From ca465eeeb1f724673a2d436a58e73f4283a89404 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 3 Sep 2016 14:42:08 +0200
Subject: [PATCH] wireguard: disable build against -grsec kernels

Looks to be incompatible with the PaX constification plugin:

> /tmp/nix-build-wireguard-unstable-2016-08-08.drv-0/WireGuard-experimental-0.0.20160808/src/device.c:329:29: error: constified variable 'link_ops' placed into writable section ".data..read_mostly"
 static struct rtnl_link_ops link_ops __read_mostly = {

https://hydra.nixos.org/build/39671573/log/raw

See also https://github.com/NixOS/nixpkgs/issues/18209
---
 pkgs/os-specific/linux/wireguard/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix
index 3264194f125..a885d40658b 100644
--- a/pkgs/os-specific/linux/wireguard/default.nix
+++ b/pkgs/os-specific/linux/wireguard/default.nix
@@ -2,6 +2,8 @@
 
 # module requires Linux >= 4.1 https://www.wireguard.io/install/#kernel-requirements
 assert kernel != null -> stdenv.lib.versionAtLeast kernel.version "4.1";
+# module is incompatible with the PaX constification plugin
+assert kernel != null -> !(kernel.features.grsecurity or false);
 
 let
   name = "wireguard-unstable-${version}";