linux: ignore kernel branches older than min supported branch

Right now, hashes for 4.14 are kept (and thus also maintained by the
hardened updater) even though we don't support that anymore, the oldest
supported branch is 4.19.

To avoid having to remember too many places where to drop a kernel when
dropping an old one (next will be 4.19), the oldest kernel branch will
be determined by the lowest version number in the keys of
`kernels-org.json`. That way, it's sufficient to drop an old branch
from this file and it will be ignored on the upcoming update runs.

Yes, the code to read from that file is duplicated, but I'd expect the
min version to change way more often than 3 lines of code reading a
version from a JSON file[1].

The logic is fairly simple though: if the branch (i.e. MAJOR.MINOR) of a
kernel that's listed on kernel.org[2] is older than the oldest version
in `kernels-org.json`, it's omitted on update and a message is printed
like this:

    [...]
    linux_5_4: 5.4.265 is latest, skipping...
    linux_4_19: 4.19.303 is latest, skipping...
    4.14 is too old and not supported anymore, skipping...

Kernels that have the branch `testing` are excluded from that check and
always allowed.

[1] Also, I'm unhappy already that I can't just do a relative import in
    here to deduplicate the function and for 3 lines of code it seems
    like unnecessarily much effort to create a python package structure
    here.
[2] Kernels that got unlisted there are too old to be added/kept here
    anyways.

1 files changed, 24 insertions, 1 deletions

diff --git a/pkgs/os-specific/linux/kernel/update-mainline.py b/pkgs/os-specific/linux/kernel/update-mainline.py
index 30b9ebec984c..020e55c5fe40 100755
--- a/pkgs/os-specific/linux/kernel/update-mainline.py
+++ b/pkgs/os-specific/linux/kernel/update-mainline.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env nix-shell
-#!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.beautifulsoup4 ps.lxml ])"
+#!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.beautifulsoup4 ps.lxml ps.packaging ])"
 import json
 import os
 import pathlib
@@ -10,6 +10,8 @@ from dataclasses import dataclass
 from enum import Enum
 
 from bs4 import BeautifulSoup, NavigableString, Tag
+from packaging.version import parse as parse_version, Version
+from typing import List
 
 HERE = pathlib.Path(__file__).parent
 ROOT = HERE.parent.parent.parent.parent
@@ -80,6 +82,18 @@ def get_hash(kernel: KernelRelease):
     return f"sha256:{hash}"
 
 
+def get_oldest_branch() -> Version:
+    with open(VERSIONS_FILE) as f:
+        return parse_version(sorted(json.load(f).keys())[0])
+
+
+def predates_oldest_branch(oldest: Version, to_compare: str) -> bool:
+    if to_compare == "testing":
+        return False
+
+    return parse_version(to_compare) < oldest
+
+
 def commit(message):
     return subprocess.check_call(["git", "commit", "-m", message, VERSIONS_FILE])
 
@@ -97,6 +111,8 @@ def main():
     parsed_releases = filter(None, [parse_release(release) for release in releases])
     all_kernels = json.load(VERSIONS_FILE.open())
 
+    oldest_branch = get_oldest_branch()
+
     for kernel in parsed_releases:
         branch = get_branch(kernel.version)
         nixpkgs_branch = branch.replace(".", "_")
@@ -106,6 +122,13 @@ def main():
             print(f"linux_{nixpkgs_branch}: {kernel.version} is latest, skipping...")
             continue
 
+        if predates_oldest_branch(oldest_branch, kernel.branch):
+            print(
+                f"{kernel.branch} is too old and not supported anymore, skipping...",
+                file=sys.stderr
+            )
+            continue
+
         if old_version is None:
             message = f"linux_{nixpkgs_branch}: init at {kernel.version}"
         else: