diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-10-08 12:01:52 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-08 12:01:52 +0000 |
commit | 81871f4c87a029aa89e9e9f58037ab2bc50baf0b (patch) | |
tree | 0503b9eba37e27fbd54e8cdd749180eb06b5e75b /pkgs/os-specific/linux/kernel | |
parent | 187f681cb4921d413ad940834baab18654cb0f9a (diff) | |
parent | 0b4a97a07f72bcf265034e5e2d95d6fa02e694a7 (diff) | |
download | nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.tar nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.tar.gz nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.tar.bz2 nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.tar.lz nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.tar.xz nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.tar.zst nixpkgs-81871f4c87a029aa89e9e9f58037ab2bc50baf0b.zip |
Merge staging-next into staging
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 70 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/kernel/hardened/update.py | 23 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/kernels-org.json | 12 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/manual-config.nix | 9 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/zen-kernels.nix | 14 |
5 files changed, 59 insertions, 69 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 7f824bcd710..a02bc358213 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,71 +2,71 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.325-hardened1.patch", - "sha256": "1mc1pyjjksg2f4189wyas55ax8czzhai2i3jc6n7l9jmfwj7xr9q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.325-hardened1/linux-hardened-4.14.325-hardened1.patch" + "name": "linux-hardened-4.14.326-hardened1.patch", + "sha256": "08jq0v7i5aghynscvhv3v3sgqbd2yyn6daqc9qg9cw02lxmvnjzz", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.326-hardened1/linux-hardened-4.14.326-hardened1.patch" }, - "sha256": "117p1mdha57f6d3kdwac9jrbmib7g77q4xhir8ghl6fmrs1f2sav", - "version": "4.14.325" + "sha256": "0y0lvzidw775mgx211wnc1c6223iqv8amz5y9jkz9h7l3l7y8p2m", + "version": "4.14.326" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.294-hardened1.patch", - "sha256": "1s70vz8rai1z440rmwzipwpq7wa7p2bvri43zmkbisrfggm1lz2r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.294-hardened1/linux-hardened-4.19.294-hardened1.patch" + "name": "linux-hardened-4.19.295-hardened1.patch", + "sha256": "0jfsbg8b3h1swb46p4lnsc0b5z8b5j9jjy2fi8fy0762v4g7ps7c", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.295-hardened1/linux-hardened-4.19.295-hardened1.patch" }, - "sha256": "03x0xsb8a369zdr81hg6xdl5n5v48k6iwnhj6r29725777lvvbfc", - "version": "4.19.294" + "sha256": "1b1qslpk1kka7nxam48s22xsqd9qmp716hmibgfsjxl5y3jc4cmp", + "version": "4.19.295" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.195-hardened1.patch", - "sha256": "15liin3i9wh7hwr97pyc8rl79ri7frsprssl50si9z810zvc9chb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.195-hardened1/linux-hardened-5.10.195-hardened1.patch" + "name": "linux-hardened-5.10.197-hardened1.patch", + "sha256": "0h0yarjpc2syg2rdp7ipz0cr466mgm85ii8y5g0dbj9wkflrl54g", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.197-hardened1/linux-hardened-5.10.197-hardened1.patch" }, - "sha256": "0n4vg2i9sq89wnz85arlyvwysh9s83cgzs5bk2wh98bivi5fwfs1", - "version": "5.10.195" + "sha256": "1awkm7lln5gf6kld9z5h4mg39bd778jsdswwlwb7iv7bn03lafhq", + "version": "5.10.197" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.132-hardened1.patch", - "sha256": "06wkcbhkdm8vnk1cqwngy9gdknqm4pb4za9lbh2q5j1f2nkcn7pq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.132-hardened1/linux-hardened-5.15.132-hardened1.patch" + "name": "linux-hardened-5.15.134-hardened1.patch", + "sha256": "1q8vfffiwp3zwrjh7r8q4yn9hybswfl41kz4s97jckf90x84xj8d", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.134-hardened1/linux-hardened-5.15.134-hardened1.patch" }, - "sha256": "1b0qjsaqjw2rk86shmmrj2aasblkn27acjmc761vnjg7sv2baxs1", - "version": "5.15.132" + "sha256": "1lxra3h8pq41hdr1acazwcqk6r8alv9p840ys19nivaprfp84wgk", + "version": "5.15.134" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.256-hardened1.patch", - "sha256": "1rsp30g5xry5y95mz0i6walkcxj6abyrsaq3fwhz0ka6nq6g7w82", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.256-hardened1/linux-hardened-5.4.256-hardened1.patch" + "name": "linux-hardened-5.4.257-hardened1.patch", + "sha256": "0kf0s69yl9xwnmjk312gphj9fsz1jxcfivwhg10hdvw3cfhjq2dn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.257-hardened1/linux-hardened-5.4.257-hardened1.patch" }, - "sha256": "0fim5q9xakwnjfg48bpsic9r2r8dvrjlalqqkm9vh1rml9mhi967", - "version": "5.4.256" + "sha256": "1w1x91slzg9ggakqhyxnmvz77v2cwfk8bz0knrpgz9qya9q5jxrf", + "version": "5.4.257" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.54-hardened1.patch", - "sha256": "0c8dmgciwc02pzhnx2mj5xlhds7mmicm8r6668di2zfw772rjgr4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.54-hardened1/linux-hardened-6.1.54-hardened1.patch" + "name": "linux-hardened-6.1.56-hardened1.patch", + "sha256": "01j6qi94wr8bm1vnyw8108as94xiwa92vhh860b4gk71msz7carg", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.56-hardened1/linux-hardened-6.1.56-hardened1.patch" }, - "sha256": "09sfrq2l8f777mx2n9mhb6bgz1064bl04921byqnmk87si31w653", - "version": "6.1.54" + "sha256": "1327in80nl0ghbjignjsdw0w5crj4d06d5fivj4q6af26bggvply", + "version": "6.1.56" }, "6.5": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.5.4-hardened1.patch", - "sha256": "0r411dgp17am2bnfpk8lbzmymp6w9d5raz7hni0mw0kpcq6z996n", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.4-hardened1/linux-hardened-6.5.4-hardened1.patch" + "name": "linux-hardened-6.5.6-hardened1.patch", + "sha256": "12xvphbs2i9a262117lfxs9gz0ckfspdv74y5jjkjbmw5gx26fgg", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.6-hardened1/linux-hardened-6.5.6-hardened1.patch" }, - "sha256": "0s8nzd8yaq06bq8byk7aakbk95gh0rhlif26h1biw94v48anrxxx", - "version": "6.5.4" + "sha256": "1xnjjm50ks18ifrp36md2p2xca4lw160y57j9p152w2l2i16vqvq", + "version": "6.5.6" } } diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 5d6a2eba966..ce54c298075 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -193,21 +193,14 @@ with open(HARDENED_PATCHES_PATH) as patches_file: # Get the set of currently packaged kernel versions. kernel_versions = {} -for filename in os.listdir(NIXPKGS_KERNEL_PATH): - filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) - if filename_match: - nix_version_expr = f""" - with import {NIXPKGS_PATH} {{}}; - (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version - """ - kernel_version_json = run( - "nix-instantiate", "--eval", "--system", "x86_64-linux", "--json", "--expr", nix_version_expr, - ).stdout - kernel_version = parse_version(json.loads(kernel_version_json)) - if kernel_version < MIN_KERNEL_VERSION: - continue - kernel_key = major_kernel_version_key(kernel_version) - kernel_versions[kernel_key] = kernel_version +with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as kernel_versions_json: + kernel_versions = json.load(kernel_versions_json) + for kernel_branch_str in kernel_versions: + if kernel_branch_str == "testing": continue + kernel_branch = [int(i) for i in kernel_branch_str.split(".")] + if kernel_branch < MIN_KERNEL_VERSION: continue + kernel_version = [int(i) for i in kernel_versions[kernel_branch_str]["version"].split(".")] + kernel_versions[kernel_branch_str] = kernel_version # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()): diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index e491c7fd6a4..083f4ecea74 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -4,20 +4,20 @@ "hash": "sha256:0r7cfigh7rcrnzpdi40s6jnzhjgiamb6prixl4n2x8489n6zxfr9" }, "6.5": { - "version": "6.5.5", - "hash": "sha256:15gg8sb6cfgk1afwj7fl7mj4nkj14w43vzwvw0qsg3nzyxwh7wcc" + "version": "6.5.6", + "hash": "sha256:1xnjjm50ks18ifrp36md2p2xca4lw160y57j9p152w2l2i16vqvq" }, "6.4": { "version": "6.4.16", "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" }, "6.1": { - "version": "6.1.55", - "hash": "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8" + "version": "6.1.56", + "hash": "sha256:1327in80nl0ghbjignjsdw0w5crj4d06d5fivj4q6af26bggvply" }, "5.15": { - "version": "5.15.133", - "hash": "sha256:1paxzzcagc7s8i491zjny43rxhfamafyly438kj8hyw96iwmx17g" + "version": "5.15.134", + "hash": "sha256:1lxra3h8pq41hdr1acazwcqk6r8alv9p840ys19nivaprfp84wgk" }, "5.10": { "version": "5.10.197", diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index f719c51ba53..52216696848 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -117,7 +117,8 @@ let }); postPatch = '' - sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' + # Ensure that depmod gets resolved through PATH + sed -i Makefile -e 's|= /sbin/depmod|= depmod|' # fixup for pre-4.15 kernels using the $(cd $foo && /bin/pwd) pattern # FIXME: remove when no longer needed @@ -332,9 +333,6 @@ let # Delete empty directories find -empty -type d -delete - - # Remove reference to kmod - sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' ''; requiredSystemFeatures = [ "big-parallel" ]; @@ -370,13 +368,12 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPat enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal ] + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ] ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools ++ optional (lib.versionOlder version "5.8") libelf ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] ++ optional (lib.versionAtLeast version "5.8") elfutils - ++ optional (lib.versionAtLeast version "6.6") kmod ; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 2006b8f1e6d..fc97aee3f1c 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -4,16 +4,16 @@ let # comments with variant added for update script # ./update-zen.py zen zenVariant = { - version = "6.5.5"; #zen - suffix = "zen1"; #zen - sha256 = "069hxkww14dpz7k5hd93qnv6clc0dkpd3ncf1wzr5k84a0i9syj8"; #zen + version = "6.5.6"; #zen + suffix = "zen2"; #zen + sha256 = "0q7zk9r8qp88sg6h9kig1f55h5xl0wyp13d57cpi5s5xa8w3l8wa"; #zen isLqx = false; }; # ./update-zen.py lqx lqxVariant = { - version = "6.5.5"; #lqx - suffix = "lqx2"; #lqx - sha256 = "18gji7l3mgm8z0vi99q5xzrmpmw7jm1sqm2mc6abs51bi5vwir09"; #lqx + version = "6.5.6"; #lqx + suffix = "lqx1"; #lqx + sha256 = "0c409zh6rlrf8c3lr1ci55h0k6lh6ncc4hfv6p50q321czpgfnc6"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { @@ -102,7 +102,7 @@ let extraMeta = { branch = lib.versions.majorMinor version + "/master"; - maintainers = with lib.maintainers; [ thiagokokada ]; + maintainers = with lib.maintainers; [ thiagokokada jerrysm64 ]; description = "Built using the best configuration and kernel sources for desktop, multimedia, and gaming workloads." + lib.optionalString isLqx " (Same as linux_zen, but less aggressive release schedule and additional extra config)"; broken = stdenv.isAarch64; |