diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 10 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/generic.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/kernels-org.json | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-rt-5.10.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix | 23 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/manual-config.nix | 9 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/xanmod-kernels.nix | 14 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/zen-kernels.nix | 4 |
8 files changed, 35 insertions, 41 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index fb583551f1b6b..2954ee8f78b90 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -562,6 +562,13 @@ let KEYS_REQUEST_CACHE = whenAtLeast "5.3" yes; # randomized slab caches RANDOM_KMALLOC_CACHES = whenAtLeast "6.6" yes; + + # NIST SP800-90A DRBG modes - enabled by most distributions + # and required by some out-of-tree modules (ShuffleCake) + # This does not include the NSA-backdoored Dual-EC mode from the same NIST publication. + CRYPTO_DRBG_HASH = yes; + CRYPTO_DRBG_CTR = yes; + } // optionalAttrs stdenv.hostPlatform.isx86_64 { # Enable Intel SGX X86_SGX = whenAtLeast "5.11" yes; @@ -715,7 +722,6 @@ let ZSWAP = option yes; ZPOOL = yes; ZBUD = option yes; - ZSMALLOC = module; }; brcmfmac = { @@ -839,6 +845,8 @@ let CLEANCACHE = whenOlder "5.17" (option yes); CRASH_DUMP = option no; + FSCACHE_STATS = yes; + DVB_DYNAMIC_MINORS = option yes; # we use udev EFI_STUB = yes; # EFI bootloader in the bzImage itself diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index 74c47db625618..df67005dd8165 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -135,8 +135,6 @@ let platformName = stdenv.hostPlatform.linux-kernel.name; # e.g. "defconfig" kernelBaseConfig = if defconfig != null then defconfig else stdenv.hostPlatform.linux-kernel.baseConfig; - # e.g. "bzImage" - kernelTarget = stdenv.hostPlatform.linux-kernel.target; makeFlags = lib.optionals (stdenv.hostPlatform.linux-kernel ? makeFlags) stdenv.hostPlatform.linux-kernel.makeFlags ++ extraMakeFlags; diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index aeb6bbb27206e..94ab60aa67b99 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -1,16 +1,12 @@ { "testing": { - "version": "6.6-rc7", - "hash": "sha256:1zzd32ya4hldfywicgpnc2cyd412s7q9c31qvxx2nl9nkx11xsxv" + "version": "6.7-rc1", + "hash": "sha256:1a071vvmm08sp48d0arqzcmqnz5xdb1vflfhxcqwmpzaabjrgadk" }, "6.5": { "version": "6.5.11", "hash": "sha256:06dmb4hbwrms0lp4axphwgj8wbnzsym70sx55lxr501b53wlmqif" }, - "6.4": { - "version": "6.4.16", - "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" - }, "6.1": { "version": "6.1.62", "hash": "sha256:1v453q4sf0j8708ivs1zmdf645hgimqvxfc8xz7czgnnmipn3zdr" diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 3f2efbb87e83a..65ca352b53b89 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.197-rt96"; # updated by ./update-rt.sh + version = "5.10.199-rt97"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -17,14 +17,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1awkm7lln5gf6kld9z5h4mg39bd778jsdswwlwb7iv7bn03lafhq"; + sha256 = "1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "0pd1yhr154zl5jfmchzdfv27cbnn8h23x7am0dmqwr1ylwg4bvbi"; + sha256 = "13k7md0a63q4r5vqqvbszmg3kzp5np0hdaj1siyl4yvs9j78d03s"; }; }; in [ rt-patch ] ++ kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix index 0763ffda26b99..c58c4e67e4d0c 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing-bcachefs.nix @@ -6,27 +6,32 @@ # bcachefs-tools stores the expected-revision in: # https://evilpiepirate.org/git/bcachefs-tools.git/tree/.bcachefs_revision # but this does not means that it'll be the latest-compatible revision -, currentCommit ? "84f132d5696138bb038d2dc8f1162d2fab5ac832" -, diffHash ? "sha256-RaBWBU7rXjJFb1euFAFBHWCBQAG7npaCodjp/vMYpyw=" +, currentCommit ? "4d2faeb4fb58c389dc9f76b8d5ae991ef4497e04" +, diffHash ? "sha256-DtMc8P4lTRzvS6PVvD7WtWEPsfnxIXSpqMsKKWs+edI=" , kernelPatches # must always be defined in bcachefs' all-packages.nix entry because it's also a top-level attribute supplied by callPackage , argsOverride ? {} , ... } @ args: - # NOTE: bcachefs-tools should be updated simultaneously to preserve compatibility (kernel.override ( args // { - version = "${kernel.version}-bcachefs-unstable-${commitDate}"; - extraMeta = { - branch = "master"; - broken = stdenv.isAarch64; - maintainers = with lib.maintainers; [ davidak Madouura pedrohlc raitobezarius ]; - }; + argsOverride = { + version = "${kernel.version}-bcachefs-unstable-${commitDate}"; + modDirVersion = kernel.modDirVersion; + + extraMeta = { + homepage = "https://bcachefs.org/"; + branch = "master"; + maintainers = with lib.maintainers; [ davidak Madouura pedrohlc raitobezarius YellowOnion ]; + }; + } // argsOverride; structuredExtraConfig = with lib.kernel; { BCACHEFS_FS = module; BCACHEFS_QUOTA = option yes; BCACHEFS_POSIX_ACL = option yes; + # useful for bug reports + FTRACE = option yes; }; kernelPatches = [ { diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index d5b67b5efbe3c..2ba31fbc97892 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -1,5 +1,5 @@ { lib, stdenv, buildPackages, runCommand, nettools, bc, bison, flex, perl, rsync, gmp, libmpc, mpfr, openssl -, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod +, libelf, cpio, elfutils, zstd, python3Minimal, zlib, pahole, kmod, ubootTools , fetchpatch }: @@ -120,10 +120,6 @@ let # Ensure that depmod gets resolved through PATH sed -i Makefile -e 's|= /sbin/depmod|= depmod|' - # fixup for pre-5.4 kernels using the $(cd $foo && /bin/pwd) pattern - # FIXME: remove when no longer needed - substituteInPlace Makefile tools/scripts/Makefile.include --replace /bin/pwd pwd - # Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic. # This way kernels can be bit-by-bit reproducible depending on settings # (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled). @@ -368,8 +364,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.hostPlatform.linux-kernel kernelPat enableParallelBuilding = true; depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ] - ++ optional (stdenv.hostPlatform.linux-kernel.target == "uImage") buildPackages.ubootTools + nativeBuildInputs = [ perl bc nettools openssl rsync gmp libmpc mpfr zstd python3Minimal kmod ubootTools ] ++ optional (lib.versionOlder version "5.8") libelf ++ optionals (lib.versionAtLeast version "4.16") [ bison flex ] ++ optionals (lib.versionAtLeast version "5.2") [ cpio pahole zlib ] diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix index 82b17d461d2b7..691b4899f2dd7 100644 --- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix +++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix @@ -2,6 +2,9 @@ let # These names are how they are designated in https://xanmod.org. + + # NOTE: When updating these, please also take a look at the changes done to + # kernel config in the xanmod version commit ltsVariant = { version = "6.1.62"; hash = "sha256-fo5OQ/MZ+QVdCmLzX0OgFUBedfqrkqp+Ev081RVdtWw="; @@ -26,21 +29,10 @@ let }; structuredExtraConfig = with lib.kernel; { - # AMD P-state driver - X86_AMD_PSTATE = lib.mkOverride 60 yes; - # Google's BBRv3 TCP congestion Control TCP_CONG_BBR = yes; DEFAULT_BBR = yes; - # FQ-PIE Packet Scheduling - NET_SCH_DEFAULT = yes; - DEFAULT_FQ_PIE = yes; - - # Futex WAIT_MULTIPLE implementation for Wine / Proton Fsync. - FUTEX = yes; - FUTEX_PI = yes; - # WineSync driver for fast kernel-backed Wine WINESYNC = module; diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index 5e949a6f461ec..456a6c7c27dd5 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -12,8 +12,8 @@ let # ./update-zen.py lqx lqxVariant = { version = "6.5.11"; #lqx - suffix = "lqx1"; #lqx - sha256 = "02k4cfiygrfgyp3x6ivr7h6klknjzd5cwpszjnzcy2jc547512pd"; #lqx + suffix = "lqx2"; #lqx + sha256 = "0rak2ald95bwb5qlp8pf2g93a0gkv8rypiv5s8dpds3cilwmxrg9"; #lqx isLqx = true; }; zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { |