public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/pkgs/os-specific
History
Maximilian Bosch f47c57802e
linux: build hardened kernel with matching releases 
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].

This change aims to provide a solution this issue:

* The hardened patchset now references the kernel version it's released
  for (including a sha256 hash for the fixed-output path of the source
  tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
  now, but also overrides version & src to match the kernel version the
  patch was built & tested for.

Refs #140281

[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all

(cherry picked from commit bb5aa0109b6db98a2e0a7ba88f5e0287e2374384)
 		2021-10-28 22:26:22 +02:00
..
bsd netbsd: 8.0 -> 9.1 2021-05-09 18:56:20 +00:00
darwin darwin.xattr: init at 61.60.1 2021-09-23 00:13:40 +00:00
linux linux: build hardened kernel with matching releases 2021-10-28 22:26:22 +02:00
solo5 solo5: disable checkPhase instead of setting to null, run hooks 2021-03-26 11:06:31 +01:00
windows treewide: All the linker to be chosen independently 2021-05-14 21:29:51 +00:00