nixos/ananicy: disable ananicy-cpp's BPF on hardened kernels, cleanup#331722
nixos/ananicy: disable ananicy-cpp's BPF on hardened kernels, cleanup#331722JohnRTitor merged 3 commits intoNixOS:masterfrom
Conversation
github-actions
bot
added
6.topic: nixos
ofborg
bot
added
10.rebuild-darwin: 0
|
CC @Artturin |
| # Ananicy-CPP with BPF is not supported on hardened kernels https://github.com/NixOS/nixpkgs/issues/327382 | ||
| finalPackage = | ||
| if (servicename == "ananicy-cpp" && config.boot.kernelPackages.isHardened) then | ||
| (cfg.package { withBpf = false; }) |
There was a problem hiding this comment.
Calling package works? I've tried in repl and it doesn't. I assume this should be cfg.package.override { withBpf = false; }.
The problem is that this makes it's impossible to override withBpf to true. There is a way to make bpf version work on hardened (explained in the linked issue), and I intend to apply this on my system and use bpf version of ananicy-cpp.
I couldn't find if there's a way to check whether the argument was overriden? We could add this functionality to makeOverridable.
Though a better idea is probably to add withBpf as a service option.
There was a problem hiding this comment.
@JohnRTitor Yeah, this doesn't work. Just upgraded to 24.11 and got
error: attempt to call something which is not a function but a set: { type = "derivation"; NIX_HARDENING_ENABLE = «thunk»; __ignoreNulls = true; __structuredAttrs = «thunk»; all = «thunk»; args = «thunk»; buildInputs = «thunk»; builder = «thunk»; cmakeFlags = «thunk»; configureFlags = «thunk»; «37 attributes elided» }
There was a problem hiding this comment.
Ugh, I hate GitHub, you never saw that comment, because it was pending. I always forget about this...
There was a problem hiding this comment.
Though a better idea is probably to add
withBpfas a service option.
No, because it just duplicates the package override.
There was a problem hiding this comment.
Though a better idea is probably to add
withBpfas a service option.No, because it just duplicates the package override.
I've made an issue, so we won't misuse this already merged PR. #360957
2 participants
Description of changes
Ananicy-Cpp does not work with hardened kernels, because bpf support is fully supported on hardened. So let's disable it.
Fixes #327382
Follow up to #330488
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.