f47c57802e
Until now we merged kernel updates even if no hardened versions were available yet. On one hand we don't want to delay patch-level updates, on the other hand users of hardened kernels have frequent breakage now[1]. This change aims to provide a solution this issue: * The hardened patchset now references the kernel version it's released for (including a sha256 hash for the fixed-output path of the source tarball). * The `hardenedKernelFor`-function doesn't just append hardened patches now, but also overrides version & src to match the kernel version the patch was built & tested for. Refs #140281 [1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all (cherry picked from commit bb5aa0109b6db98a2e0a7ba88f5e0287e2374384) |
||
|---|---|---|
| .. | ||
| applications | ||
| build-support | ||
| common-updater | ||
| data | ||
| desktops | ||
| development | ||
| games | ||
| misc | ||
| os-specific | ||
| pkgs-lib | ||
| servers | ||
| shells | ||
| stdenv | ||
| test | ||
| tools | ||
| top-level | ||