diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel/hardened')
-rw-r--r-- | nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json | 80 | ||||
-rwxr-xr-x | nixpkgs/pkgs/os-specific/linux/kernel/hardened/update.py | 23 |
2 files changed, 43 insertions, 60 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index c7893abad213..cadef31334df 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,81 +2,71 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.325-hardened1.patch", - "sha256": "1mc1pyjjksg2f4189wyas55ax8czzhai2i3jc6n7l9jmfwj7xr9q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.325-hardened1/linux-hardened-4.14.325-hardened1.patch" + "name": "linux-hardened-4.14.327-hardened1.patch", + "sha256": "0183jgdvp20mk6vmmn62mdmy75xp816lm3gg5dlpvg4aw9n5hiz9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.327-hardened1/linux-hardened-4.14.327-hardened1.patch" }, - "sha256": "117p1mdha57f6d3kdwac9jrbmib7g77q4xhir8ghl6fmrs1f2sav", - "version": "4.14.325" + "sha256": "0nharfyxlr17yan86zrhlbq7idm0g3zvvvmy2zbw7m9dhgc8bw5z", + "version": "4.14.327" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.294-hardened1.patch", - "sha256": "1s70vz8rai1z440rmwzipwpq7wa7p2bvri43zmkbisrfggm1lz2r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.294-hardened1/linux-hardened-4.19.294-hardened1.patch" + "name": "linux-hardened-4.19.296-hardened1.patch", + "sha256": "0yzxnh2gdrbz9dspw3xbsrqhcdsk0pl938w229kccps9klg9s7lb", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.296-hardened1/linux-hardened-4.19.296-hardened1.patch" }, - "sha256": "03x0xsb8a369zdr81hg6xdl5n5v48k6iwnhj6r29725777lvvbfc", - "version": "4.19.294" + "sha256": "1bk051canr4fb00j6x9ff2wam2f20whw4h4z767x2cn2kmv6cqb3", + "version": "4.19.296" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.195-hardened1.patch", - "sha256": "15liin3i9wh7hwr97pyc8rl79ri7frsprssl50si9z810zvc9chb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.195-hardened1/linux-hardened-5.10.195-hardened1.patch" + "name": "linux-hardened-5.10.198-hardened1.patch", + "sha256": "0xvpq41nslrdz7w39glswibj6aywny06rvxwqks2sgcbwbggldi6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.198-hardened1/linux-hardened-5.10.198-hardened1.patch" }, - "sha256": "0n4vg2i9sq89wnz85arlyvwysh9s83cgzs5bk2wh98bivi5fwfs1", - "version": "5.10.195" + "sha256": "01gsw96anw44nh8ii3zipp6vh61m1n8yf0bv2fzznr23k771y51b", + "version": "5.10.198" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.132-hardened1.patch", - "sha256": "06wkcbhkdm8vnk1cqwngy9gdknqm4pb4za9lbh2q5j1f2nkcn7pq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.132-hardened1/linux-hardened-5.15.132-hardened1.patch" + "name": "linux-hardened-5.15.135-hardened1.patch", + "sha256": "0ld2apj2nc6y5c8h60cczjpi2vdz3askmpsjv7glfrqfqlw1a680", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.135-hardened1/linux-hardened-5.15.135-hardened1.patch" }, - "sha256": "1b0qjsaqjw2rk86shmmrj2aasblkn27acjmc761vnjg7sv2baxs1", - "version": "5.15.132" + "sha256": "0w3i8jvzqvfnlarcvg89k1144ln96fszv16lzrn16zr3kri5x0ql", + "version": "5.15.135" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.256-hardened1.patch", - "sha256": "1rsp30g5xry5y95mz0i6walkcxj6abyrsaq3fwhz0ka6nq6g7w82", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.256-hardened1/linux-hardened-5.4.256-hardened1.patch" + "name": "linux-hardened-5.4.258-hardened1.patch", + "sha256": "1c6m65m3cjx1nbaqilkiqhwb143rd2zwy8mkxxdrm1916cs5hvbk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.258-hardened1/linux-hardened-5.4.258-hardened1.patch" }, - "sha256": "0fim5q9xakwnjfg48bpsic9r2r8dvrjlalqqkm9vh1rml9mhi967", - "version": "5.4.256" + "sha256": "0gk2xav1ng565l1qsqlr8ja6m4j5g8rfj66vad1fmdd1lwaihw1r", + "version": "5.4.258" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.54-hardened1.patch", - "sha256": "0c8dmgciwc02pzhnx2mj5xlhds7mmicm8r6668di2zfw772rjgr4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.54-hardened1/linux-hardened-6.1.54-hardened1.patch" + "name": "linux-hardened-6.1.58-hardened1.patch", + "sha256": "0xca1pf6hkipci7blly111cchfw58cj22b73nr38dks0xvyb4rx6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.58-hardened1/linux-hardened-6.1.58-hardened1.patch" }, - "sha256": "09sfrq2l8f777mx2n9mhb6bgz1064bl04921byqnmk87si31w653", - "version": "6.1.54" - }, - "6.4": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.4.16-hardened1.patch", - "sha256": "10lydnnhhq9ynng1gfaqh1mncsb0dmr27zzcbygs1xigy2bl70n9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.16-hardened1/linux-hardened-6.4.16-hardened1.patch" - }, - "sha256": "0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln", - "version": "6.4.16" + "sha256": "1b913ina3rcw4dx2s7n37kynv8rqsmrqa2ialsib6h7nsb9px66f", + "version": "6.1.58" }, "6.5": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.5.4-hardened1.patch", - "sha256": "0r411dgp17am2bnfpk8lbzmymp6w9d5raz7hni0mw0kpcq6z996n", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.4-hardened1/linux-hardened-6.5.4-hardened1.patch" + "name": "linux-hardened-6.5.7-hardened1.patch", + "sha256": "0l0psja9zaw8b1bqw19nf1pjf4syxzh0gqjrfppyv40wbf5lsgjn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.7-hardened1/linux-hardened-6.5.7-hardened1.patch" }, - "sha256": "0s8nzd8yaq06bq8byk7aakbk95gh0rhlif26h1biw94v48anrxxx", - "version": "6.5.4" + "sha256": "135v3y2vgc83dca4xi7q52wqi4dkfal74k1y73jwzj85h12fl28d", + "version": "6.5.7" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/update.py b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/update.py index 5d6a2eba966a..ce54c2980758 100755 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/update.py @@ -193,21 +193,14 @@ with open(HARDENED_PATCHES_PATH) as patches_file: # Get the set of currently packaged kernel versions. kernel_versions = {} -for filename in os.listdir(NIXPKGS_KERNEL_PATH): - filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) - if filename_match: - nix_version_expr = f""" - with import {NIXPKGS_PATH} {{}}; - (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version - """ - kernel_version_json = run( - "nix-instantiate", "--eval", "--system", "x86_64-linux", "--json", "--expr", nix_version_expr, - ).stdout - kernel_version = parse_version(json.loads(kernel_version_json)) - if kernel_version < MIN_KERNEL_VERSION: - continue - kernel_key = major_kernel_version_key(kernel_version) - kernel_versions[kernel_key] = kernel_version +with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as kernel_versions_json: + kernel_versions = json.load(kernel_versions_json) + for kernel_branch_str in kernel_versions: + if kernel_branch_str == "testing": continue + kernel_branch = [int(i) for i in kernel_branch_str.split(".")] + if kernel_branch < MIN_KERNEL_VERSION: continue + kernel_version = [int(i) for i in kernel_versions[kernel_branch_str]["version"].split(".")] + kernel_versions[kernel_branch_str] = kernel_version # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()): |