Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build failure: linuxKernel.packages.linux_hardened.kernel #350681

Closed
Conni2461 opened this issue Oct 23, 2024 · 4 comments
Closed

Build failure: linuxKernel.packages.linux_hardened.kernel #350681

Conni2461 opened this issue Oct 23, 2024 · 4 comments
Assignees
@Ma27
Labels
0.kind: build failure A package fails to build 6.topic: kernel The Linux kernel

Comments

@Conni2461
Copy link
Member

Steps To Reproduce

Steps to reproduce the behavior:

  1. NIX_PATH= nix-build . -A linuxKernel.packages.linux_hardened.kernel
  2. patch doesn't apply

Build log

these 2 derivations will be built:
  /nix/store/hj3xm8k28zaf1apzgckvdp0n8r5d140m-linux-config-6.6.53.drv
  /nix/store/fnvx91ks9ywx325wgrgli3jmay12dq26-linux-6.6.53.drv
building '/nix/store/hj3xm8k28zaf1apzgckvdp0n8r5d140m-linux-config-6.6.53.drv'...
Running phase: unpackPhase
unpacking source archive /nix/store/25k6zgnmjzgfblfyl9w96400kbvdk3pn-linux-6.6.53.tar.xz
source root is linux-6.6.53
setting SOURCE_DATE_EPOCH to timestamp 1727706315 of file linux-6.6.53/virt/lib/irqbypass.c
Running phase: patchPhase
applying patch /nix/store/mnlqwys9dxznjcvq4w3s0435s9ql8qv8-bridge-stp-helper.patch
patching file net/bridge/br_private.h
Hunk #1 succeeded at 51 with fuzz 2 (offset 12 lines).
applying patch /nix/store/mbz5gln1q4swlzmqs2399br98qjif9kn-request-key-helper.patch
patching file security/keys/request_key.c
Hunk #1 succeeded at 117 (offset 3 lines).
applying patch /nix/store/9kcpsj3kbx249nd7bz8lg0kyqv0y4h9c-?id=306ed1728e8438caed30332e1ab46b28c25fe3d8
patching file net/netfilter/xt_NFLOG.c
Hunk #1 FAILED at 79.
1 out of 1 hunk FAILED -- saving rejects to file net/netfilter/xt_NFLOG.c.rej
patching file net/netfilter/xt_TRACE.c
Hunk #1 FAILED at 49.
1 out of 1 hunk FAILED -- saving rejects to file net/netfilter/xt_TRACE.c.rej
patching file net/netfilter/xt_mark.c
Hunk #1 FAILED at 62.
1 out of 1 hunk FAILED -- saving rejects to file net/netfilter/xt_mark.c.rej
error: builder for '/nix/store/hj3xm8k28zaf1apzgckvdp0n8r5d140m-linux-config-6.6.53.drv' failed with exit code 1;

Additional context

Happens on release-24.05 and on current master after a netfilter fix was cherry-picked in #350500 and #350639

Change can be found in this commit: 7f30924

Notify maintainers

Not sure who is actually responsible for hardended kernel. @Ma27

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[simon@mare nixpkgs] $ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.6.56, helsinki/NixOS, 24.05 (Uakari), nobuild`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.8`
 - channels(root): `""`
 - channels(simon): `""`
 - nixpkgs: `/home/simon/.nix-defexpr/channels/nixpkgs`

Add a 👍 reaction to issues you find important.
@Conni2461 Conni2461 added the 0.kind: build failure A package fails to build label Oct 23, 2024
@FliegendeWurst FliegendeWurst added the 6.topic: kernel The Linux kernel label Oct 23, 2024
@Ma27 Ma27 self-assigned this Oct 23, 2024
@Ma27
Copy link
Member

Ma27 commented Oct 23, 2024

Fix part of #350757.

@Ma27 Ma27 mentioned this issue Oct 23, 2024
Merged
13 tasks
peterhoeg pushed a commit to peterhoeg/nixpkgs that referenced this issue Oct 24, 2024
@Ma27 @peterhoeg
linux_hardened: hacky build fix
e76c4a4 
Closes NixOS#350681

The netfilter patch doesn't apply on the hardened branch. It will
(hopefully) be upstream anyways soon, so let's just ignore it here to
unbreak hardened for everyone else.
Ma27 added a commit to Ma27/nixpkgs that referenced this issue Oct 25, 2024
@Ma27
linux_hardened: hacky build fix
d697b56 
Closes NixOS#350681

The netfilter patch doesn't apply on the hardened branch. It will
(hopefully) be upstream anyways soon, so let's just ignore it here to
unbreak hardened for everyone else.

(cherry picked from commit db1e1ed)
@voidzero
Copy link

voidzero commented Oct 28, 2024
edited
Loading

Thanks for fixing. Please forgive my lack of understanding but when will this be available in 24.05? I just did a nix flake update but it still occurs when issuing a nixos-rebuild, so I guess it's not promulgated to 24.05 yet.

@Ma27
Copy link
Member

Ma27 commented Oct 29, 2024

It should be in nixos-24.05 by now: https://nixpk.gs/pr-tracker.html?pr=351145

@voidzero
Copy link

Oh, that's very handy, thanks. Can confirm: it just allowed me to run nixos-rebuild without issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ma27 Ma27

Labels
0.kind: build failure A package fails to build 6.topic: kernel The Linux kernel
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@voidzero @Ma27 @FliegendeWurst @Conni2461