colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #308833 from whentze/linux-hardened-update

Browse Source 
Linux Hardened Kernels 2024-05-03
This commit is contained in:
Fabián Heredia Montiel 2024-05-17 22:03:14 -06:00 committed by GitHub
commit d6801d9d85
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 42 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/tests/kernel-generic.nix
View File

@ -31,6 +31,7 @@ let
linux_5_15_hardened
linux_6_1_hardened
linux_6_6_hardened
linux_6_8_hardened
linux_rt_5_4
linux_rt_5_10
linux_rt_5_15

82
pkgs/os-specific/linux/kernel/hardened/patches.json
View File

@ -2,81 +2,71 @@
"4.19": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-4.19.309-hardened1.patch",
"sha256": "1hww72w5anmfr9czqbl31glzl70s34492k9qz9zax141zg1sf6sp",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.309-hardened1/linux-hardened-4.19.309-hardened1.patch"
"name": "linux-hardened-4.19.313-hardened1.patch",
"sha256": "1fa30s98cbk64315y7vwz7pc2ba0rcs2msaiiib8p85kid5c80v8",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.313-hardened1/linux-hardened-4.19.313-hardened1.patch"
},
"sha256": "1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm",
"version": "4.19.309"
"sha256": "1j1r4mrdh1ray468jr5i8d2afiswb653bhq0ck8bcdw4rwp5w558",
"version": "4.19.313"
},
"5.10": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.10.212-hardened1.patch",
"sha256": "0h04i94vshhcli5m4qpnqg4vsi5v1ifvdhhklk7c0bvkfk35cbml",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.212-hardened1/linux-hardened-5.10.212-hardened1.patch"
"name": "linux-hardened-5.10.216-hardened1.patch",
"sha256": "1hj59x5wrh8bkgxp1f5sh8h5rirh4878gywanjmf7qjq6w2wj5rh",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.216-hardened1/linux-hardened-5.10.216-hardened1.patch"
},
"sha256": "14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc",
"version": "5.10.212"
"sha256": "0lg1zfb9y4ps86q85mlnyalb3s90zix003z62jb9bw139f65h473",
"version": "5.10.216"
},
"5.15": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.15.151-hardened1.patch",
"sha256": "040jc5n9qsdz2wv5ksfvc28vd72nmya2i2f0ps0jiras6l2wlhjz",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.151-hardened1/linux-hardened-5.15.151-hardened1.patch"
"name": "linux-hardened-5.15.158-hardened1.patch",
"sha256": "1q37hdac1mk91rrl2p3j4d69wiphzm1mfbvl6cxlsrc42pjbapz3",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.158-hardened1/linux-hardened-5.15.158-hardened1.patch"
},
"sha256": "0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la",
"version": "5.15.151"
"sha256": "1inmdpif3qf1blmvjj4i7y42bylvhv0wyj3b0apq12zxlj1iq1zr",
"version": "5.15.158"
},
"5.4": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.4.271-hardened1.patch",
"sha256": "0rw5il7885d0d3k2hmh46541svib6rp32g00fcl5bw37ydmq3z8b",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.271-hardened1/linux-hardened-5.4.271-hardened1.patch"
"name": "linux-hardened-5.4.275-hardened1.patch",
"sha256": "10fw4hkavnj6nhjqz186sqxbvjz6g62mhyjmlnlxik322nbh6jk6",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.275-hardened1/linux-hardened-5.4.275-hardened1.patch"
},
"sha256": "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d",
"version": "5.4.271"
"sha256": "0k1hyknx854k8z27j4rq1gcp8l0xc0bspmrhc41a033gjilb1lns",
"version": "5.4.275"
},
"6.1": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.1.81-hardened1.patch",
"sha256": "0af9dxdsa858zyqc0vsrzg098afhg5vpb2wpr6gj2ykwc13iaf07",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.81-hardened1/linux-hardened-6.1.81-hardened1.patch"
"name": "linux-hardened-6.1.90-hardened1.patch",
"sha256": "1wjckrv0p7phai6ian39kl0rpmzvrzz10bi92xgdq8hhsbp2p3fk",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.90-hardened1/linux-hardened-6.1.90-hardened1.patch"
},
"sha256": "0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f",
"version": "6.1.81"
},
"6.5": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.5.13-hardened1.patch",
"sha256": "1fj6yaq2gdjlj2h19vkm13jrx0yiczj6pvric1kq1r6cprqrkkki",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.13-hardened1/linux-hardened-6.5.13-hardened1.patch"
},
"sha256": "1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq",
"version": "6.5.13"
"sha256": "07cfg0chssvpc4mqls3aln6s4lqjp6k4x2n63wndmkjgfqpdg8w3",
"version": "6.1.90"
},
"6.6": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.6.21-hardened1.patch",
"sha256": "0k35s5pj92lvfp6kw3isg78zc3gijsg0xbzcyvxdkmhzaq8j6i1i",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.21-hardened1/linux-hardened-6.6.21-hardened1.patch"
"name": "linux-hardened-6.6.30-hardened1.patch",
"sha256": "0q6x7prx1ncf3ni5zvpjav9jcq1n50fq0wcarw022bis1rmrhczy",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.30-hardened1/linux-hardened-6.6.30-hardened1.patch"
},
"sha256": "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf",
"version": "6.6.21"
"sha256": "1ilwmgpgvddwkd9nx5999cb6z18scjyq7jklid26k1hg7f35nsmn",
"version": "6.6.30"
},
"6.7": {
"6.8": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.7.6-hardened1.patch",
"sha256": "063yrs3g0knlz37aq979jhng9k6l19873nbi1jy167xfqmpqqajr",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.6-hardened1/linux-hardened-6.7.6-hardened1.patch"
"name": "linux-hardened-6.8.9-hardened1.patch",
"sha256": "115d1fgddfcffmfg5f31w50lf2cskkwakngb343didrwfa28nrxf",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.8.9-hardened1/linux-hardened-6.8.9-hardened1.patch"
},
"sha256": "1lrp7pwnxnqyy8c2l4n4nz997039gbnssrfm8ss8kl3h2c7fr2g4",
"version": "6.7.6"
"sha256": "1dn9bgmf03bdfbmgq98d043702g808rjikxs2i9yia57iqiz21gr",
"version": "6.8.9"
}
}

1
pkgs/os-specific/linux/kernel/hardened/update.py
View File

@ -211,6 +211,7 @@ with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as kernel_versions_json:
# Remove patches for unpackaged kernel versions.
for kernel_key in sorted(patches.keys() - kernel_versions.keys()):
del patches[kernel_key]
commit_patches(kernel_key=kernel_key, message="remove")
g = Github(os.environ.get("GITHUB_TOKEN"))

2
pkgs/top-level/all-packages.nix
View File

@ -27311,6 +27311,8 @@ with pkgs;
linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened;
linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened;
linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened;
linuxPackages_6_8_hardened = linuxKernel.packages.linux_6_8_hardened;
linux_6_8_hardened = linuxKernel.kernels.linux_6_8_hardened;
# GNU Linux-libre kernels
linuxPackages-libre = linuxKernel.packages.linux_libre;

2
pkgs/top-level/linux-kernels.nix
View File

@ -269,6 +269,7 @@ in {
linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { };
linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { };
linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { };
linux_6_8_hardened = hardenedKernelFor kernels.linux_6_8 { };
} // lib.optionalAttrs config.allowAliases {
linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
@ -657,6 +658,7 @@ in {
linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened);
linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened);
linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened);
linux_6_8_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_8_hardened);
linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen);
linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);