3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/os-specific/linux
Maximilian Bosch bb5aa0109b
linux: build hardened kernel with matching releases
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].

This change aims to provide a solution this issue:

* The hardened patchset now references the kernel version it's released
  for (including a sha256 hash for the fixed-output path of the source
  tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
  now, but also overrides version & src to match the kernel version the
  patch was built & tested for.

Refs #140281

[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all
2021-10-20 23:51:52 +02:00
..
915resolution
acpi
acpi-call
acpid
acpitool
afuse
akvcam
alsa-project
amdgpu-pro
anbox
android-udev-rules
apfs apfs: unstable-2021-06-25 -> unstable-2021-09-21 2021-09-25 20:24:23 +02:00
apparmor
aseq2json
asus-wmi-sensors
atop
audit
autofs
autosuspend autosuspend: init at 4.0.0 (#140532) 2021-10-05 17:27:35 +02:00
batman-adv
bbswitch
bcc
beefi
bionic-prebuilt
blktrace
bluez
bolt bolt: fix tests 2021-10-09 21:35:55 +02:00
bpfmon bpfmon: init at 2.50 2021-10-05 22:22:04 +03:00
bpftools
bpftrace
bridge-utils
brillo
broadcom-sta
btfs
busybox busybox: use more featureful modprobe by default 2021-10-13 17:30:25 +00:00
cachefilesd
can-isotp
can-utils
catfs
checkpolicy
checksec
chromium-xorg-conf
cifs-utils
compsize
conky
conntrack-tools
consoletools
conspy
cpufrequtils
cpuid
cpupower
cpupower-gui
cpuset
cpustat
cramfsprogs
cramfsswap
crda
criu
cryptodev
cryptsetup
cshatag
dbus-broker
ddcci
device-tree
devmem2
digimend
directvnc
disk-indicator
displaylink
dlm
dmidecode dmidecode: support cross-compilation 2021-10-07 21:03:25 +02:00
dmraid
dmtcp
dpdk
dpdk-kmods
drbd
dropwatch
dstat
e1000e
earlyoom
ebtables
edac-utils
ell
ena
erofs-utils erofs-utils: 1.2.1 -> 1.3 2021-10-01 09:43:35 +02:00
eudev eudev: fix homepage link 2021-10-04 14:27:37 +08:00
evdi
eventstat
exfat
extrace
facetimehd
fatrace
fbterm
ffado
firejail
firmware sof-firmware: 1.7 -> 1.9 2021-10-06 11:47:41 +02:00
flashbench
fnotifystat
forkstat
forktty
freefall
fscrypt
fscryptctl
fswebcam
ftop
fuse
fwts
fxload
g15daemon
gcadapter-oc-kmod
gfxtablet
gobi_loader
gogoclient
google-authenticator
gpu-switch
gradm
greetd
gtkgreet
guvcview
hd-idle
hdapsd
hdparm
health-check
hibernate
hid-nintendo linuxPackages.hid-nintendo: 3.1 -> 3.2 2021-10-04 21:57:49 +00:00
hostapd
hwdata
hyperv-daemons
i2c-tools i2c-tools: switch to fetchgit and separate man 2021-05-08 13:23:36 -07:00
i7z
i810switch
ifenslave
ifmetric
iio-sensor-proxy
ima-evm-utils
input-utils
intel-compute-runtime
intel-ocl
intel-speed-select
iomelt
ioport
iotop
iotop-c
iproute iproute_mptcp: Fix the build 2021-09-24 12:28:51 +02:00
ipsec-tools
ipset
iptables
iptstate
iputils
ipvsadm
irqbalance
isgx
it87
iw
iwd
ixgbevf
jfbview
jool
joycond joycond: unstable-2021-03-27 -> unstable-2021-07-30 2021-10-06 13:19:36 +11:00
jujuutils
kbd
kbdlight
kernel linux: build hardened kernel with matching releases 2021-10-20 23:51:52 +02:00
kernel-headers
kexec-tools
keyutils
kinect-audio-setup
klibc
kmod
kmod-blacklist-ubuntu
kmod-debian-aliases
kmscon
kmscube
kvmfr
latencytop
ldm
ledger-udev-rules
libaio
libatasmart
libbpf
libcap
libcap-ng
libcgroup
libevdevc
libgestures
libnl
libpsm2
libratbag
libselinux
libsemanage
libsepol
libsmbios
libudev0-shim
libvolume_id
libwebcam
light
lightum
linuxptp
lksctp-tools
lm-sensors lm_sensors: fix for cross compilation (#139577) 2021-09-28 11:00:15 -04:00
lockdep
logitech-udev-rules
lsb-release
lsiutil
lsscsi
lttng-modules
lvm2
lxc
lxcfs
macchanger
mba6x_bl
mbp-modules/mbp2018-bridge-drv
mbpfan
mceinject mceinject: init at unstable-2013-01-19 2021-10-03 16:14:47 -07:00
mcelog
mdadm
mdevd skawarePackages: Fall 2021 release 2021-09-27 14:28:43 +02:00
metastore
microcode
mingetty
miraclecast
mkinitcpio-nfs-utils
mmc-utils
molly-guard
msr-tools
mstpd
multipath-tools multipath-tools: deprecate systemd-udev-settle.service 2021-10-08 09:47:01 -04:00
musl
musl-fts
musl-obstack
mwprocapture
mxu11x0
ndiswrapper
net-tools
netatop
nfs-utils
nftables
nixos-rebuild
nmon nmon: fix cross-compiling 2021-10-19 21:13:48 +02:00
nss_ldap
numactl
numad treewide: clean up fedorahosted.org URLs (#139977) 2021-10-15 06:11:42 +03:00
numatop
numworks-udev-rules
nvidia-x11 linuxPackages.nvidia_x11_beta: 470.42.01 -> 495.29.05 2021-10-16 13:54:56 -07:00
nvidiabl
nvme-cli nvme-cli: 1.14 -> 1.15 2021-09-30 15:16:22 +02:00
nvmet-cli
oci-seccomp-bpf-hook
odp-dpdk
open-iscsi
open-isns
opengl/xorg-sys
openrazer
openvswitch
otpw
pagemon
pam
pam_ccreds
pam_gnupg
pam_krb5
pam_ldap
pam_mount
pam_p11
pam_pgsql
pam_ssh_agent_auth
pam_u2f
pam_usb
pax-utils
paxctl
paxtest
pcimem
pcm
pcmciautils
perf-tools
pflask
phc-intel
piper
pipework
pktgen
ply
plymouth
pm-utils
pmount
policycoreutils
pommed-light
power-calibrate
power-profiles-daemon
powercap
powerstat
powertop powertop: fix musl build 2021-10-14 20:20:09 -07:00
pps-tools
prl-tools
procdump
procps-ng
pscircle
psftools
psmisc
qmk-udev-rules
r8125
r8168
radeontools
radeontop
raspberrypi-eeprom
rdma-core rdma-core: 36.0 -> 37.0 2021-10-04 22:28:20 +02:00
read-edid
regionset
reptyr
restool
rewritefs rewritefs: add unstable prefix 2021-10-03 23:54:20 +02:00
rfkill
roccat-tools
rtkit
rtl88x2bu
rtl88xxau-aircrack
rtl8188eus-aircrack
rtl8192eu
rtl8723bs
rtl8812au
rtl8814au
rtl8821au
rtl8821ce
rtl8821cu
rtw88
rtw89
ryzenadj
s6-linux-init skawarePackages: Fall 2021 release 2021-09-27 14:28:43 +02:00
s6-linux-utils skawarePackages: Fall 2021 release 2021-09-27 14:28:43 +02:00
sch_cake
schedtool
sd-switch
sdnotify-wrapper skawarePackages: Fall 2021 release 2021-09-27 14:28:43 +02:00
sdparm
selinux-python
selinux-sandbox
semodule-utils
sepolgen
service-wrapper
setools
seturgent
shadow
sinit
smem
smemstat
speedometer
sssd
statifier
swapview
switcheroo-control
sydbox sydbox: init at 2.2.0 2021-09-27 08:15:44 +02:00
syscall_limiter
sysdig
sysfsutils
sysklogd
syslinux
sysstat
system76 linuxPackages.system76: 1.0.12 -> 1.0.13 2021-10-04 21:58:13 +00:00
system76-acpi linuxPackages.system76-acpi: 1.0.1 -> 1.0.2 2021-09-28 07:34:34 +00:00
system76-io
system76-power linuxPackages.system76-power: 1.1.17 -> 1.1.18 2021-10-04 21:58:13 +00:00
systemd libgpg-error: rename from libgpgerror 2021-10-06 18:23:43 -07:00
systemd-wait
sysvinit
target-isns
targetcli
tbs linuxPackages.tbs: mark broken 2021-10-14 00:38:41 +03:00
tcp-wrappers
teck-udev-rules
thunderbolt
tiptop
tiscamera
tmon
tomb
tp_smapi
tpacpi-bat
trace-cmd
trezor-udev-rules
trinity
tuigreet
tuna
tunctl
turbostat
tuxedo-keyboard
uclibc
udisks
udisks-glue
undervolt
unstick
untie
upower
usbguard
usbip
usbtop
usbutils
usermount
util-linux
uvcdynctrl
v4l-utils
v4l2loopback
v86d
veikk-linux-driver
vendor-reset
virtualbox
waydroid waydroid: Init at 1.1.1 2021-10-03 21:25:46 +03:00
wireguard
wireless-tools
wlgreet
wooting-udev-rules
wpa_supplicant nixos/tests/wpa_supplicant: init 2021-09-29 09:10:39 +02:00
x86_energy_perf_policy
x86info
xf86-input-cmt
xf86-input-wacom
xf86-video-nested
xmm7360-pci
xpadneo
xsensors
zenmonitor
zenpower
zenstates
zfs zfs: add docs why we strip symbols manual 2021-10-18 09:49:40 +02:00
zsa-udev-rules