How to upstream a working kernel module derivation?

adaszko · January 18, 2021, 10:06am

Hi!

I have a working kernel module derivation (see below) for the Intel SGX driver (it’s a secure enclave driver). I would like to contribute it upstream so that other users just need to add something as simple as isgx = true in their configuration.nix to use it. The question is how do I convert the stuff I came up with below into a pull request to nixpkgs. Thanks in advance for suggestions.

/etc/nixos/isgx.nix:

{ stdenv, fetchFromGitHub, kernel, kmod }:

stdenv.mkDerivation rec {
  name = "isgx-${version}-${kernel.version}";
  version = "2.11";

  src = fetchFromGitHub {
    owner = "intel";
    repo = "linux-sgx-driver";
    rev = "sgx_driver_2.11";
    sha256 = "0z3czwxa0gs1h3hyg0bpxziyizzfnv9x6gglka6v1p3s5j00b7fd";
  };

  sourceRoot = "source";
  hardeningDisable = [ "pic" "format" ];
  nativeBuildInputs = kernel.moduleBuildDependencies;

  patches = [ ./0001-NixOS.patch ];

  makeFlags = [
    "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
    "INSTALL_MOD_PATH=$(out)"
  ];

  meta = with stdenv.lib; {
    description = "A kernel module to create Intel SGX driver";
    homepage = "https://github.com/intel/linux-sgx-driver";
    license = licenses.bsd3;
    maintainers = [ maintainers.adaszko ];
    platforms = platforms.linux;
  };
}

/etc/nixos/0001-NixOS.patch:

From 3161a383f0e795e73c8b5c72c408d4f36f16087d Mon Sep 17 00:00:00 2001
From: Adam Szkoda <foo@bar.com>
Date: Mon, 18 Jan 2021 09:43:03 +0100
Subject: [PATCH] NixOS patches

---
 Makefile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Makefile b/Makefile
index c0963fc..a4f9605 100644
--- a/Makefile
+++ b/Makefile
@@ -17,8 +17,6 @@ default:
 
 install: default
 	$(MAKE) INSTALL_MOD_DIR=kernel/drivers/intel/sgx -C $(KDIR) M=$(PWD) modules_install
-	depmod -A
-	sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules"
 
 endif
 
-- 
2.29.2

In /etc/nixos/configuration.nix:

{ config, pkgs, ... }:

let isgx = config.boot.kernelPackages.callPackage ./isgx.nix { };

in {
  ...
  boot.extraModulePackages = [ isgx ];
  ...
}

Pacman99 · January 27, 2021, 8:27pm

If you just upstream the package then other users can add pkgs.isgx to boot.extraModulePackages like you did.

To do that, you can follow this: Nixpkgs 23.11 manual | Nix & NixOS. You’re already halfway there since you have the package done. You just have to fork nixpkgs, push a branch with your changes, and send a pull request.

I might be wrong in this, I just read a bit of nixpkgs code to check. But I think kernel modules go in pkgs/os-specific/linux and you have to add an entry in pkgs/top-level/all-packages.nix inside the linuxPackagesFor section.

Pacman99 · January 27, 2021, 8:30pm

Ohh and there is a pull request for it already here: linuxPackages.isgx: init at 2.11 by oxalica · Pull Request #109013 · NixOS/nixpkgs · GitHub

Although this could just be you

adaszko · January 29, 2021, 8:30am

Thank you for your instructions! The part of the manual about contributing to nixpkgs is what I was missing. Looks like @SuperSandro2000 on GitHub beat me to making the contribution however. Their PR is slightly better in that it includes a patch with a workaround for a compilation error on a 5.8 kernel so I’m going to abandon mine and migrate to their PR (eventually)

adaszko · April 13, 2021, 8:40am

I misattributed the PR. It’s @oxalica who made the contribution!