kernel: Remove Copperhead

The patches are unmaintained and suggest a false sense of security

nixos/release.nix

@@ -327,7 +327,6 @@ in rec {
   tests.keymap = callSubTests tests/keymap.nix {};
   tests.initrdNetwork = callTest tests/initrd-network.nix {};
   tests.kafka = callSubTests tests/kafka.nix {};
-  tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};
   tests.kernel-latest = callTest tests/kernel-latest.nix {};
   tests.kernel-lts = callTest tests/kernel-lts.nix {};
   tests.kubernetes.dns = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/dns.nix {};

nixos/tests/kernel-copperhead.nix

@@ -1,19 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : {
-  name = "kernel-copperhead";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ nequissimus ];
-  };
-
-  machine = { pkgs, ... }:
-    {
-      boot.kernelPackages = pkgs.linuxPackages_copperhead_lts;
-    };
-
-  testScript =
-    ''
-      $machine->succeed("uname -a");
-      $machine->succeed("uname -s | grep 'Linux'");
-      $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_lts.kernel.modDirVersion}'");
-      $machine->succeed("uname -a | grep 'hardened'");
-    '';
-})

pkgs/os-specific/linux/kernel/linux-copperhead-lts.nix

@@ -1,30 +0,0 @@
-{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, ... } @ args:
-
-with stdenv.lib;
-
-let
-  version = "4.14.44";
-  revision = "a";
-  sha256 = "1alvhpwy9xzppwsag7qh1lkk3l4piyh2fv27w37il6gclja4dxkf";
-
-  # modVersion needs to be x.y.z, will automatically add .0 if needed
-  modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));
-
-  # branchVersion needs to be x.y
-  branchVersion = concatStrings (intersperse "." (take 2 (splitString "." version)));
-
-  modDirVersion = "${modVersion}-hardened";
-in
-buildLinux (args // {
-  inherit modDirVersion;
-
-  version = "${version}-${revision}";
-  extraMeta.branch = "${branchVersion}";
-
-  src = fetchFromGitHub {
-    inherit sha256;
-    owner = "copperhead";
-    repo = "linux-hardened";
-    rev = "${version}.${revision}";
-  };
-} // (args.argsOverride or {}))

pkgs/os-specific/linux/kernel/patches.nix

@@ -28,16 +28,6 @@ rec {
     patch = ./tag-hardened.patch;
   };
 
-  copperhead_4_14 = rec {
-    name = "copperhead-4.14";
-    patch = ./copperhead-4-14.patch;
-  };
-
-  copperhead_4_16 = rec {
-    name = "copperhead-4.16";
-    patch = ./copperhead-4-16.patch;
-  };
-
   # https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6
   iwlwifi_mvm_support_version_7_scan_req_umac_fw_command = rec {
     name = "iwlwifi_mvm_support_version_7_scan_req_umac_fw_command";

pkgs/top-level/all-packages.nix

@@ -13924,14 +13924,6 @@ with pkgs;
       ];
   };
 
-  linux_copperhead_lts = (linux_4_14.override {
-    kernelPatches = linux_4_14.kernelPatches ++ [
-      kernelPatches.copperhead_4_14
-      kernelPatches.tag_hardened
-     ];
-    modDirVersionArg = linux_4_14.modDirVersion + "-hardened";
-  });
-
   # linux mptcp is based on the 4.4 kernel
   linux_mptcp = callPackage ../os-specific/linux/kernel/linux-mptcp.nix {
     kernelPatches =
@@ -14273,8 +14265,6 @@ with pkgs;
 
   linuxPackages_latest_xen_dom0_hardened = recurseIntoAttrs (hardenedLinuxPackagesFor (pkgs.linux_latest.override { features.xen_dom0=true; }));
 
-  linuxPackages_copperhead_lts = recurseIntoAttrs (hardenedLinuxPackagesFor pkgs.linux_copperhead_lts);
-
   # Samus kernels
   linuxPackages_samus_4_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_samus_4_12);
   linuxPackages_samus_latest = linuxPackages_samus_4_12;