diff options
Diffstat (limited to 'pkgs')
-rwxr-xr-x | pkgs/os-specific/linux/kernel/hardened/update.py | 11 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/kernels-org.json | 4 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/kernel/update-mainline.py | 25 |
3 files changed, 33 insertions, 7 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index ce54c2980758..cb624ebe86b9 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -1,5 +1,5 @@ #! /usr/bin/env nix-shell -#! nix-shell -i python -p "python3.withPackages (ps: [ps.pygithub])" git gnupg +#! nix-shell -i python -p "python3.withPackages (ps: [ps.pygithub ps.packaging])" git gnupg # This is automatically called by ../update.sh. @@ -27,6 +27,8 @@ from typing import ( from github import Github from github.GitRelease import GitRelease +from packaging.version import parse as parse_version, Version + VersionComponent = Union[int, str] Version = List[VersionComponent] @@ -39,6 +41,11 @@ Patch = TypedDict("Patch", { }) +def read_min_kernel_branch() -> List[str]: + with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as f: + return list(parse_version(sorted(json.load(f).keys())[0]).release) + + @dataclass class ReleaseInfo: version: Version @@ -51,7 +58,7 @@ NIXPKGS_PATH = HERE.parents[4] HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" HARDENED_PATCHES_PATH = HERE / "patches.json" -MIN_KERNEL_VERSION: Version = [4, 14] +MIN_KERNEL_VERSION: Version = read_min_kernel_branch() def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 13fd2ed4d371..7412b33436d6 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -27,10 +27,6 @@ "version": "4.19.303", "hash": "sha256:0dlbl47xs7z4yf9cxbxqzd7zs1f9070jr6ck231wgppa6lwwwb82" }, - "4.14": { - "version": "4.14.334", - "hash": "sha256:0iaaqdkszmfarvjfszc9rf7y9zsv3w82934xmvmzmsbiz86547ca" - }, "6.6": { "version": "6.6.8", "hash": "sha256:05i4ayj9wyjkd1s8ixx7bxwcyagqyx8rhj1zvbc3cjqyw4sc8djh" diff --git a/pkgs/os-specific/linux/kernel/update-mainline.py b/pkgs/os-specific/linux/kernel/update-mainline.py index 30b9ebec984c..020e55c5fe40 100755 --- a/pkgs/os-specific/linux/kernel/update-mainline.py +++ b/pkgs/os-specific/linux/kernel/update-mainline.py @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.beautifulsoup4 ps.lxml ])" +#!nix-shell -i python3 -p "python3.withPackages (ps: [ ps.beautifulsoup4 ps.lxml ps.packaging ])" import json import os import pathlib @@ -10,6 +10,8 @@ from dataclasses import dataclass from enum import Enum from bs4 import BeautifulSoup, NavigableString, Tag +from packaging.version import parse as parse_version, Version +from typing import List HERE = pathlib.Path(__file__).parent ROOT = HERE.parent.parent.parent.parent @@ -80,6 +82,18 @@ def get_hash(kernel: KernelRelease): return f"sha256:{hash}" +def get_oldest_branch() -> Version: + with open(VERSIONS_FILE) as f: + return parse_version(sorted(json.load(f).keys())[0]) + + +def predates_oldest_branch(oldest: Version, to_compare: str) -> bool: + if to_compare == "testing": + return False + + return parse_version(to_compare) < oldest + + def commit(message): return subprocess.check_call(["git", "commit", "-m", message, VERSIONS_FILE]) @@ -97,6 +111,8 @@ def main(): parsed_releases = filter(None, [parse_release(release) for release in releases]) all_kernels = json.load(VERSIONS_FILE.open()) + oldest_branch = get_oldest_branch() + for kernel in parsed_releases: branch = get_branch(kernel.version) nixpkgs_branch = branch.replace(".", "_") @@ -106,6 +122,13 @@ def main(): print(f"linux_{nixpkgs_branch}: {kernel.version} is latest, skipping...") continue + if predates_oldest_branch(oldest_branch, kernel.branch): + print( + f"{kernel.branch} is too old and not supported anymore, skipping...", + file=sys.stderr + ) + continue + if old_version is None: message = f"linux_{nixpkgs_branch}: init at {kernel.version}" else: |