From ea76ee283790635af2d9640d1c422668960cb653 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:42:27 -0600 Subject: [PATCH 01/17] linux/hardened: fix update script Due to releases now including a v (and before didn't) hardened hasn't been updated since May 2024 (4 months ago) (cherry picked from commit 60623de0b351f669b2486ed0c6b32c0d826a234e) --- pkgs/os-specific/linux/kernel/hardened/update.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 8b46137afb37b..0603812124bea 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -145,7 +145,7 @@ def find_asset(filename: str) -> str: if not sig_ok: return None - kernel_ver = re.sub(r"(.*)(-hardened[\d]+)$", r'\1', release_info.release.tag_name) + kernel_ver = re.sub(r"v?(.*)(-hardened[\d]+)$", r'\1', release_info.release.tag_name) major = kernel_ver.split('.')[0] sha256_kernel, _ = nix_prefetch_url(f"mirror://kernel/linux/kernel/v{major}.x/linux-{kernel_ver}.tar.xz") @@ -157,8 +157,11 @@ def find_asset(filename: str) -> str: def parse_version(version_str: str) -> Version: + # There have been two variants v6.10[..] and 6.10[..], drop the v + version_str_without_v = version_str[1:] if not version_str[0].isdigit() else version_str version: Version = [] - for component in re.split(r'\.|\-', version_str): + + for component in re.split(r'\.|\-', version_str_without_v): try: version.append(int(component)) except ValueError: @@ -227,7 +230,7 @@ def commit_patches(*, kernel_key: str, message: str) -> None: # It's not reliable to exit earlier because not every kernel minor may # have hardened patches, hence the naive search below. i += 1 - if i > 500: + if i > 100: break version = parse_version(release.tag_name) From 0112f1ed950baa8445a9423dce33478a631fa599 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:46:29 -0600 Subject: [PATCH 02/17] linux/hardened/patches/5.10: 5.10.218-hardened1 -> v5.10.226-hardened1 (cherry picked from commit ad3ec7bd3d6f9eb1803f5ca0f6598260abb640de) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 62f1fcdda20c6..f769bd5272707 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -12,12 +12,12 @@ "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.218-hardened1.patch", - "sha256": "1ah4pznha17ngg3w7l0j74h4910gjv8qj503adrap7plvapf82m4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.218-hardened1/linux-hardened-5.10.218-hardened1.patch" + "name": "linux-hardened-v5.10.226-hardened1.patch", + "sha256": "1vxcr0f3ikkg10wcvq76djxzmhlc6h5fv34xf8vm48wfi7ryajbk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.10.226-hardened1/linux-hardened-v5.10.226-hardened1.patch" }, - "sha256": "1mmj5hwm5i16gc1y4nzr1cs882vi6vrihrincdcivv63x11v4dlw", - "version": "5.10.218" + "sha256": "19hwwl5sbya65mch7fwmji2cli9b8796zjqbmkybjrarg1j9m8gn", + "version": "5.10.226" }, "5.15": { "patch": { From ef410befa55999678395fe521f3325b165e1f4df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:46:33 -0600 Subject: [PATCH 03/17] linux/hardened/patches/5.15: 5.15.160-hardened1 -> v5.15.167-hardened1 (cherry picked from commit fec646af8d166d7ed31a85c044921843a889bad0) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index f769bd5272707..7aecbc161bff2 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -22,12 +22,12 @@ "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.160-hardened1.patch", - "sha256": "1r10ylx886rslsmrixlijjm4crhwzkl3wj6kpyn2344qik1gxpqr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.160-hardened1/linux-hardened-5.15.160-hardened1.patch" + "name": "linux-hardened-v5.15.167-hardened1.patch", + "sha256": "1mwww490bf5i1njzyprnamfn8n471r94klgn7wghwi2f5vsn6j9g", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.15.167-hardened1/linux-hardened-v5.15.167-hardened1.patch" }, - "sha256": "018v19a7rhzc4szybzzn86jlnk42x7jm6xkadfd2d3xq6f7727pl", - "version": "5.15.160" + "sha256": "0c6s6l5sz9ibws7bymb393ww0z9i3amsk1yx0bahipz3xhc1yxdi", + "version": "5.15.167" }, "5.4": { "patch": { From db682faea7b069e2a3734c9ab4a604f9fdaf1a87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:46:36 -0600 Subject: [PATCH 04/17] linux/hardened/patches/5.4: 5.4.277-hardened1 -> v5.4.284-hardened1 (cherry picked from commit 6178bdf0298f37f2ec35f0ede8f3f81e63868f82) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 7aecbc161bff2..3288141097c19 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -32,12 +32,12 @@ "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.277-hardened1.patch", - "sha256": "1zjw5wl8lj69j402qm8dg3m4dxgq3ppx2jyz8jks976vyhh8fsg4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.277-hardened1/linux-hardened-5.4.277-hardened1.patch" + "name": "linux-hardened-v5.4.284-hardened1.patch", + "sha256": "1skqaq90bigrxg0w075nssqbdq868ii62r8asx0m6wcvd5cl50af", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.4.284-hardened1/linux-hardened-v5.4.284-hardened1.patch" }, - "sha256": "0l8zq3k07hdprfpvw69ykkf2pdg8wiv28xz733yxsjcfb0l5n7vy", - "version": "5.4.277" + "sha256": "0axkwfhvq3w2072xjqww476qa3rjglxyqmf72mlp9b5ymswil8kp", + "version": "5.4.284" }, "6.1": { "patch": { From 3cec82be718a49db93a09aef2ed0898a80b15ab7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:46:40 -0600 Subject: [PATCH 05/17] linux/hardened/patches/6.1: 6.1.92-hardened1 -> v6.1.110-hardened1 (cherry picked from commit 2794012a3e1c8bbf8b58ef975213ebc2d3a2afe2) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 3288141097c19..144c1cd3c5e72 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -42,12 +42,12 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.92-hardened1.patch", - "sha256": "0cw87ygmisi823y3f7xrck12b6zh3mq1qmb7lcmr3hg6w3xskmn3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.92-hardened1/linux-hardened-6.1.92-hardened1.patch" + "name": "linux-hardened-v6.1.110-hardened1.patch", + "sha256": "1v43n3h9d3y3xjjyf6r8n7a3fh3zpqw4f925bn2z5vwzblmg4bhf", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.110-hardened1/linux-hardened-v6.1.110-hardened1.patch" }, - "sha256": "1j9n8gk76nn4gw42iba5zgghr360gb9n1mslr5dyv76wpwkz86ch", - "version": "6.1.92" + "sha256": "0slgvwldjdyi5vzhgriamkmrj4p942yacclgcw29331gfjs39gly", + "version": "6.1.110" }, "6.6": { "patch": { From 5295e717878d12bfae8be9bc870309bc2daed0b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:46:44 -0600 Subject: [PATCH 06/17] linux/hardened/patches/6.10: init at v6.10.10-hardened1 (cherry picked from commit 1f403d3a06fe27e83c21adfe5c68d08c31a136e3) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 144c1cd3c5e72..e907aa221b860 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -49,6 +49,16 @@ "sha256": "0slgvwldjdyi5vzhgriamkmrj4p942yacclgcw29331gfjs39gly", "version": "6.1.110" }, + "6.10": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-v6.10.10-hardened1.patch", + "sha256": "13hlk1qd9inq711bz2sw4rq6r2lcagdl7mwxkx6rq8iimic758f2", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.10.10-hardened1/linux-hardened-v6.10.10-hardened1.patch" + }, + "sha256": "1kcvh1g3p1sj4q34ylcmm43824f97z4k695lcxnzp7pbnlsyg1z6", + "version": "6.10.10" + }, "6.6": { "patch": { "extra": "-hardened1", From 23f6e3b65a4364ffaa81f2856d689529e9cd2faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 09:46:48 -0600 Subject: [PATCH 07/17] linux/hardened/patches/6.6: 6.6.32-hardened1 -> v6.6.51-hardened1 (cherry picked from commit e930509d183abe4abc3cb55ee4f5c2284c1003e0) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index e907aa221b860..361e18a6f67c6 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -62,12 +62,12 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.32-hardened1.patch", - "sha256": "19362a6lxs3cnaw19jvda7n791y95lfgn9ki4wmaxnw2qbpi0bgg", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.32-hardened1/linux-hardened-6.6.32-hardened1.patch" + "name": "linux-hardened-v6.6.51-hardened1.patch", + "sha256": "03m82lylflnk466ixz3dywnj7scp6ynif4qhbx67ak3f0n44f738", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.51-hardened1/linux-hardened-v6.6.51-hardened1.patch" }, - "sha256": "1qbc8dqmk2xs1cz968rysw5xvhq3lj8g0pxp48fr2qbzy3m29a5a", - "version": "6.6.32" + "sha256": "1cq8l3n12gnk6kgms5c7v71l199ip8lc9fpx7s8w8y88cla9l30w", + "version": "6.6.51" }, "6.8": { "patch": { From 684a7e41b7553fafb06de22ac84a0fe48419d873 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 10:22:57 -0600 Subject: [PATCH 08/17] linux/hardened/patches/6.8: remove (cherry picked from commit 57a558e46d0dc66981b9ab54261aa1216d6a5247) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 361e18a6f67c6..d08e9ef2d0430 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -69,16 +69,6 @@ "sha256": "1cq8l3n12gnk6kgms5c7v71l199ip8lc9fpx7s8w8y88cla9l30w", "version": "6.6.51" }, - "6.8": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.8.11-hardened1.patch", - "sha256": "08i03dmri9h6jxcjd9g6s7pv0spqi3f4fgch1ars68cgngikvbpq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.8.11-hardened1/linux-hardened-6.8.11-hardened1.patch" - }, - "sha256": "1di8kr596sf68sm61kp5rz6bn3sb0q5ag1qc5hm8f9dpyq4wv3dp", - "version": "6.8.11" - }, "6.9": { "patch": { "extra": "-hardened1", From 3413479206d28ee7391dafbdf6503d7c3708e8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sun, 22 Sep 2024 10:22:57 -0600 Subject: [PATCH 09/17] linux/hardened/patches/6.9: remove (cherry picked from commit 904a34e89ba1457cd55b6606a92c236ca6d90e6d) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index d08e9ef2d0430..f21eb914744a2 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -68,15 +68,5 @@ }, "sha256": "1cq8l3n12gnk6kgms5c7v71l199ip8lc9fpx7s8w8y88cla9l30w", "version": "6.6.51" - }, - "6.9": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.9.2-hardened1.patch", - "sha256": "0ph1m0pnlqrhvddz2mjgcwvs0ddcpzigz8kgi9zi063qinlfbm3q", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.9.2-hardened1/linux-hardened-6.9.2-hardened1.patch" - }, - "sha256": "1yg5j284y1gz7zwxjz2abvlnas259m1y1vzd9lmcqqar5kgmnv6l", - "version": "6.9.2" } } From ce1558d2b12b80f09a8f18638db71ac59a3da978 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 23 Sep 2024 18:49:46 +0200 Subject: [PATCH 10/17] linux_5_4_hardened: mark as broken Smoketest fails with machine # [ 3.785769] systemd[1]: dev-hugepages.mount: Failed to spawn executor: Argument list too long machine # [ 3.788689] systemd[1]: dev-hugepages.mount: Failed to spawn 'mount' task: Argument list too long machine # [ 3.790100] systemd[1]: dev-hugepages.mount: Failed with result 'resources'. machine # [ 3.791572] systemd[1]: Failed to mount Huge Pages File System. (cherry picked from commit 62c09a3647304d28907ac45c015ff5f8fb07ac94) --- pkgs/top-level/linux-kernels.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 6813d430a4694..d64a3a3240c45 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -26,6 +26,10 @@ let linux = kernel; }; + markBroken = drv: drv.overrideAttrs ({ meta ? {}, ... }: { + meta = meta // { broken = true; }; + }); + # Hardened Linux hardenedKernelFor = kernel': overrides: let @@ -256,10 +260,10 @@ in { stdenv = gcc10Stdenv; buildPackages = buildPackages // { stdenv = buildPackages.gcc10Stdenv; }; }; - linux_5_4_hardened = hardenedKernelFor kernels.linux_5_4 { + linux_5_4_hardened = markBroken (hardenedKernelFor kernels.linux_5_4 { stdenv = gcc10Stdenv; buildPackages = buildPackages // { stdenv = buildPackages.gcc10Stdenv; }; - }; + }); linux_5_10_hardened = hardenedKernelFor kernels.linux_5_10 { }; linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; From a672b0340b30840d0fc72c8325e26a3cb75a37a4 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:23:56 +0300 Subject: [PATCH 11/17] linux_6_11: 6.11.1 -> 6.11.2 (cherry picked from commit d7fc6b3d1e5adf4370a71ee3801153cfc95d32f5) --- pkgs/os-specific/linux/kernel/kernels-org.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 8ba27041edc8b..1c4801c3c9c5a 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -40,7 +40,7 @@ "hash": "sha256:1kvkwgnq5gsdqarrdg32qjrbq1dggxp1x2yy2zpsjsaq5y2mhj2j" }, "6.11": { - "version": "6.11.1", - "hash": "sha256:0ggfg3f8nkcgs2pg7y5ccfrcjzj7j7x4n41g59gzbsp1nirj6dra" + "version": "6.11.2", + "hash": "sha256:0hlwsfq6brdkdcwdq6d1aq2b210hkqgpmy0y1sa5bfyfp6hgg7pc" } } From 38093b56ba3b310ac6b2fbf80562f4d67f6ac7b1 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:24:00 +0300 Subject: [PATCH 12/17] linux_6_10: 6.10.12 -> 6.10.13 (cherry picked from commit a3a38442c3e8afc98ff6ab74e6da22b197bdb5ec) --- pkgs/os-specific/linux/kernel/kernels-org.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 1c4801c3c9c5a..cde755db99994 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -36,8 +36,8 @@ "hash": "sha256:08ngskni7d9wi93vlwcmbdg7sb2jl1drhhzn62k9nsrg1r7crrss" }, "6.10": { - "version": "6.10.12", - "hash": "sha256:1kvkwgnq5gsdqarrdg32qjrbq1dggxp1x2yy2zpsjsaq5y2mhj2j" + "version": "6.10.13", + "hash": "sha256:0smimvnivdswiggplz9x65d03vdysgr3v9iijbk4f5fva0iypz2z" }, "6.11": { "version": "6.11.2", From 9ee53de6c14ae533f296a51172ee7c33509d6428 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:24:03 +0300 Subject: [PATCH 13/17] linux_6_6: 6.6.53 -> 6.6.54 (cherry picked from commit 31114886f2cb670cecc9cc5a39cafd9642b13d0f) --- pkgs/os-specific/linux/kernel/kernels-org.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index cde755db99994..d9666903b4cb8 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -24,8 +24,8 @@ "hash": "sha256:0qj106lj554y1kdqj8kwyf7pk9bvrrpgz6s8zyh7d61mk7wws9sf" }, "6.6": { - "version": "6.6.53", - "hash": "sha256:0yfpyiz57wz9rkwif6n3k2n87waw46ad0h7h0pwhnar53cfihp98" + "version": "6.6.54", + "hash": "sha256:186ggr0yz7fgp05qav6k6j72aazvwdljdnf2zwb5q194dafqdbjz" }, "6.8": { "version": "6.8.12", From e4f00671be8af9336e13a9259050adc1964cde4e Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:27:18 +0300 Subject: [PATCH 14/17] linux-rt_5_15: 5.15.163-rt78 -> 5.15.167-rt79 (cherry picked from commit 0cae3b65e2641fbe85ce79ee385f7a907e513dab) --- pkgs/os-specific/linux/kernel/linux-rt-5.15.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix index 05134b759fa4c..8878775e5e118 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.15.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.15.163-rt78"; # updated by ./update-rt.sh + version = "5.15.167-rt79"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "00mkipkhz0i5xld7kyaxcj8cj8faw4gmjl5fribg832nn7ccfpq2"; + sha256 = "0c6s6l5sz9ibws7bymb393ww0z9i3amsk1yx0bahipz3xhc1yxdi"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "030aycnrcnjhylkqj0wrfi992v2l26v17rgvxl16514zpdjmiv1x"; + sha256 = "0z9yhg0vxzrqn2vyg973pd8qy5iq30jkza8c0mrjjpjzyc8jvm57"; }; }; in [ rt-patch ] ++ kernelPatches; From b06773c0ad38374da28ff8e5f6fe02dfeae61980 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:28:04 +0300 Subject: [PATCH 15/17] linux/hardened/patches/6.1: v6.1.110-hardened1 -> v6.1.112-hardened1 (cherry picked from commit 748148ac98633be9d07fe6d7fae6c66b364e0ada) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index f21eb914744a2..e145b602fd08e 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -42,12 +42,12 @@ "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v6.1.110-hardened1.patch", - "sha256": "1v43n3h9d3y3xjjyf6r8n7a3fh3zpqw4f925bn2z5vwzblmg4bhf", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.110-hardened1/linux-hardened-v6.1.110-hardened1.patch" + "name": "linux-hardened-v6.1.112-hardened1.patch", + "sha256": "1kna12dhs1csg2cd9ixm261pgnc44v7q67njd0z1mnjrk9q1y7n6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.112-hardened1/linux-hardened-v6.1.112-hardened1.patch" }, - "sha256": "0slgvwldjdyi5vzhgriamkmrj4p942yacclgcw29331gfjs39gly", - "version": "6.1.110" + "sha256": "094z3wfcxqx2rbi072i5frshpy6rdvk39aahwm9nc07vc8sxxn4b", + "version": "6.1.112" }, "6.10": { "patch": { From c4587105e81e5b9bc7dddfbf8ddea90bcc9fb246 Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:28:22 +0300 Subject: [PATCH 16/17] linux/hardened/patches/6.10: v6.10.10-hardened1 -> v6.10.12-hardened1 (cherry picked from commit 9864180cdd6546654e28f5a3e72edcab852425ca) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index e145b602fd08e..40a2243535cc1 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -52,12 +52,12 @@ "6.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v6.10.10-hardened1.patch", - "sha256": "13hlk1qd9inq711bz2sw4rq6r2lcagdl7mwxkx6rq8iimic758f2", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.10.10-hardened1/linux-hardened-v6.10.10-hardened1.patch" + "name": "linux-hardened-v6.10.12-hardened1.patch", + "sha256": "07z35f4nqj9vgj2ynq7spgckb770a0w0906m7l28i1x0kch2kr3j", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.10.12-hardened1/linux-hardened-v6.10.12-hardened1.patch" }, - "sha256": "1kcvh1g3p1sj4q34ylcmm43824f97z4k695lcxnzp7pbnlsyg1z6", - "version": "6.10.10" + "sha256": "1kvkwgnq5gsdqarrdg32qjrbq1dggxp1x2yy2zpsjsaq5y2mhj2j", + "version": "6.10.12" }, "6.6": { "patch": { From 7f8eb7de10da840c7217b98aa0489273dc11304a Mon Sep 17 00:00:00 2001 From: K900 Date: Fri, 4 Oct 2024 18:28:37 +0300 Subject: [PATCH 17/17] linux/hardened/patches/6.6: v6.6.51-hardened1 -> v6.6.53-hardened1 (cherry picked from commit debb6d9df4e6a874a61da81e5f24ea87734945c7) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 40a2243535cc1..c159ead188fc4 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -62,11 +62,11 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v6.6.51-hardened1.patch", - "sha256": "03m82lylflnk466ixz3dywnj7scp6ynif4qhbx67ak3f0n44f738", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.51-hardened1/linux-hardened-v6.6.51-hardened1.patch" + "name": "linux-hardened-v6.6.53-hardened1.patch", + "sha256": "09i25qrn18psyrzr8srav4zcbyqmn2z8ycfk9fix2pdfxsaxl8h9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.53-hardened1/linux-hardened-v6.6.53-hardened1.patch" }, - "sha256": "1cq8l3n12gnk6kgms5c7v71l199ip8lc9fpx7s8w8y88cla9l30w", - "version": "6.6.51" + "sha256": "0yfpyiz57wz9rkwif6n3k2n87waw46ad0h7h0pwhnar53cfihp98", + "version": "6.6.53" } }