From dd50f99e26d30c115ae970e51103f89fde5d2b44 Mon Sep 17 00:00:00 2001 From: K900 Date: Tue, 22 Oct 2024 18:03:11 +0300 Subject: [PATCH 1/3] linux: switch netfilter fix to lore patch URL Expected to be more stable. --- pkgs/os-specific/linux/kernel/patches.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 17598d74e5f6..551fb58ed4ee 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -66,7 +66,7 @@ netfilter-typo-fix = { name = "netfilter-typo-fix"; patch = fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/patch/?id=306ed1728e8438caed30332e1ab46b28c25fe3d8"; + url = "https://lore.kernel.org/netdev/20241021094536.81487-3-pablo@netfilter.org/raw"; hash = "sha256-ZGc1xAIjf+MlV02jhIWZ4jHC742+z/WpN7RenqpU7e4="; }; }; From 9b08aa08ad7c6e32d22ab48f5968cebef1742892 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 23 Oct 2024 20:51:00 +0200 Subject: [PATCH 2/3] linux_6_10: remove, eol --- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 ---------- pkgs/os-specific/linux/kernel/kernels-org.json | 4 ---- pkgs/top-level/linux-kernels.nix | 12 +++--------- 3 files changed, 3 insertions(+), 23 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index bdb0520f6a4b..f409fe00dffc 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -39,16 +39,6 @@ "sha256": "094z3wfcxqx2rbi072i5frshpy6rdvk39aahwm9nc07vc8sxxn4b", "version": "6.1.112" }, - "6.10": { - "patch": { - "extra": "-hardened1", - "name": "linux-hardened-v6.10.12-hardened1.patch", - "sha256": "07z35f4nqj9vgj2ynq7spgckb770a0w0906m7l28i1x0kch2kr3j", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.10.12-hardened1/linux-hardened-v6.10.12-hardened1.patch" - }, - "sha256": "1kvkwgnq5gsdqarrdg32qjrbq1dggxp1x2yy2zpsjsaq5y2mhj2j", - "version": "6.10.12" - }, "6.6": { "patch": { "extra": "-hardened1", diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 764244480419..98391c4d0433 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -23,10 +23,6 @@ "version": "6.6.58", "hash": "sha256:1nwrd017l5m4w12yrcf31y3g0l9xqm5b0fzcqdgan3ypi3jq3pz7" }, - "6.10": { - "version": "6.10.14", - "hash": "sha256:0gj2z9ax1qv59n2mld0pg2svwi28lbq92ql98vy7crynd2ybrram" - }, "6.11": { "version": "6.11.5", "hash": "sha256:01rafnqal2v96dzkabz0irymq4sc9ja00ggyv1xn7yzjnyrqa527" diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 3418a7925ca4..384592c4124d 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -187,14 +187,6 @@ in { ]; }; - linux_6_10 = callPackage ../os-specific/linux/kernel/mainline.nix { - branch = "6.10"; - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - ]; - }; - linux_6_11 = callPackage ../os-specific/linux/kernel/mainline.nix { branch = "6.11"; kernelPatches = [ @@ -288,6 +280,7 @@ in { linux_6_7 = throw "linux 6.7 was removed because it has reached its end of life upstream"; linux_6_8 = throw "linux 6.8 was removed because it has reached its end of life upstream"; linux_6_9 = throw "linux 6.9 was removed because it has reached its end of life upstream"; + linux_6_10 = throw "linux 6.10 was removed because it has reached its end of life upstream"; linux_xanmod_tt = throw "linux_xanmod_tt was removed because upstream no longer offers this option"; @@ -298,6 +291,7 @@ in { linux_6_7_hardened = throw "linux 6.7 was removed because it has reached its end of life upstream"; linux_6_8_hardened = throw "linux 6.8 was removed because it has reached its end of life upstream"; linux_6_9_hardened = throw "linux 6.9 was removed because it has reached its end of life upstream"; + linux_6_10_hardened = throw "linux 6.9 was removed because it has reached its end of life upstream"; })); /* Linux kernel modules are inherently tied to a specific kernel. So rather than provide specific instances of those packages for a @@ -627,7 +621,6 @@ in { linux_5_15 = recurseIntoAttrs (packagesFor kernels.linux_5_15); linux_6_1 = recurseIntoAttrs (packagesFor kernels.linux_6_1); linux_6_6 = recurseIntoAttrs (packagesFor kernels.linux_6_6); - linux_6_10 = recurseIntoAttrs (packagesFor kernels.linux_6_10); linux_6_11 = recurseIntoAttrs (packagesFor kernels.linux_6_11); } // lib.optionalAttrs config.allowAliases { linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11"; # Added 2023-10-11 @@ -637,6 +630,7 @@ in { linux_6_7 = throw "linux 6.7 was removed because it reached its end of life upstream"; # Added 2024-04-04 linux_6_8 = throw "linux 6.8 was removed because it reached its end of life upstream"; # Added 2024-08-02 linux_6_9 = throw "linux 6.9 was removed because it reached its end of life upstream"; # Added 2024-08-02 + linux_6_10 = throw "linux 6.10 was removed because it reached its end of life upstream"; # Added 2024-10-23 }; rtPackages = { From db1e1ed86114fdd837a75a4d55ecd53faefefab4 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 23 Oct 2024 21:21:17 +0200 Subject: [PATCH 3/3] linux_hardened: hacky build fix Closes #350681 The netfilter patch doesn't apply on the hardened branch. It will (hopefully) be upstream anyways soon, so let's just ignore it here to unbreak hardened for everyone else. --- pkgs/top-level/linux-kernels.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index 384592c4124d..b9225acdb2b7 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -54,7 +54,7 @@ let broken = kernel.meta.broken; }; }; - kernelPatches = kernel.kernelPatches ++ [ + kernelPatches = lib.filter ({ name ? null, ... }: name != "netfilter-typo-fix") kernel.kernelPatches ++ [ kernelPatches.hardened.${kernel.meta.branch} ]; isHardened = true;