3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/os-specific
Maximilian Bosch bb5aa0109b
linux: build hardened kernel with matching releases
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].

This change aims to provide a solution this issue:

* The hardened patchset now references the kernel version it's released
  for (including a sha256 hash for the fixed-output path of the source
  tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
  now, but also overrides version & src to match the kernel version the
  patch was built & tested for.

Refs #140281

[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all
2021-10-20 23:51:52 +02:00
..
bsd netbsd.compat: fix libs by using cctools strip as objcopy 2021-09-22 17:42:12 -07:00
darwin sigtool: 0.1.0 -> 0.1.2 2021-09-25 10:38:35 +09:00
linux linux: build hardened kernel with matching releases 2021-10-20 23:51:52 +02:00
solo5
windows