From 88486c4e767cb92b0a51d9c41f4e40121c6e3bf1 Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 26 Apr 2020 18:12:14 +0100 Subject: [PATCH] linux/hardened/update.py: get versions with nix(1) --- .../linux/kernel/hardened/update.py | 31 ++++++++----------- 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index 116dd6168919..7960f1264f85 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -170,29 +170,24 @@ patches: Dict[str, Patch] with open(HARDENED_PATCHES_PATH) as patches_file: patches = json.load(patches_file) -NIX_VERSION_RE = re.compile( - r""" - \s* version \s* = - \s* " (?P [^"]*) " - \s* ; \s* \n - """, - re.VERBOSE, -) - # Get the set of currently packaged kernel versions. kernel_versions = {} for filename in os.listdir(NIXPKGS_KERNEL_PATH): filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename) if filename_match: - with open(NIXPKGS_KERNEL_PATH / filename) as nix_file: - for nix_line in nix_file: - match = NIX_VERSION_RE.fullmatch(nix_line) - if match: - kernel_version = parse_version(match.group("version")) - if kernel_version < MIN_KERNEL_VERSION: - continue - kernel_key = major_kernel_version_key(kernel_version) - kernel_versions[kernel_key] = kernel_version + nix_version_expr = f""" + with import {NIXPKGS_PATH} {{}}; + (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version + """ + kernel_version = parse_version( + run( + "nix", "eval", "--impure", "--raw", "--expr", nix_version_expr, + ).stdout.decode("utf-8") + ) + if kernel_version < MIN_KERNEL_VERSION: + continue + kernel_key = major_kernel_version_key(kernel_version) + kernel_versions[kernel_key] = kernel_version # Remove patches for unpackaged kernel versions. for kernel_key in sorted(patches.keys() - kernel_versions.keys()):