches.mips_fpu_sigill
+        kernelPatches.mips_ext3_n32
+      ];
+  };
+
   grsecurity_base_linux_4_4 = callPackage ../os-specific/linux/kernel/linux-grsecurity-4.4.nix {
     kernelPatches = [ kernelPatches.bridge_stp_helper ]
       ++ lib.optionals ((platform.kernelArch or null) == "mips")
@@ -10443,6 +10452,10 @@ let
   linux_grsec_server_3_14     = grKernel kernelPatches.grsecurity_3_14 grFlavors.server;
   linux_grsec_server_xen_3_14 = grKernel kernelPatches.grsecurity_3_14 grFlavors.server_xen;
 
+  linux_grsec_desktop_4_1    = grKernel kernelPatches.grsecurity_4_1 grFlavors.desktop;
+  linux_grsec_server_4_1     = grKernel kernelPatches.grsecurity_4_1 grFlavors.server;
+  linux_grsec_server_xen_4_1 = grKernel kernelPatches.grsecurity_4_1 grFlavors.server_xen;
+
   linux_grsec_desktop_4_4    = grKernel kernelPatches.grsecurity_4_4 grFlavors.desktop;
   linux_grsec_server_4_4     = grKernel kernelPatches.grsecurity_4_4 grFlavors.server;
   linux_grsec_server_xen_4_4 = grKernel kernelPatches.grsecurity_4_4 grFlavors.server_xen;
@@ -10606,6 +10619,10 @@ let
   linuxPackages_grsec_server_3_14     = grPackage kernelPatches.grsecurity_3_14 grFlavors.server;
   linuxPackages_grsec_server_xen_3_14 = grPackage kernelPatches.grsecurity_3_14 grFlavors.server_xen;
 
+  linuxPackages_grsec_desktop_4_1    = grPackage kernelPatches.grsecurity_4_1 grFlavors.desktop;
+  linuxPackages_grsec_server_4_1     = grPackage kernelPatches.grsecurity_4_1 grFlavors.server;
+  linuxPackages_grsec_server_xen_4_1 = grPackage kernelPatches.grsecurity_4_1 grFlavors.server_xen;
+
   linuxPackages_grsec_desktop_4_4    = grPackage kernelPatches.grsecurity_4_4 grFlavors.desktop;
   linuxPackages_grsec_server_4_4     = grPackage kernelPatches.grsecurity_4_4 grFlavors.server;
   linuxPackages_grsec_server_xen_4_4 = grPackage kernelPatches.grsecurity_4_4 grFlavors.server_xen;