Tim Steinbach
Tim Steinbach
parent
58514b3428
commit
4312cd74f1
|
|
@ -1,25 +1,30 @@
|
|||
{
|
||||
"4.14": {
|
||||
"extra": "",
|
||||
"name": "linux-hardened-4.14.213.a.patch",
|
||||
"sha256": "0lkjgg6cbsaiypxij7p00q3y094qf0h172hc2p7wgy39777b45a7",
|
||||
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.213.a/linux-hardened-4.14.213.a.patch"
|
||||
},
|
||||
"4.19": {
|
||||
"extra": ".a",
|
||||
"name": "linux-hardened-4.19.165.a.patch",
|
||||
"sha256": "06v34jaj4jg6f3v05wbkkfnr69ahxqyyq0gam4ma3wgm74x6cf3s",
|
||||
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.165.a/linux-hardened-4.19.165.a.patch"
|
||||
},
|
||||
"5.10": {
|
||||
"extra": ".a",
|
||||
"name": "linux-hardened-5.10.5.a.patch",
|
||||
"sha256": "1fq2n60brhi6wjazkdgj2aqc4maskvlymbznl03hvj0x5kahjxvx",
|
||||
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.5.a/linux-hardened-5.10.5.a.patch"
|
||||
},
|
||||
"5.4": {
|
||||
"extra": ".a",
|
||||
"name": "linux-hardened-5.4.87.a.patch",
|
||||
"sha256": "01hpww6lm00iry8z4z86hh86x66h3xbmxknxhmmhh2zwz6ahkmfd",
|
||||
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.87.a/linux-hardened-5.4.87.a.patch"
|
||||
},
|
||||
"5.9": {
|
||||
"extra": "",
|
||||
"name": "linux-hardened-5.9.16.a.patch",
|
||||
"sha256": "024wdzc9bwgr4nd4z0l6bazcl35jczhsmdl2lb26bvffjwg207rw",
|
||||
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.16.a/linux-hardened-5.9.16.a.patch"
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ VersionComponent = Union[int, str]
|
|||
Version = List[VersionComponent]
|
||||
|
||||
|
||||
Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str})
|
||||
Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str, "extra": str})
|
||||
|
||||
|
||||
@dataclass
|
||||
|
|
@ -99,7 +99,10 @@ def verify_openpgp_signature(
|
|||
return False
|
||||
|
||||
|
||||
def fetch_patch(*, name: str, release: GitRelease) -> Optional[Patch]:
|
||||
def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]:
|
||||
release = release_info.release
|
||||
extra = f'.{release_info.version[-1]}'
|
||||
|
||||
def find_asset(filename: str) -> str:
|
||||
try:
|
||||
it: Iterator[str] = (
|
||||
|
|
@ -130,7 +133,7 @@ def fetch_patch(*, name: str, release: GitRelease) -> Optional[Patch]:
|
|||
if not sig_ok:
|
||||
return None
|
||||
|
||||
return Patch(name=patch_filename, url=patch_url, sha256=sha256)
|
||||
return Patch(name=patch_filename, url=patch_url, sha256=sha256, extra=extra)
|
||||
|
||||
|
||||
def parse_version(version_str: str) -> Version:
|
||||
|
|
@ -252,7 +255,7 @@ for kernel_key in sorted(releases.keys()):
|
|||
update = True
|
||||
|
||||
if update:
|
||||
patch = fetch_patch(name=name, release=release)
|
||||
patch = fetch_patch(name=name, release_info=release_info)
|
||||
if patch is None:
|
||||
failures = True
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -41,7 +41,8 @@
|
|||
hardened = let
|
||||
mkPatch = kernelVersion: src: {
|
||||
name = lib.removeSuffix ".patch" src.name;
|
||||
patch = fetchurl src;
|
||||
patch = fetchurl (lib.filterAttrs (k: v: k != "extra") src);
|
||||
extra = src.extra;
|
||||
};
|
||||
patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json);
|
||||
in lib.mapAttrs mkPatch patches;
|
||||
|
|
|
|||
|
|
@ -19014,7 +19014,7 @@ in
|
|||
kernelPatches.tag_hardened
|
||||
kernelPatches.hardened.${kernel.meta.branch}
|
||||
];
|
||||
modDirVersionArg = kernel.modDirVersion + "-hardened";
|
||||
modDirVersionArg = kernel.modDirVersion + (kernelPatches.hardened.${kernel.meta.branch}).extra + "-hardened";
|
||||
isHardened = true;
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue