diff options
author | Emily <vcs@emily.moe> | 2020-04-26 18:19:02 +0100 |
---|---|---|
committer | Emily <vcs@emily.moe> | 2020-05-08 15:49:35 +0100 |
commit | d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25 (patch) | |
tree | 9a3b20eeee93e1d9e31953d6d39158c0c5c7f186 /pkgs/os-specific/linux/kernel | |
parent | abe4bef033a8d6b1a82c84d2cd71f50a1624a389 (diff) | |
download | nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.tar nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.tar.gz nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.tar.bz2 nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.tar.lz nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.tar.xz nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.tar.zst nixlib-d6fe0a4e2dc2711480f87fe8c9fa9b66323e4c25.zip |
linux/hardened: move files into directory
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/anthraxx.asc (renamed from pkgs/os-specific/linux/kernel/anthraxx.asc) | 0 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/config.nix (renamed from pkgs/os-specific/linux/kernel/hardened-config.nix) | 0 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json (renamed from pkgs/os-specific/linux/kernel/hardened-patches.json) | 0 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch (renamed from pkgs/os-specific/linux/kernel/tag-hardened.patch) | 0 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/kernel/hardened/update.py (renamed from pkgs/os-specific/linux/kernel/update-hardened.py) | 16 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 4 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/kernel/update.sh | 2 |
7 files changed, 12 insertions, 10 deletions
diff --git a/pkgs/os-specific/linux/kernel/anthraxx.asc b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc index 101ccfbf0f2b..101ccfbf0f2b 100644 --- a/pkgs/os-specific/linux/kernel/anthraxx.asc +++ b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index 95510fe218e3..95510fe218e3 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 118998a605b2..118998a605b2 100644 --- a/pkgs/os-specific/linux/kernel/hardened-patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json diff --git a/pkgs/os-specific/linux/kernel/tag-hardened.patch b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch index ff8a3a127973..ff8a3a127973 100644 --- a/pkgs/os-specific/linux/kernel/tag-hardened.patch +++ b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/hardened/update.py index bc9110578d68..1ef5acd3eb07 100755 --- a/pkgs/os-specific/linux/kernel/update-hardened.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -1,7 +1,7 @@ #! /usr/bin/env nix-shell #! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg -# This is automatically called by ./update.sh. +# This is automatically called by ../update.sh. import json import os @@ -14,9 +14,11 @@ from tempfile import TemporaryDirectory from github import Github HERE = Path(__file__).resolve().parent +NIXPKGS_KERNEL_PATH = HERE.parent +NIXPKGS_PATH = HERE.parents[4] HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" -HARDENED_PATCHES_PATH = HERE / "hardened-patches.json" +HARDENED_PATCHES_PATH = HERE / "patches.json" MIN_KERNEL_VERSION = [4, 14] @@ -128,16 +130,16 @@ def commit_patches(*, kernel_key, message): json.dump(patches, new_patches_file, indent=4, sort_keys=True) new_patches_file.write("\n") os.rename(new_patches_path, HARDENED_PATCHES_PATH) - message = f"linux/hardened-patches/{kernel_key}: {message}" + message = f"linux/hardened/patches/{kernel_key}: {message}" print(message) if os.environ.get("COMMIT"): run( "git", "-C", - HERE, + NIXPKGS_PATH, "commit", f"--message={message}", - "hardened-patches.json", + HARDENED_PATCHES_PATH, ) @@ -156,10 +158,10 @@ NIX_VERSION_RE = re.compile( # Get the set of currently packaged kernel versions. kernel_versions = {} -for filename in os.listdir(HERE): +for filename in os.listdir(NIXPKGS_KERNEL_PATH): filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) if filename_match: - with open(HERE / filename) as nix_file: + with open(NIXPKGS_KERNEL_PATH / filename) as nix_file: for nix_line in nix_file: match = NIX_VERSION_RE.fullmatch(nix_line) if match: diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 1c4af8c32a6f..8ce1ac2b587c 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -35,7 +35,7 @@ tag_hardened = { name = "tag-hardened"; - patch = ./tag-hardened.patch; + patch = ./hardened/tag-hardened.patch; }; hardened = let @@ -43,7 +43,7 @@ name = lib.removeSuffix ".patch" src.name; patch = fetchurl src; }; - patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json); + patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json); in lib.mapAttrs mkPatch patches; # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6 diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh index c483661b6f5d..55fdce06c973 100755 --- a/pkgs/os-specific/linux/kernel/update.sh +++ b/pkgs/os-specific/linux/kernel/update.sh @@ -62,4 +62,4 @@ done COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh # Update linux-hardened -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-hardened.py +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py |