diff options
author | Fabián Heredia Montiel <303897+fabianhjr@users.noreply.github.com> | 2024-05-17 22:03:14 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-17 22:03:14 -0600 |
commit | d6801d9d8525ff9b7325a2e53f0122efa0c6d088 (patch) | |
tree | bd324c7af777f5e349f8c1247478b043cc1f7023 | |
parent | 22779946778dabdc33e294970cd80b6e41aa8192 (diff) | |
parent | 62bfa656568e0775c2e20ad9eb96f1584cc890c9 (diff) |
Merge pull request #308833 from whentze/linux-hardened-update
Linux Hardened Kernels 2024-05-03
-rw-r--r-- | nixos/tests/kernel-generic.nix | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 82 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/kernel/hardened/update.py | 1 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 | ||||
-rw-r--r-- | pkgs/top-level/linux-kernels.nix | 2 |
5 files changed, 42 insertions, 46 deletions
diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix index 5f0e7b3e37cd7..07e15a380b6d5 100644 --- a/nixos/tests/kernel-generic.nix +++ b/nixos/tests/kernel-generic.nix @@ -31,6 +31,7 @@ let linux_5_15_hardened linux_6_1_hardened linux_6_6_hardened + linux_6_8_hardened linux_rt_5_4 linux_rt_5_10 linux_rt_5_15 diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 21772b2e03eb0..ada6932dc85fb 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,81 +2,71 @@ "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.309-hardened1.patch", - "sha256": "1hww72w5anmfr9czqbl31glzl70s34492k9qz9zax141zg1sf6sp", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.309-hardened1/linux-hardened-4.19.309-hardened1.patch" + "name": "linux-hardened-4.19.313-hardened1.patch", + "sha256": "1fa30s98cbk64315y7vwz7pc2ba0rcs2msaiiib8p85kid5c80v8", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.313-hardened1/linux-hardened-4.19.313-hardened1.patch" }, - "sha256": "1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm", - "version": "4.19.309" + "sha256": "1j1r4mrdh1ray468jr5i8d2afiswb653bhq0ck8bcdw4rwp5w558", + "version": "4.19.313" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.212-hardened1.patch", - "sha256": "0h04i94vshhcli5m4qpnqg4vsi5v1ifvdhhklk7c0bvkfk35cbml", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.212-hardened1/linux-hardened-5.10.212-hardened1.patch" + "name": "linux-hardened-5.10.216-hardened1.patch", + "sha256": "1hj59x5wrh8bkgxp1f5sh8h5rirh4878gywanjmf7qjq6w2wj5rh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.216-hardened1/linux-hardened-5.10.216-hardened1.patch" }, - "sha256": "14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc", - "version": "5.10.212" + "sha256": "0lg1zfb9y4ps86q85mlnyalb3s90zix003z62jb9bw139f65h473", + "version": "5.10.216" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.151-hardened1.patch", - "sha256": "040jc5n9qsdz2wv5ksfvc28vd72nmya2i2f0ps0jiras6l2wlhjz", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.151-hardened1/linux-hardened-5.15.151-hardened1.patch" + "name": "linux-hardened-5.15.158-hardened1.patch", + "sha256": "1q37hdac1mk91rrl2p3j4d69wiphzm1mfbvl6cxlsrc42pjbapz3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.158-hardened1/linux-hardened-5.15.158-hardened1.patch" }, - "sha256": "0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la", - "version": "5.15.151" + "sha256": "1inmdpif3qf1blmvjj4i7y42bylvhv0wyj3b0apq12zxlj1iq1zr", + "version": "5.15.158" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.271-hardened1.patch", - "sha256": "0rw5il7885d0d3k2hmh46541svib6rp32g00fcl5bw37ydmq3z8b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.271-hardened1/linux-hardened-5.4.271-hardened1.patch" + "name": "linux-hardened-5.4.275-hardened1.patch", + "sha256": "10fw4hkavnj6nhjqz186sqxbvjz6g62mhyjmlnlxik322nbh6jk6", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.275-hardened1/linux-hardened-5.4.275-hardened1.patch" }, - "sha256": "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d", - "version": "5.4.271" + "sha256": "0k1hyknx854k8z27j4rq1gcp8l0xc0bspmrhc41a033gjilb1lns", + "version": "5.4.275" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.81-hardened1.patch", - "sha256": "0af9dxdsa858zyqc0vsrzg098afhg5vpb2wpr6gj2ykwc13iaf07", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.81-hardened1/linux-hardened-6.1.81-hardened1.patch" + "name": "linux-hardened-6.1.90-hardened1.patch", + "sha256": "1wjckrv0p7phai6ian39kl0rpmzvrzz10bi92xgdq8hhsbp2p3fk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.90-hardened1/linux-hardened-6.1.90-hardened1.patch" }, - "sha256": "0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f", - "version": "6.1.81" - }, - "6.5": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-6.5.13-hardened1.patch", - "sha256": "1fj6yaq2gdjlj2h19vkm13jrx0yiczj6pvric1kq1r6cprqrkkki", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.13-hardened1/linux-hardened-6.5.13-hardened1.patch" - }, - "sha256": "1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq", - "version": "6.5.13" + "sha256": "07cfg0chssvpc4mqls3aln6s4lqjp6k4x2n63wndmkjgfqpdg8w3", + "version": "6.1.90" }, "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.21-hardened1.patch", - "sha256": "0k35s5pj92lvfp6kw3isg78zc3gijsg0xbzcyvxdkmhzaq8j6i1i", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.21-hardened1/linux-hardened-6.6.21-hardened1.patch" + "name": "linux-hardened-6.6.30-hardened1.patch", + "sha256": "0q6x7prx1ncf3ni5zvpjav9jcq1n50fq0wcarw022bis1rmrhczy", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.30-hardened1/linux-hardened-6.6.30-hardened1.patch" }, - "sha256": "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf", - "version": "6.6.21" + "sha256": "1ilwmgpgvddwkd9nx5999cb6z18scjyq7jklid26k1hg7f35nsmn", + "version": "6.6.30" }, - "6.7": { + "6.8": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.7.6-hardened1.patch", - "sha256": "063yrs3g0knlz37aq979jhng9k6l19873nbi1jy167xfqmpqqajr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.7.6-hardened1/linux-hardened-6.7.6-hardened1.patch" + "name": "linux-hardened-6.8.9-hardened1.patch", + "sha256": "115d1fgddfcffmfg5f31w50lf2cskkwakngb343didrwfa28nrxf", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.8.9-hardened1/linux-hardened-6.8.9-hardened1.patch" }, - "sha256": "1lrp7pwnxnqyy8c2l4n4nz997039gbnssrfm8ss8kl3h2c7fr2g4", - "version": "6.7.6" + "sha256": "1dn9bgmf03bdfbmgq98d043702g808rjikxs2i9yia57iqiz21gr", + "version": "6.8.9" } } diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index cb624ebe86b93..1e34ca209aa90 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -211,6 +211,7 @@ with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as kernel_versions_json: # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()): + del patches[kernel_key] commit_patches(kernel_key=kernel_key, message="remove") g = Github(os.environ.get("GITHUB_TOKEN")) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1f6c9407956fa..974e2d6d3fa82 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27311,6 +27311,8 @@ with pkgs; linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened; linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened; linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened; + linuxPackages_6_8_hardened = linuxKernel.packages.linux_6_8_hardened; + linux_6_8_hardened = linuxKernel.kernels.linux_6_8_hardened; # GNU Linux-libre kernels linuxPackages-libre = linuxKernel.packages.linux_libre; diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 0335f52465eaa..57ae6c5f36a93 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -269,6 +269,7 @@ in { linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { }; + linux_6_8_hardened = hardenedKernelFor kernels.linux_6_8 { }; } // lib.optionalAttrs config.allowAliases { linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11"; @@ -657,6 +658,7 @@ in { linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened); linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened); linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened); + linux_6_8_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_8_hardened); linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx); |