dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
578,991 Commits 3 Branches 0 Tags 4.3 GiB
9d551ab298
Commit Graph

26019 Commits

Author SHA1 Message Date
Tamara Schmitz
b80c3284d5
nixos/hardened: update hardened profile to new recommendations 
Borrowing from here to match hardened profile with more recent kernels:
* https://madaidans-insecurities.github.io/guides/linux-hardening.html?#boot-parameters
* https://github.com/a13xp0p0v/kernel-hardening-checker/

Removed "slub_debug" as that option disables kernel memory address
hashing. You also see a big warning about this in the dmesg:
"This system shows unhashed kernel memory addresses via the console, logs, and other interfaces."

"init_on_alloc=1" and "init_on_free=1" zeroes all SLAB and SLUB allocations. Introduced in 6471384af2a6530696fc0203bafe4de41a23c9ef. Also the default for the Android Google kernel btw. It is on by default through the KConfig.

"slab_nomerge" prevents the merging of slab/slub caches. These are
effectively slab/slub pools.

"LEGACY_VSYSCALL_NONE" disables the older vsyscall mechanic that relies on
static address. It got superseeded by vdsos a decade ago. Read some
LWN.net to learn more ;)

"debugfs=off" I'm sure there are some few userspace programs that rely on
debugfs, but they shouldn't.

Most other things mentioned on the blog where already the default on a
running machine or may not be applicable.

Most other Kconfigs changes come from the kernel hardening checker and
were added, when they were not applied to the kernel already.

Unsure about CONFIG_STATIC_USERMODEHELPER. Would need testing.
 2024-01-27 20:43:58 +00:00
Weijia Wang
1eb10bd6bd darwin.moltenvk: 1.2.4 -> 1.2.7 2024-01-27 14:46:04 +01:00
Jerry Starke
944aef9fb7 linuxKernel.kernels.linux_lqx: 6.7.1-lqx1 -> 6.7.2-lqx1 2024-01-26 22:17:51 +01:00
Jerry Starke
3390aa1aed linuxKernel.kernels.linux_zen: 6.7.1-zen1 -> 6.7.2-zen1 2024-01-26 22:16:32 +01:00
Austin Horstman
ac881414a6
yabai: 6.0.6 -> 6.0.7 2024-01-26 13:30:14 -06:00
Kiskae
2817ffc8e1 linuxPackages_latest.nvidiaPackages.{latest,vulkan_beta}.open: broken on 6.7 2024-01-26 18:05:51 +01:00
R. Ryantm
3f5f020da5 pcm: 202311 -> 202401 2024-01-26 16:41:12 +01:00
Maximilian Bosch
704180bbbb
Merge pull request #283883 from alyssais/linux-5.10.209 
Linux kernels 2024-01-25
 2024-01-26 12:12:47 +01:00
Nick Cao
6620368452
Merge pull request #283804 from Kiskae/nvidia/535.43.23 
linuxPackages.nvidiaPackages.vulkan_beta: 535.43.22 -> 535.43.23
 2024-01-25 22:10:36 -05:00
Alyssa Ross
e264cdc38b
linux_6_1: 6.1.74 -> 6.1.75 2024-01-26 01:43:12 +01:00
Alyssa Ross
f8f2cdd2c7
linux_6_6: 6.6.13 -> 6.6.14 2024-01-26 01:42:58 +01:00
Alyssa Ross
02c63fa701
linux_6_7: 6.7.1 -> 6.7.2 2024-01-26 01:42:47 +01:00
R. Ryantm
914bb49f4e bpftrace: 0.19.1 -> 0.20.0 2024-01-26 01:06:23 +01:00
Alyssa Ross
249fef32c4
linux_5_15: 5.15.147 -> 5.15.148 2024-01-26 00:37:55 +01:00
Alyssa Ross
bf749233db
linux_4_19: 4.19.305 -> 4.19.306 2024-01-26 00:11:45 +01:00
Alyssa Ross
214ce1fd7a
linux_5_4: 5.4.267 -> 5.4.268 2024-01-26 00:11:33 +01:00
Alyssa Ross
749faf6609
linux_5_10: 5.10.208 -> 5.10.209 2024-01-26 00:11:17 +01:00
K900
aeda66611b
Revert "mdevctl: 1.2.0 -> 1.3.0" 2024-01-25 22:25:39 +03:00
Kiskae
c789a32040 linuxPackages.nvidiaPackages.vulkan_beta: 535.43.22 -> 535.43.23 2024-01-25 18:42:38 +01:00
Nick Cao
d559047519
Merge pull request #283562 from Kiskae/nvidia/550.40.07 
linuxPackages.nvidiaPackages.beta: 545.23.06 -> 550.40.07
 2024-01-25 08:53:25 -05:00
Nick Cao
e9780ce6c6
Merge pull request #283573 from NickCao/uhk-agent 
uhk-agent: 3.2.2 -> 3.3.0
 2024-01-25 07:57:29 -05:00
Nick Cao
31766fca35
Merge pull request #283729 from trofi/nvidia-x11-revert-useLibs-assert 
nvidia-x11: revert "add an assert that `useSettings` implies more tha…
 2024-01-25 07:24:43 -05:00
annalee
5650490844
windows.crossThreadsStdenv: llvmPackages_8 -> llvmPackages 
removing references to llvmPackages_8 in preparation to drop it from the
tree
 2024-01-25 12:23:35 +00:00
github-actions[bot]
8c2ba7797a
Merge master into staging-next 2024-01-25 12:01:19 +00:00
Naïm Favier
6d11e88fed
Merge pull request #280945 from katexochen/treewide/unref-patches 
treewide: cleanup unreferenced patch files
 2024-01-25 12:42:50 +01:00
Sergei Trofimovich
b2ee4908ad nvidia-x11: revert "add an assert that useSettings implies more than libsOnly" 
THe change caused nixGL instantiation failures:

- https://github.com/nix-community/nixGL/issues/157
- https://github.com/nix-community/nixGL/issues/154

I missed the fact that there is no easy way to oberride `useSettings` as
it's an internal argument as ollosed to `useLibs`.

Instead of fixing it let's revert it back and try again later.

This reverts commit 9c51fb0606.
 2024-01-25 10:09:22 +00:00
Vladimír Čunát
a763026780
linux-pam: fixup build on musl 
In particular, nixStatic was blocked by this.
https://hydra.nixos.org/build/247250976/nixlog/46/tail
 2024-01-25 09:16:25 +01:00
R. Ryantm
81dbffe493 fwts: 23.11.00 -> 24.01.00 2024-01-25 07:54:41 +00:00
github-actions[bot]
a4b5a14b07
Merge master into staging-next 2024-01-25 00:02:13 +00:00
Alyssa Ross
0a95fd24f0
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
	pkgs/development/libraries/libunwind/default.nix
 2024-01-24 22:00:49 +01:00
Nick Cao
81294f9c6c
uhk-agent: 3.2.2 -> 3.3.0 
Diff: https://github.com/UltimateHackingKeyboard/agent/compare/v3.2.2...v3.3.0
 2024-01-24 14:34:21 -05:00
r-vdp
643b6647fb
fwupd: move to by-name 2024-01-24 20:29:08 +01:00
r-vdp
28ea07d4e3
fwupd: 1.9.11 -> 1.9.12 
The fwupd daemon refuses to start when there is an uefi_capsule key without any
values in the config file, so I modified the module to only include this
key when there are actually values that go inside.
 2024-01-24 20:29:01 +01:00
Kiskae
0f71ad2021 linuxPackages.nvidiaPackages.beta: 545.23.06 -> 550.40.07 2024-01-24 20:06:59 +01:00
kirillrdy
0192f366a4
Merge pull request #277694 from TheBrainScrambler/nvidia-390-update 
nvidia-x11.legacy_390: fix bug
 2024-01-24 22:35:27 +09:00
Sandro
a26e82d881
Merge pull request #283311 from r-ryantm/auto-update/intel-compute-runtime 2024-01-24 13:16:24 +01:00
github-actions[bot]
bd24648ae1
Merge master into staging-next 2024-01-24 06:00:59 +00:00
Nick Cao
3cea6265e4
Merge pull request #281172 from otavio/bu 
linuxPackages.rtl88x2bu: unstable-2023-09-24 -> unstable-2023-11-29
 2024-01-23 19:38:36 -05:00
Nick Cao
3e81f47b8c
Merge pull request #282426 from Luflosi/update/linuxPackages.apfs 
linuxPackages.apfs: 0.3.6 -> 0.3.7
 2024-01-23 19:34:09 -05:00
Nick Cao
01d56f8b34
Merge pull request #283325 from deepfire/0-gh-fix-rtl8812au 
rtl8812au:  fix build by bumping to unstable-2024-01-19
 2024-01-23 19:31:44 -05:00
github-actions[bot]
6a4e9dff73
Merge master into staging-next 2024-01-24 00:02:25 +00:00
Franz Pletz
5b91a0cca2
Merge pull request #282738 from mkg20001/openwrt 2024-01-23 23:13:11 +01:00
R. Ryantm
5c33190276 intel-compute-runtime: 23.35.27191.9 -> 23.43.27642.18 2024-01-23 21:14:00 +00:00
Kosyrev Serge
61686ba251 rtl8812au: fix build by bumping to unstable-2024-01-19 
The build failure:

/build/source/os_dep/linux/ioctl_cfg80211.c:10473:26: error: initialization of 'int (*)(struct wiphy *, struct net_device *, struct cfg80211_ap_update *)' from incompatible pointer type 'int (*)(struct wiphy *, struct net_device *, struct cfg80211_beacon_data *)' [8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wincompatible-pointer-types-Werror=incompatible-pointer-types8;;]
10473 |         .change_beacon = cfg80211_rtw_change_beacon,
      |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~
/build/source/os_dep/linux/ioctl_cfg80211.c:10473:26: note: (near initialization for 'rtw_cfg80211_ops.change_beacon')
 2024-01-24 00:07:51 +04:00
R. Ryantm
bb404b0e99 rdma-core: 49.0 -> 49.1 2024-01-23 17:42:02 +00:00
github-actions[bot]
568f381221
Merge master into staging-next 2024-01-23 12:01:17 +00:00
Franz Pletz
e7c61397a6
Merge pull request #283118 from panchoh/iotop_meta.mainProgram 
iotop: add meta.mainProgram
 2024-01-23 08:31:03 +01:00
Atemu
4a322ccd6a
Merge pull request #282529 from zzzsyyy/update/xanmod 
linux_xanmod, linux_xanmod_latest: 2024-01-20
 2024-01-23 08:07:21 +01:00
pancho horrillo
d7168269c8
iotop: add meta.mainProgram 2024-01-23 07:39:53 +01:00
github-actions[bot]
70e275b1cb
Merge master into staging-next 2024-01-23 06:00:55 +00:00
github-actions[bot]
8303a96c2d
Merge master into staging-next 2024-01-23 00:02:30 +00:00
pancho horrillo
242faeffee
iotop-c: add meta.mainProgram 2024-01-23 00:25:36 +01:00
Alyssa Ross
d6fc2bf149 linux/hardened/patches/6.6: 6.6.12-hardened1 -> 6.6.13-hardened1 2024-01-22 20:23:03 +01:00
Alyssa Ross
c909e231a2 linux/hardened/patches/6.1: 6.1.73-hardened1 -> 6.1.74-hardened1 2024-01-22 20:23:03 +01:00
Alyssa Ross
34076dea42 linux_testing: 6.7 -> 6.8-rc1 2024-01-22 20:23:03 +01:00
github-actions[bot]
3c7375b75c
Merge master into staging-next 2024-01-22 18:00:55 +00:00
Félix Baylac Jacqué
cf3391dc01 ncncd: unstable-2023-10-26 -> unstable-2024-01-16 
All our modifications have been merged upstream. There's no need to
point to the Nix Community fork anymore, pointing to
upstream (twosigma) instead.

Fixes #282485
 2024-01-22 14:57:47 +01:00
Julian Stecklina
3581265259 linux: remove unused features 2024-01-22 13:19:32 +01:00
github-actions[bot]
3a8094730e
Merge master into staging-next 2024-01-22 12:01:10 +00:00
Thiago Kenji Okada
429ebe89a8
Merge pull request #282790 from JerrySM64/update-linux-zen 
linuxKernel.kernels.linux_zen: 6.7-zen3 -> 6.7.1-zen1
 2024-01-22 10:15:57 +00:00
Jerry Starke
2d9feef710 linuxKernel.kernels.linux_zen: 6.7-zen3 -> 6.7.1-zen1 2024-01-22 06:07:52 +01:00
Maciej Krüger
72f3f37776
libnl-tiny: unstable-2023-07-27 -> unstable-2023-12-05 2024-01-22 01:42:13 +01:00
github-actions[bot]
dceddd03df
Merge master into staging-next 2024-01-22 00:02:14 +00:00
Thiago Kenji Okada
35d61a923b
Merge pull request #282598 from JerrySM64/update-linux-zen 
linuxKernel.kernels.linux_lqx: 6.6.12-lqx1 -> 6.7.1-lqx1
 2024-01-21 22:45:17 +00:00
Jerry Starke
3d80174e19 linuxKernel.kernels.linux_lqx: 6.6.12-lqx1 -> 6.7.1-lqx1 2024-01-21 15:12:10 +01:00
zzzsyyy
f571fc09f1
linux_xanmod_latest: 6.6.10 -> 6.6.13 2024-01-21 17:08:45 +08:00
zzzsyyy
19eb915fb8
linux_xanmod: 6.1.72 -> 6.1.74 2024-01-21 16:46:20 +08:00
R. Ryantm
36ad1f8279 android-udev-rules: 20231207 -> 20240114 2024-01-21 03:58:22 +00:00
github-actions[bot]
4dea63e421
Merge master into staging-next 2024-01-20 18:01:02 +00:00
Nick Cao
609db724c9
Merge pull request #282282 from r-ryantm/auto-update/health-check 
health-check: 0.03.12 -> 0.04.00
 2024-01-20 10:18:26 -05:00
Mario Rodas
deae535c44
Merge pull request #282325 from NotEvenANeko/feat/sof-firmware-2023-12 
sof-firmware: 2.2.6 -> 2023.12
 2024-01-20 09:07:26 -05:00
Alyssa Ross
68b63c306a systemd: fix build for riscv32 2024-01-20 13:21:24 +01:00
Neko
95f4f8d898
sof-firmware: 2.2.6 -> 2023.12 2024-01-20 20:18:37 +08:00
github-actions[bot]
2aa3d6edac
Merge master into staging-next 2024-01-20 12:00:58 +00:00
K900
6b62de992a linux/hardened/patches/6.6: 6.6.11-hardened1 -> 6.6.12-hardened1 2024-01-20 15:00:22 +03:00
K900
18d7932a21 linux/hardened/patches/6.1: 6.1.72-hardened1 -> 6.1.73-hardened1 2024-01-20 15:00:16 +03:00
K900
cb75668c47 linux/hardened/patches/5.4: 5.4.266-hardened1 -> 5.4.267-hardened1 2024-01-20 15:00:11 +03:00
K900
22184190bb linux/hardened/patches/5.15: 5.15.146-hardened1 -> 5.15.147-hardened1 2024-01-20 15:00:05 +03:00
K900
f0b4178699 linux/hardened/patches/5.10: 5.10.206-hardened1 -> 5.10.208-hardened1 2024-01-20 14:59:59 +03:00
K900
ee940f3644 linux/hardened/patches/4.19: 4.19.304-hardened1 -> 4.19.305-hardened1 2024-01-20 14:59:53 +03:00
K900
a2564db220 linux-rt_6_1: 6.1.70-rt21 -> 6.1.73-rt22 2024-01-20 14:59:30 +03:00
K900
0f60060f29 linux_6_1: 6.1.73 -> 6.1.74 2024-01-20 14:58:55 +03:00
K900
1b37d0076d linux_6_6: 6.6.12 -> 6.6.13 2024-01-20 14:58:52 +03:00
K900
ce170c3830 linux_6_7: 6.7 -> 6.7.1 2024-01-20 14:58:49 +03:00
R. Ryantm
a25a0f9dbf health-check: 0.03.12 -> 0.04.00 2024-01-20 09:31:57 +00:00
Luflosi
2167a49301
linuxPackages.apfs: 0.3.6 -> 0.3.7 
https://github.com/linux-apfs/linux-apfs-rw/releases/tag/v0.3.7
 2024-01-20 10:21:58 +01:00
Pol Dellaiera
e7bd0dde5a
Merge pull request #281804 from douglaz/patch-1 
nvidia-x11: fix typo
 2024-01-20 08:06:22 +01:00
github-actions[bot]
0cd628f6d5
Merge master into staging-next 2024-01-20 06:01:03 +00:00
Weijia Wang
fe99dde296
Merge pull request #279910 from r-ryantm/auto-update/mdevctl 
mdevctl: 1.2.0 -> 1.3.0
 2024-01-20 05:29:10 +01:00
Weijia Wang
e50a8fa07a
Merge pull request #280585 from r-ryantm/auto-update/eventstat 
eventstat: 0.05.01 -> 0.06.00
 2024-01-20 04:58:21 +01:00
Weijia Wang
cf7ef93b69
Merge pull request #280458 from r-ryantm/auto-update/sasutils 
sasutils: 0.4.0 -> 0.5.0
 2024-01-20 04:45:08 +01:00
github-actions[bot]
650e10b010
Merge master into staging-next 2024-01-20 00:02:16 +00:00
Ben Gamari
6807ea7973 linuxptp: Fix cross-compilation 
Linux-PTP uses a kernel-like build system which requires that the
`CROSS_COMPILE` variable be set to the target prefix when
cross-compiling.
 2024-01-19 14:18:15 -05:00
douglaz
906f27817e nvidia-x11: fix typo 2024-01-19 19:13:15 +00:00
github-actions[bot]
331c789712
Merge master into staging-next 2024-01-19 18:01:00 +00:00
Alyssa Ross
a455c5fb3e Revert "linux: drop XEN on 32-bit" 
This reverts commit 096639c548.

The kernel bug that broke this has now been fixed, and we now set
CONFIG_X86_GENERIC, which would have stopped us being affected by it anyway.
 2024-01-19 13:11:51 +01:00
github-actions[bot]
4679030218
Merge master into staging-next 2024-01-19 12:01:13 +00:00
Robert Hensing
e0000983db
Merge pull request #279170 from SuperSandro2000/nixos-repl-lib 
nixos-rebuild: add lib to repl to make debugging even easier
 2024-01-19 12:29:04 +01:00
github-actions[bot]
b459003bdd
Merge master into staging-next 2024-01-19 00:02:22 +00:00
Nick Cao
1b52dbc490
Merge pull request #281253 from NickCao/nss_ldap-cross 
nss_ldap: fix cross compilation
 2024-01-18 13:10:55 -05:00