Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2373e1991832
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 8593ce317d5b
Choose a head ref
  • 3 commits
  • 5 files changed
  • 1 contributor

Commits on Jan 25, 2021

  1. linux-hardened: Remove tag patch 

    (cherry picked from commit 071750d)
    @NeQuissimus
    NeQuissimus committed Jan 25, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    shlevy Shea Levy
    GPG key ID: 5C0BD6957D86FE27
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6d6ae21 View commit details

  2. linux: 5.10.9 -> 5.10.10

    @NeQuissimus
    NeQuissimus committed Jan 25, 2021
    Copy the full SHA
    06a09c1 View commit details

  3. linux/hardened/patches/5.10: 5.10.9.a -> 5.10.10-hardened1

    @NeQuissimus
    NeQuissimus committed Jan 25, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    shlevy Shea Levy
    GPG key ID: 5C0BD6957D86FE27
    Verified
    Learn about vigilant mode
    Copy the full SHA
    8593ce3 View commit details
8 changes: 4 additions & 4 deletions pkgs/os-specific/linux/kernel/hardened/patches.json
View file
Original file line number Diff line number Diff line change
@@ -12,10 +12,10 @@
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.165.a/linux-hardened-4.19.165.a.patch"
},
"5.10": {
"extra": ".a",
"name": "linux-hardened-5.10.9.a.patch",
"sha256": "0mkwyknafdbc2hqv4j7jjc6wsrrx6a76d69hxh7x90gi0s3f5rfw",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.9.a/linux-hardened-5.10.9.a.patch"
"extra": "-hardened1",
"name": "linux-hardened-5.10.10-hardened1.patch",
"sha256": "0hm8ng073lzqcj5khgpxvr775z0jns9y00qj8b0n63yq0klm2pqh",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.10-hardened1/linux-hardened-5.10.10-hardened1.patch"
},
"5.4": {
"extra": ".a",
7 changes: 0 additions & 7 deletions pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch
View file

This file was deleted.

4 changes: 2 additions & 2 deletions pkgs/os-specific/linux/kernel/linux-5.10.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
with stdenv.lib;

buildLinux (args // rec {
version = "5.10.9";
version = "5.10.10";

# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {

src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
sha256 = "0la7dklpy6xd79fkzavpmlfyrc60kmmwz491msd95dmvv06kwwvz";
sha256 = "06fvgkrn9127xw9kly6l4ws3yv80q8xfqdzaam92lljim5pqdvb0";
};
} // (args.argsOverride or {}))
5 changes: 0 additions & 5 deletions pkgs/os-specific/linux/kernel/patches.nix
View file
Original file line number Diff line number Diff line change
@@ -33,11 +33,6 @@

cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;

tag_hardened = {
name = "tag-hardened";
patch = ./hardened/tag-hardened.patch;
};

hardened = let
mkPatch = kernelVersion: src: {
name = lib.removeSuffix ".patch" src.name;
3 changes: 1 addition & 2 deletions pkgs/top-level/all-packages.nix
View file
Original file line number Diff line number Diff line change
@@ -17994,10 +17994,9 @@ in
inherit (kernel) version;
};
kernelPatches = kernel.kernelPatches ++ [
kernelPatches.tag_hardened
kernelPatches.hardened.${kernel.meta.branch}
];
modDirVersionArg = kernel.modDirVersion + (kernelPatches.hardened.${kernel.meta.branch}).extra + "-hardened";
modDirVersionArg = kernel.modDirVersion + (kernelPatches.hardened.${kernel.meta.branch}).extra;
isHardened = true;
});