linux/hardened/update.py: get versions with nix(1)

2020-04-26 18:12:14 +01:00 · 2020-04-26 18:12:14 +01:00 · 88486c4e76
commit 88486c4e76
parent e77d174fcd
1 changed files with 13 additions and 18 deletions
--- a/pkgs/os-specific/linux/kernel/hardened/update.py
+++ b/pkgs/os-specific/linux/kernel/hardened/update.py
@ -170,29 +170,24 @@ patches: Dict[str, Patch]
 with open(HARDENED_PATCHES_PATH) as patches_file:
    patches = json.load(patches_file)
 NIX_VERSION_RE = re.compile(
    r"""
        \s* version \s* =
        \s* " (?P<version> [^"]*) "
        \s* ; \s* \n
    """,
    re.VERBOSE,
 )
 # Get the set of currently packaged kernel versions.
 kernel_versions = {}
 for filename in os.listdir(NIXPKGS_KERNEL_PATH):
    filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename)
    if filename_match:
-        with open(NIXPKGS_KERNEL_PATH / filename) as nix_file:
+        nix_version_expr = f"""
-            for nix_line in nix_file:
+            with import {NIXPKGS_PATH} {{}};
-                match = NIX_VERSION_RE.fullmatch(nix_line)
+            (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version
-                if match:
+        """
-                    kernel_version = parse_version(match.group("version"))
+        kernel_version = parse_version(
-                    if kernel_version < MIN_KERNEL_VERSION:
+            run(
-                        continue
+                "nix", "eval", "--impure", "--raw", "--expr", nix_version_expr,
-                    kernel_key = major_kernel_version_key(kernel_version)
+            ).stdout.decode("utf-8")
-                    kernel_versions[kernel_key] = kernel_version
+        )
        if kernel_version < MIN_KERNEL_VERSION:
            continue
        kernel_key = major_kernel_version_key(kernel_version)
        kernel_versions[kernel_key] = kernel_version
 # Remove patches for unpackaged kernel versions.
 for kernel_key in sorted(patches.keys() - kernel_versions.keys()):