diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel')
18 files changed, 396 insertions, 423 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix index 3240fe93de19..c8ae911c1287 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/common-config.nix @@ -36,7 +36,10 @@ let debug = { # Necessary for BTF - DEBUG_INFO = yes; + DEBUG_INFO = mkMerge [ + (whenOlder "5.2" (if (features.debug or false) then yes else no)) + (whenBetween "5.2" "5.18" yes) + ]; DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT = whenAtLeast "5.18" yes; # Reduced debug info conflict with BTF and have been enabled in # aarch64 defconfig since 5.13 @@ -59,8 +62,6 @@ let SUNRPC_DEBUG = yes; # Provide access to tunables like sched_migration_cost_ns SCHED_DEBUG = yes; - - GDB_SCRIPTS = yes; }; power-management = { @@ -1034,6 +1035,10 @@ let # Fresh toolchains frequently break -Werror build for minor issues. WERROR = whenAtLeast "5.15" no; + + # > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production. + # https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html + KUNIT = whenAtLeast "5.5" no; } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") { # Enable CPU/memory hotplug support # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix index 660521349053..a21890a38ca2 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix @@ -47,7 +47,7 @@ # symbolic name and `patch' is the actual patch. The patch may # optionally be compressed with gzip or bzip2. kernelPatches ? [] -, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name or "" != "pc" +, ignoreConfigErrors ? stdenv.hostPlatform.linux-kernel.name != "pc" , extraMeta ? {} , isZen ? false @@ -55,7 +55,7 @@ , isHardened ? false # easy overrides to stdenv.hostPlatform.linux-kernel members -, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules or true +, autoModules ? stdenv.hostPlatform.linux-kernel.autoModules , preferBuiltin ? stdenv.hostPlatform.linux-kernel.preferBuiltin or false , kernelArch ? stdenv.hostPlatform.linuxArch , kernelTests ? [] @@ -128,8 +128,11 @@ let ++ lib.optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ lib.optional (lib.versionAtLeast version "5.2") pahole; + platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" - kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig or "defconfig"; + kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; + # e.g. "bzImage" + kernelTarget = stdenv.hostPlatform.linux-kernel.target; makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; @@ -220,7 +223,7 @@ let + toString (lib.attrNames (if lib.isAttrs args then args else args {})) ) overridableKernel; }; - in [ (nixosTests.kernel-generic.testsForKernel overridableKernel) ] ++ kernelTests; + in [ (nixosTests.kernel-generic.passthru.testsForKernel overridableKernel) ] ++ kernelTests; }; finalKernel = lib.extendDerivation true passthru kernel; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 01d761a6eeb0..6148e5b6f3e6 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,71 +2,71 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.320-hardened1.patch", - "sha256": "1j457mfkxqzv996brwzxaib43s8fdpd5ngrnj61vs3vf8xcwk186", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.320-hardened1/linux-hardened-4.14.320-hardened1.patch" + "name": "linux-hardened-4.14.322-hardened1.patch", + "sha256": "1hshlg5b6n4i3zvx8rg3rnn16indg616sa4dy85w4pfcbjdzyzd3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.322-hardened1/linux-hardened-4.14.322-hardened1.patch" }, - "sha256": "09bn18jvazkc55bqdjbxy8fbca7vjhi9xl2h02w0sq3f1jf6g0pd", - "version": "4.14.320" + "sha256": "1r71g5p0cnbi0nixv91nyhv24dqmvh49rqb2lnbhsdq81fqm8ssm", + "version": "4.14.322" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.289-hardened1.patch", - "sha256": "1bi0cf15nqbk5hkhy76cd1xbb3fsnrgz705lry19v467hn3c0fx3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.289-hardened1/linux-hardened-4.19.289-hardened1.patch" + "name": "linux-hardened-4.19.291-hardened1.patch", + "sha256": "0mjrmgb1hqahk5l3sghyac5vza6my3sjldfh8xn498p5jq4bpdhj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.291-hardened1/linux-hardened-4.19.291-hardened1.patch" }, - "sha256": "1cx33aa9v2071gixvp68pqpp4vxcx61dqg04rf6xns1qg48p93qi", - "version": "4.19.289" + "sha256": "0cxmq8mrkw179jb8sqvad3dskllwn579g2lxcjn21jyqsf85nwz6", + "version": "4.19.291" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.188-hardened1.patch", - "sha256": "10mnrnzg3b5iirvn9x241zxwlysrnv7i65hiil2h8f7lswwgb6ar", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.188-hardened1/linux-hardened-5.10.188-hardened1.patch" + "name": "linux-hardened-5.10.190-hardened1.patch", + "sha256": "1w2ncb3ay8kbw7cfb0gm9q01n14npyvy6l9sqcma409hfgjnq7jv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.190-hardened1/linux-hardened-5.10.190-hardened1.patch" }, - "sha256": "04k1mc23vqv3mr4m80rab1w7z1cwc0n1kcxzc5vfcfp26nmqnmf9", - "version": "5.10.188" + "sha256": "15zmz9pg91gph2dhigjf1z3w6gkv1kwslki5dpzhgzs03pq3swi9", + "version": "5.10.190" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.123-hardened1.patch", - "sha256": "0q942jcz22yq7lbhmbwpg12p75zb0ky36zp2waz30cixw7lmyx6b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.123-hardened1/linux-hardened-5.15.123-hardened1.patch" + "name": "linux-hardened-5.15.126-hardened1.patch", + "sha256": "0bm1m5xwrcg0ckg68f70fx29air1bfh3gsaaaz8r29l5j1v1lqfp", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.126-hardened1/linux-hardened-5.15.126-hardened1.patch" }, - "sha256": "14xzk4rn7fwgdysnd763rbl25krvq40wk3y5cf8hasifl529brid", - "version": "5.15.123" + "sha256": "0vzdncrvwqxzjkpgf3gjxvl8iwz92szfyzc33cayx28ghjwsmx5d", + "version": "5.15.126" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.251-hardened1.patch", - "sha256": "148qyspyj4a6yrl45f358z64iqxf40zb71ccj5kvwbrn395xiwgs", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.251-hardened1/linux-hardened-5.4.251-hardened1.patch" + "name": "linux-hardened-5.4.253-hardened1.patch", + "sha256": "0rhn107hbabfvxlvnfwakrwc9w7m9m5hvcx03fssalyqd17k8jx1", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.253-hardened1/linux-hardened-5.4.253-hardened1.patch" }, - "sha256": "1jhqnazgiyz1vvrhnq5byl3h1mxrr3555fpiz4byycc1sqz9bd5w", - "version": "5.4.251" + "sha256": "1rr6mnkbw6gwdm9bqjhf4z2xqr458fn2qdv5b4mgm65a15gvmchz", + "version": "5.4.253" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.42-hardened1.patch", - "sha256": "0v5ja4q8wq3gwds0m8bzrxhx6vagg97lvcxrw3glm1d5sv1v94l6", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.42-hardened1/linux-hardened-6.1.42-hardened1.patch" + "name": "linux-hardened-6.1.45-hardened1.patch", + "sha256": "153798g37dicz8yhdcl4blsqd7j8sym3zxzkknjk7gldwh0n955m", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.45-hardened1/linux-hardened-6.1.45-hardened1.patch" }, - "sha256": "1lqy72yvsbcv7an1gr8sam6ym3788ss811xb3sw7d2qwaldjdy5a", - "version": "6.1.42" + "sha256": "14piy4cwv18a0yqp4gkrvr51z4zccyhab29n9ybxinkxdqwl68xx", + "version": "6.1.45" }, "6.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.4.7-hardened1.patch", - "sha256": "1kzkx0i3hkq25rywl8xsf5i8716ycjspblk1hrkaq6a02ci0697b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.7-hardened1/linux-hardened-6.4.7-hardened1.patch" + "name": "linux-hardened-6.4.10-hardened1.patch", + "sha256": "1chja2ry1bfl1snxhc1vwpd8p86x94c9kcxf8lbrixky3ff1972y", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.10-hardened1/linux-hardened-6.4.10-hardened1.patch" }, - "sha256": "1n57qijg0m27wcrqll8rb1hi1n0n8ca3bzsnbz05d9ya3nv3q56y", - "version": "6.4.7" + "sha256": "0fgjym6y0zj7wz1byqhxmv3pc3wq412vm1dxbj4gv23pm6r3y2wq", + "version": "6.4.10" } } diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5d759c36acfe..6c18db7f7a4e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.320"; + version = "4.14.323"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "09bn18jvazkc55bqdjbxy8fbca7vjhi9xl2h02w0sq3f1jf6g0pd"; + sha256 = "1g2fh0mn1sv0kq2hh3pynmx2fjai7hdwhf4fnaspl7j5n88902kg"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix index e71cdee98da8..cce6ec86f6ee 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.289"; + version = "4.19.292"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1cx33aa9v2071gixvp68pqpp4vxcx61dqg04rf6xns1qg48p93qi"; + sha256 = "0dr12v4jqmzxcqdghqqjny5zp3g4dx9lxqrl9d4fxz23s79ji5rl"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix index a6baeaac8901..1d9c04f46371 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.188"; + version = "5.10.191"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "04k1mc23vqv3mr4m80rab1w7z1cwc0n1kcxzc5vfcfp26nmqnmf9"; + sha256 = "1hk2x5dgvfq9v6161v25wz5qpzgyvqbx34xbm7ww8z4ish76cm6b"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix index f57635d8a2a0..fcee7105c70e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.15.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.15.124"; + version = "5.15.127"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1v927z1grqwcwj6769qm14828fzjzi58lsd86al2l0ddc016l0q0"; + sha256 = "09lgj9hs1cjxg84hb7avras4rlsx18igr69mx433l9hv6issbl5d"; }; } // (args.argsOverride or { })) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix index 5f3afdab8c2e..d72ffa980e77 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.251"; + version = "5.4.254"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1jhqnazgiyz1vvrhnq5byl3h1mxrr3555fpiz4byycc1sqz9bd5w"; + sha256 = "1iyrm2xql15ifhy2b939ywrrc44yd41b79sjjim4vqxmc6lqsq2i"; }; } // (args.argsOverride or {})) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix index a99218168a63..a63762652339 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.1.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.1.43"; + version = "6.1.46"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "02588pl1z8jxgxpa03rsdyg5pr0r3v0aylzp8r5ykm32193lhli4"; + sha256 = "15m228bllks2p8gpsmvplx08yxzp7bij9fnmnafqszylrk7ppxpm"; }; } // (args.argsOverride or { })) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix index f7b043939d20..796a5772b1b2 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-6.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.4.8"; + version = "6.4.11"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "1djqqhw542jphqsicpbn1259sgw9pwd08wwkdch31nw4kvhk97y5"; + sha256 = "0609lhgc42j9id2vvdpv8n7djabp46p2mridf9s0sg3x16snhssl"; }; } // (args.argsOverride or { })) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix index 0681df9ceb31..e4c8d5eaed56 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19337"; - sha256 = "1ps7f7dfxjsl6xj6fiz5nw01an44aqsjmfmjzs8y2h0jpb7il9s5"; + rev = "19386"; + sha256 = "1byqf5ih3nissgjl22zs8ggmk1dxdsv6ks9jadcv8f0wn92ddlg0"; } , ... }: diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix index 08fefe0218b3..d810d64527cb 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.15.119-rt65"; # updated by ./update-rt.sh + version = "5.15.125-rt66"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1kygpqf6sgkrwg77sv01di23c3n3rn5d44g8k5apx5106pys19bs"; + sha256 = "1izyv1ibiy4dapwb8745dshfbb9b6xqyz77l6mhkmlkcnx33h3qm"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1lkr3l0gad30brdq7kdgvqr3zz4xrd7ai8jh94di6l5krhi7s1w0"; + sha256 = "0ildcydqy980b2rw38q07dbf8z61l0dfjddqyvvyfq5gd6qkmcsb"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix index 6d77e5f87fe2..cfb84c25f275 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-rt-6.1.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "6.1.33-rt11"; # updated by ./update-rt.sh + version = "6.1.46-rt13"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz"; - sha256 = "1kfj7mi3n2lfaw4spz5cbvcl1md038figabyg80fha3kxal6nzdq"; + sha256 = "15m228bllks2p8gpsmvplx08yxzp7bij9fnmnafqszylrk7ppxpm"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0swzp6brk01r7pb73yada18vf6fhdqq4c78abq3abj6y8ay0awhh"; + sha256 = "00pj02mvamxvlkwrca1j3baaa18rg6dra7al1xsvgw3ypckwyafz"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix index 0851a72e010d..ab57c908581e 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.5-rc3"; + version = "6.5-rc5"; extraMeta.branch = lib.versions.majorMinor version; # modDirVersion needs to be x.y.z, will always add .0 @@ -11,7 +11,7 @@ buildLinux (args // rec { src = fetchzip { url = "https://git.kernel.org/torvalds/t/linux-${version}.tar.gz"; - hash = "sha256-z4y4eNkY458rxebey3eCG0CUDLJP9oQETVlH8Av3Lhs="; + hash = "sha256-7QNXBuk1jMCdUFWeu5P0j1nwL5PQgBFhlFYbKzj/k6E="; }; # Should the testing kernels ever be built on Hydra? diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix index 07325f0e10b0..61013ef090af 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, ubootTools +, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole , fetchpatch }: @@ -53,10 +53,6 @@ in lib.makeOverridable ({ }: let - config_ = config; -in - -let inherit (lib) hasAttr getAttr optional optionals optionalString optionalAttrs maintainers platforms; @@ -69,144 +65,315 @@ let (buildPackages.deterministic-uname.override { inherit modDirVersion; }) ] ++ optional (lib.versionAtLeast version "5.13") zstd; - config = let attrName = attr: "CONFIG_" + attr; in { - isSet = attr: hasAttr (attrName attr) config; - - getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; - - isYes = attr: (config.getValue attr) == "y"; - - isNo = attr: (config.getValue attr) == "n"; - - isModule = attr: (config.getValue attr) == "m"; - - isEnabled = attr: (config.isModule attr) || (config.isYes attr); - - isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); - } // config_; - - isModular = config.isYes "MODULES"; - - kernelConf = stdenv.hostPlatform.linux-kernel; - target = kernelConf.target or "vmlinux"; - - buildDTBs = kernelConf.DTB or false; + drvAttrs = config_: kernelConf: kernelPatches: configfile: + let + config = let attrName = attr: "CONFIG_" + attr; in { + isSet = attr: hasAttr (attrName attr) config; + + getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; + + isYes = attr: (config.getValue attr) == "y"; + + isNo = attr: (config.getValue attr) == "n"; + + isModule = attr: (config.getValue attr) == "m"; + + isEnabled = attr: (config.isModule attr) || (config.isYes attr); + + isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); + } // config_; + + isModular = config.isYes "MODULES"; + + buildDTBs = kernelConf.DTB or false; + + in (optionalAttrs isModular { outputs = [ "out" "dev" ]; }) // { + passthru = rec { + inherit version modDirVersion config kernelPatches configfile + moduleBuildDependencies stdenv; + inherit isZen isHardened isLibre; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; + baseVersion = lib.head (lib.splitString "-rc" version); + kernelOlder = lib.versionOlder baseVersion; + kernelAtLeast = lib.versionAtLeast baseVersion; + }; + + inherit src; + + patches = + map (p: p.patch) kernelPatches + # Required for deterministic builds along with some postPatch magic. + ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch + ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch + # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks + # OpenZFS; this was fixed in Linux 5.19 so we backport the fix + # https://github.com/openzfs/zfs/pull/13367 + ++ optional (lib.versionAtLeast version "5.12" && + lib.versionOlder version "5.19" && + stdenv.hostPlatform.isPower) + (fetchpatch { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; + hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; + }); + + postPatch = '' + sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' + + # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern + # FIXME: remove when no longer needed + substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd + + # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. + # This way kernels can be bit-by-bit reproducible depending on settings + # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). + # See also https://kernelnewbies.org/BuildId + sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' + + # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. + [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh + + # Set randstruct seed to a deterministic but diversified value. Note: + # we could have instead patched gen-random-seed.sh to take input from + # the buildFlags, but that would require also patching the kernel's + # toplevel Makefile to add a variable export. This would be likely to + # cause future patch conflicts. + for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do + if [ -f "$file" ]; then + substituteInPlace "$file" \ + --replace NIXOS_RANDSTRUCT_SEED \ + $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') + break + fi + done + + patchShebangs scripts + + # also patch arch-specific install scripts + for i in $(find arch -name install.sh); do + patchShebangs "$i" + done + ''; + + configurePhase = '' + runHook preConfigure + + mkdir build + export buildRoot="$(pwd)/build" + + echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" + + if [ -f "$buildRoot/.config" ]; then + echo "Could not link $buildRoot/.config : file exists" + exit 1 + fi + ln -sv ${configfile} $buildRoot/.config + + # reads the existing .config file and prompts the user for options in + # the current kernel source that are not found in the file. + make $makeFlags "''${makeFlagsArray[@]}" oldconfig + runHook postConfigure + + make $makeFlags "''${makeFlagsArray[@]}" prepare + actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" + if [ "$actualModDirVersion" != "${modDirVersion}" ]; then + echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" + exit 1 + fi + + buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") + + cd $buildRoot + ''; + + buildFlags = [ + "KBUILD_BUILD_VERSION=1-NixOS" + kernelConf.target + "vmlinux" # for "perf" and things like that + ] ++ optional isModular "modules" + ++ optionals buildDTBs ["dtbs" "DTC_FLAGS=-@"] + ++ extraMakeFlags; + + installFlags = [ + "INSTALL_PATH=$(out)" + ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") + ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; + + preInstall = let + # All we really need to do here is copy the final image and System.map to $out, + # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets + # for the rest. Easy, right? + # + # Unfortunately for us, the obvious way of getting the built image path, + # make -s image_name, does not work correctly, because some architectures + # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, + # so we end up attempting to install the thing we didn't actually build. + # + # Thankfully, there's a way out that doesn't involve just hardcoding everything. + # + # The kernel has an install target, which runs a pretty simple shell script + # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on + # which kernel version you're looking at) that tries to do something sensible. + # + # (it would be great to hijack this script immediately, as it has all the + # information we need passed to it and we don't need it to try and be smart, + # but unfortunately, the exact location of the scripts differs between kernel + # versions, and they're seemingly not considered to be public API at all) + # + # One of the ways it tries to discover what "something sensible" actually is + # is by delegating to what's supposed to be a user-provided install script + # located at ~/bin/installkernel. + # + # (the other options are: + # - a distribution-specific script at /sbin/installkernel, + # which we can't really create in the sandbox easily + # - an architecture-specific script at arch/$arch/boot/install.sh, + # which attempts to guess _something_ and usually guesses very wrong) + # + # More specifically, the install script exec's into ~/bin/installkernel, if one + # exists, with the following arguments: + # + # $1: $KERNELRELEASE - full kernel version string + # $2: $KBUILD_IMAGE - the final image path + # $3: System.map - path to System.map file, seemingly hardcoded everywhere + # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags + # + # $2 is exactly what we want, so hijack the script and use the knowledge given to it + # by the makefile overlords for our own nefarious ends. + # + # Note that the makefiles specifically look in ~/bin/installkernel, and + # writeShellScriptBin writes the script to <store path>/bin/installkernel, + # so HOME needs to be set to just the store path. + # + # FIXME: figure out a less roundabout way of doing this. + installkernel = buildPackages.writeShellScriptBin "installkernel" '' + cp -av $2 $4 + cp -av $3 $4 + ''; + in '' + installFlagsArray+=("-j$NIX_BUILD_CORES") + export HOME=${installkernel} + ''; + + # Some image types need special install targets (e.g. uImage is installed with make uinstall) + installTargets = [ + (kernelConf.installTarget or ( + /**/ if kernelConf.target == "uImage" then "uinstall" + else if kernelConf.target == "zImage" || kernelConf.target == "Image.gz" then "zinstall" + else "install")) + ]; + + postInstall = optionalString isModular '' + mkdir -p $dev + cp vmlinux $dev/ + if [ -z "''${dontStrip-}" ]; then + installFlagsArray+=("INSTALL_MOD_STRIP=1") + fi + make modules_install $makeFlags "''${makeFlagsArray[@]}" \ + $installFlags "''${installFlagsArray[@]}" + unlink $out/lib/modules/${modDirVersion}/build + unlink $out/lib/modules/${modDirVersion}/source + + mkdir -p $dev/lib/modules/${modDirVersion}/{build,source} + + # To save space, exclude a bunch of unneeded stuff when copying. + (cd .. && rsync --archive --prune-empty-dirs \ + --exclude='/build/' \ + * $dev/lib/modules/${modDirVersion}/source/) + + cd $dev/lib/modules/${modDirVersion}/source + + cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build + make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build + + # For reproducibility, removes accidental leftovers from a `cc1` call + # from a `try-run` call from the Makefile + rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d + + # Keep some extra files on some arches (powerpc, aarch64) + for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o; do + if [ -f "$buildRoot/$f" ]; then + cp $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f + fi + done + + # !!! No documentation on how much of the source tree must be kept + # If/when kernel builds fail due to missing files, you can add + # them here. Note that we may see packages requiring headers + # from drivers/ in the future; it adds 50M to keep all of its + # headers on 3.10 though. + + chmod u+w -R .. + arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) + + # Remove unused arches + for d in $(cd arch/; ls); do + if [ "$d" = "$arch" ]; then continue; fi + if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi + rm -rf arch/$d + done + + # Remove all driver-specific code (50M of which is headers) + rm -fR drivers + + # Keep all headers + find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w + + # Keep linker scripts (they are required for out-of-tree modules on aarch64) + find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w + + # Keep root and arch-specific Makefiles + chmod u-w Makefile arch/"$arch"/Makefile* + + # Keep whole scripts dir + chmod u-w -R scripts + + # Delete everything not kept + find . -type f -perm -u=w -print0 | xargs -0 -r rm + + # Delete empty directories + find -empty -type d -delete + + # Remove reference to kmod + sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' + ''; + + requiredSystemFeatures = [ "big-parallel" ]; + + meta = { + description = + "The Linux kernel" + + (if kernelPatches == [] then "" else + " (with patches: " + + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + + ")"); + license = lib.licenses.gpl2Only; + homepage = "https://www.kernel.org/"; + maintainers = lib.teams.linux-kernel.members ++ [ + maintainers.thoughtpolice + ]; + platforms = platforms.linux; + timeout = 14400; # 4 hours + } // extraMeta; + }; in assert lib.versionOlder version "5.8" -> libelf != null; assert lib.versionAtLeast version "5.8" -> elfutils != null; -stdenv.mkDerivation ({ +stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) // { pname = "linux"; - inherit version src; + inherit version; + + enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ - bc gmp libmpc mpfr nettools openssl perl python3Minimal rsync ubootTools - zstd - ] ++ optional (lib.versionOlder version "5.8") libelf - ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] - ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] - ++ optional (lib.versionAtLeast version "5.8") elfutils; - - patches = - map (p: p.patch) kernelPatches - # Required for deterministic builds along with some postPatch magic. - ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch - ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch - # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks - # OpenZFS; this was fixed in Linux 5.19 so we backport the fix - # https://github.com/openzfs/zfs/pull/13367 - ++ optional (lib.versionAtLeast version "5.12" && - lib.versionOlder version "5.19" && - stdenv.hostPlatform.isPower) - (fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; - hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; - }); - - preUnpack = '' - # The same preUnpack is used to build the configfile, - # which does not have $dev. - if [ -n "$dev" ]; then - mkdir -p $dev/lib/modules/${modDirVersion} - cd $dev/lib/modules/${modDirVersion} - fi - ''; - - postUnpack = '' - mv -Tv "$sourceRoot" source 2>/dev/null || : - export sourceRoot=$PWD/source - ''; - - postPatch = '' - sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|' - - # fixup for pre-4.15 kernels using the $(cd $foo && /bin/pwd) pattern - # FIXME: remove when no longer needed - substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd - - # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. - # This way kernels can be bit-by-bit reproducible depending on settings - # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). - # See also https://kernelnewbies.org/BuildId - sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|' - - # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. - [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh - - # Set randstruct seed to a deterministic but diversified value. Note: - # we could have instead patched gen-random-seed.sh to take input from - # the buildFlags, but that would require also patching the kernel's - # toplevel Makefile to add a variable export. This would be likely to - # cause future patch conflicts. - for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do - if [ -f "$file" ]; then - substituteInPlace "$file" \ - --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') - break - fi - done - - patchShebangs scripts - - # also patch arch-specific install scripts - for i in $(find arch -name install.sh); do - patchShebangs "$i" - done - ''; - - configurePhase = '' - runHook preConfigure - - export buildRoot=$TMPDIR/kernel-buildroot - mkdir -p $buildRoot - - echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" - - if [ -f "$buildRoot/.config" ]; then - echo "Could not link $buildRoot/.config : file exists" - exit 1 - fi - ln -sv ${configfile} $buildRoot/.config - - # reads the existing .config file and prompts the user for options in - # the current kernel source that are not found in the file. - make $makeFlags "''${makeFlagsArray[@]}" oldconfig - runHook postConfigure - - make $makeFlags "''${makeFlagsArray[@]}" prepare - actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" - if [ "$actualModDirVersion" != "${modDirVersion}" ]; then - echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" - exit 1 - fi - - buildFlagsArray+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") - - cd $buildRoot - ''; + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal ] + ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + ++ optional (lib.versionOlder version "5.8") libelf + ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] + ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] + ++ optional (lib.versionAtLeast version "5.8") elfutils + ; hardeningDisable = [ "bindnow" "format" "fortify" "stackprotector" "pic" "pie" ]; @@ -219,214 +386,8 @@ stdenv.mkDerivation ({ "ARCH=${stdenv.hostPlatform.linuxArch}" ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "CROSS_COMPILE=${stdenv.cc.targetPrefix}" - ] ++ (kernelConf.makeFlags or []) + ] ++ (stdenv.hostPlatform.linux-kernel.makeFlags or []) ++ extraMakeFlags; karch = stdenv.hostPlatform.linuxArch; - - buildFlags = [ - "DTC_FLAGS=-@" - "KBUILD_BUILD_VERSION=1-NixOS" - - # Set by default in the kernel since a73619a845d5, - # replicated here to apply to older versions. - # Makes __FILE__ relative to the build directory. - "KCPPFLAGS=-fmacro-prefix-map=$(sourceRoot)/=" - kernelConf.target - ] ++ optional isModular "modules" - ++ optional buildDTBs "dtbs" - ++ extraMakeFlags; - - installFlags = [ - "INSTALL_PATH=$(out)" - ] ++ (optional isModular "INSTALL_MOD_PATH=$(out)") - ++ optionals buildDTBs ["dtbs_install" "INSTALL_DTBS_PATH=$(out)/dtbs"]; - - preInstall = let - # All we really need to do here is copy the final image and System.map to $out, - # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets - # for the rest. Easy, right? - # - # Unfortunately for us, the obvious way of getting the built image path, - # make -s image_name, does not work correctly, because some architectures - # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, - # so we end up attempting to install the thing we didn't actually build. - # - # Thankfully, there's a way out that doesn't involve just hardcoding everything. - # - # The kernel has an install target, which runs a pretty simple shell script - # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on - # which kernel version you're looking at) that tries to do something sensible. - # - # (it would be great to hijack this script immediately, as it has all the - # information we need passed to it and we don't need it to try and be smart, - # but unfortunately, the exact location of the scripts differs between kernel - # versions, and they're seemingly not considered to be public API at all) - # - # One of the ways it tries to discover what "something sensible" actually is - # is by delegating to what's supposed to be a user-provided install script - # located at ~/bin/installkernel. - # - # (the other options are: - # - a distribution-specific script at /sbin/installkernel, - # which we can't really create in the sandbox easily - # - an architecture-specific script at arch/$arch/boot/install.sh, - # which attempts to guess _something_ and usually guesses very wrong) - # - # More specifically, the install script exec's into ~/bin/installkernel, if one - # exists, with the following arguments: - # - # $1: $KERNELRELEASE - full kernel version string - # $2: $KBUILD_IMAGE - the final image path - # $3: System.map - path to System.map file, seemingly hardcoded everywhere - # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags - # - # $2 is exactly what we want, so hijack the script and use the knowledge given to it - # by the makefile overlords for our own nefarious ends. - # - # Note that the makefiles specifically look in ~/bin/installkernel, and - # writeShellScriptBin writes the script to <store path>/bin/installkernel, - # so HOME needs to be set to just the store path. - # - # FIXME: figure out a less roundabout way of doing this. - installkernel = buildPackages.writeShellScriptBin "installkernel" '' - cp -av $2 $4 - cp -av $3 $4 - ''; - in '' - installFlagsArray+=("-j$NIX_BUILD_CORES") - export HOME=${installkernel} - ''; - - # Some image types need special install targets (e.g. uImage is installed with make uinstall) - installTargets = [ - (kernelConf.installTarget or ( - /**/ if target == "uImage" then "uinstall" - else if target == "zImage" || target == "Image.gz" then "zinstall" - else "install")) - ]; - - postInstall = optionalString isModular '' - if [ -z "''${dontStrip-}" ]; then - installFlagsArray+=("INSTALL_MOD_STRIP=1") - fi - make modules_install $makeFlags "''${makeFlagsArray[@]}" \ - $installFlags "''${installFlagsArray[@]}" - unlink $out/lib/modules/${modDirVersion}/build - unlink $out/lib/modules/${modDirVersion}/source - - mkdir $dev/lib/modules/${modDirVersion}/build - - cd $dev/lib/modules/${modDirVersion}/source - - cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build - make modules_prepare $makeFlags "''${makeFlagsArray[@]}" O=$dev/lib/modules/${modDirVersion}/build - - # For reproducibility, removes accidental leftovers from a `cc1` call - # from a `try-run` call from the Makefile - rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d - - # Keep some extra files - for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o \ - scripts/gdb/linux vmlinux vmlinux-gdb.py - do - if [ -e "$buildRoot/$f" ]; then - mkdir -p "$(dirname "$dev/lib/modules/${modDirVersion}/build/$f")" - cp -HR $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f - fi - done - ln -s $dev/lib/modules/${modDirVersion}/build/vmlinux $dev - - # !!! No documentation on how much of the source tree must be kept - # If/when kernel builds fail due to missing files, you can add - # them here. Note that we may see packages requiring headers - # from drivers/ in the future; it adds 50M to keep all of its - # headers on 3.10 though. - - chmod u+w -R .. - arch=$(cd $dev/lib/modules/${modDirVersion}/build/arch; ls) - - # Remove unused arches - for d in $(cd arch/; ls); do - if [ "$d" = "$arch" ]; then continue; fi - if [ "$arch" = arm64 ] && [ "$d" = arm ]; then continue; fi - rm -rf arch/$d - done - - # Remove all driver-specific code (50M of which is headers) - rm -fR drivers - - # Keep all headers - find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w - - # Keep linker scripts (they are required for out-of-tree modules on aarch64) - find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w - - # Keep root and arch-specific Makefiles - chmod u-w Makefile arch/"$arch"/Makefile* - - # Keep whole scripts dir - chmod u-w -R scripts - - # Delete everything not kept - find . -type f -perm -u=w -print0 | xargs -0 -r rm - - # Delete empty directories - find -empty -type d -delete - - # Remove reference to kmod - sed -i Makefile -e 's|= ${buildPackages.kmod}/bin/depmod|= depmod|' - '' - # unfortunately linux/arch/mips/Makefile does not understand installkernel - # and simply copies to $(INSTALL_PATH)/vmlinux-$(KERNELRELEASE) - + lib.optionalString stdenv.hostPlatform.isMips '' - mv $out/vmlinux-* $out/vmlinux || true - mv $out/vmlinuz-* $out/vmlinuz || true - mv $out/System.map-* $out/System.map - ''; - - preFixup = '' - # Don't strip $dev/lib/modules/*/vmlinux - stripDebugList="$(cd $dev && echo lib/modules/*/build/*/)" - '' + lib.optionalString (stdenv.hostPlatform.isMips) '' - $STRIP -s $out/vmlinux || true - ''; - - enableParallelBuilding = true; - - passthru = rec { - inherit version modDirVersion config kernelPatches configfile - moduleBuildDependencies stdenv; - inherit isZen isHardened isLibre; - isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; - baseVersion = lib.head (lib.splitString "-rc" version); - kernelOlder = lib.versionOlder baseVersion; - kernelAtLeast = lib.versionAtLeast baseVersion; - }; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - description = - "The Linux kernel" + - (lib.optionalString (kernelPatches != []) ( - " (with patches: " - + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) - + ")" - )); - license = lib.licenses.gpl2Only; - homepage = "https://www.kernel.org/"; - maintainers = lib.teams.linux-kernel.members ++ [ - maintainers.thoughtpolice - ]; - platforms = platforms.linux; - badPlatforms = - lib.optionals (lib.versionOlder version "4.15") [ "riscv32-linux" "riscv64-linux" ] ++ - lib.optional (lib.versionOlder version "5.19") "loongarch64-linux"; - timeout = 14400; # 4 hours - } // extraMeta; -} // optionalAttrs (pos != null) { - inherit pos; -} // optionalAttrs isModular { - outputs = [ "out" "dev" ]; -})) +} // (optionalAttrs (pos != null) { inherit pos; }))) diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix b/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix index 620ecfc43df2..2fc82b2e10be 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/perf/default.nix @@ -63,7 +63,7 @@ stdenv.mkDerivation { postPatch = '' # Linux scripts patchShebangs scripts - + patchShebangs tools/perf/check-headers.sh '' + lib.optionalString (lib.versionAtLeast kernel.version "6.3") '' # perf-specific scripts patchShebangs tools/perf/pmu-events diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/update.sh b/nixpkgs/pkgs/os-specific/linux/kernel/update.sh index 560edced36ea..4171b7492b7b 100755 --- a/nixpkgs/pkgs/os-specific/linux/kernel/update.sh +++ b/nixpkgs/pkgs/os-specific/linux/kernel/update.sh @@ -58,11 +58,15 @@ ls $NIXPKGS/pkgs/os-specific/linux/kernel | while read FILE; do echo "Updated $OLDVER -> $V" done -# Update linux-rt -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-rt.sh +# Allowing errors again: one broken update script shouldn't inhibit the +# update of other kernel variants. +set +e -# Update linux-libre -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh +echo Update linux-rt +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-rt.sh || echo "update-rt failed with exit code $?" -# Update linux-hardened -COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py +echo Update linux-libre +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh || echo "update-libre failed with exit code $?" + +echo Update linux-hardened +COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py || echo "update-hardened failed with exit code $?" diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 4412bd56fadd..30b8f6bba893 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -3,14 +3,14 @@ let # These names are how they are designated in https://xanmod.org. ltsVariant = { - version = "6.1.42"; - hash = "sha256-mOydloX5bff9wrFh40wf12GW+sION9SoGK2mAC1yNOw="; + version = "6.1.46"; + hash = "sha256-E9DEWfhl9hUAQXOvJVYJsKBFIen0xHrmiUdTUvGeKxE="; variant = "lts"; }; mainVariant = { - version = "6.4.7"; - hash = "sha256-0yOVCMqhoiWz8IlYRR0wXytAzjv81Cf5NoFa9qxGMm4="; + version = "6.4.11"; + hash = "sha256-HZTLuxdlkVRBe8C95vr6Fk9YjlCXZEpK3gfbtzLqwLQ="; variant = "main"; }; @@ -29,9 +29,9 @@ let # AMD P-state driver X86_AMD_PSTATE = lib.mkOverride 60 yes; - # Google's BBRv2 TCP congestion Control - TCP_CONG_BBR2 = yes; - DEFAULT_BBR2 = yes; + # Google's BBRv3 TCP congestion Control + TCP_CONG_BBR = yes; + DEFAULT_BBR = yes; # FQ-PIE Packet Scheduling NET_SCH_DEFAULT = yes; |