diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2023-12-30 11:38:31 +0100 |
|---|---|---|
| committer | Maximilian Bosch <maximilian@mbosch.me> | 2024-01-02 18:43:33 +0100 |
| commit | af7fc05959a5962d25275bb451d4f943443a7746 (patch) | |
| tree | f7c4a3e2035f936de48832c52332f06078807d9a /pkgs/os-specific/linux/kernel/hardened | |
| parent | 46ae1eb5429ee567d702eeef7f44399d4712f1b2 (diff) | |
linux/hardened: read min supported kernel from kernels-org.json
This one isn't 4.14 anymore and that should've been updated while
removing 4.14, but is easy to miss.
Since it's not expected that we have versions older than the oldest
mainline version from `kernels-org.json`, determine the minimum
supported version by reading it from there.
Also, this means lesser places to update when dropping old kernels.
This needs an additional change for the mainline updater to make sure
that no older versions appear there[1]. This will be implemented in
the next commit.
[1] At the time of implementing this, the oldest supported kernel was
4.19, however 4.14 wasn't EOL yet and thus still picked up by the
mainline updater.
Diffstat (limited to 'pkgs/os-specific/linux/kernel/hardened')
| -rwxr-xr-x | pkgs/os-specific/linux/kernel/hardened/update.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index ce54c29807589..cb624ebe86b93 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -1,5 +1,5 @@ #! /usr/bin/env nix-shell -#! nix-shell -i python -p "python3.withPackages (ps: [ps.pygithub])" git gnupg +#! nix-shell -i python -p "python3.withPackages (ps: [ps.pygithub ps.packaging])" git gnupg # This is automatically called by ../update.sh. @@ -27,6 +27,8 @@ from typing import ( from github import Github from github.GitRelease import GitRelease +from packaging.version import parse as parse_version, Version + VersionComponent = Union[int, str] Version = List[VersionComponent] @@ -39,6 +41,11 @@ Patch = TypedDict("Patch", { }) +def read_min_kernel_branch() -> List[str]: + with open(NIXPKGS_KERNEL_PATH / "kernels-org.json") as f: + return list(parse_version(sorted(json.load(f).keys())[0]).release) + + @dataclass class ReleaseInfo: version: Version @@ -51,7 +58,7 @@ NIXPKGS_PATH = HERE.parents[4] HARDENED_GITHUB_REPO = "anthraxx/linux-hardened" HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc" HARDENED_PATCHES_PATH = HERE / "patches.json" -MIN_KERNEL_VERSION: Version = [4, 14] +MIN_KERNEL_VERSION: Version = read_min_kernel_branch() def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]: |