Merge pull request #242946 from LibreCybernetics/linux_6_4_hardened-init

linux/hardened/patches/6.4: init at 6.4.3-hardened1
2023-07-14 18:04:49 +02:00 · 2023-07-14 18:04:49 +02:00 · 01f286cb66
parent 22d4983e9a ad38070be8
commit 01f286cb66
5 changed files with 16 additions and 1 deletions
--- a/nixos/tests/kernel-generic.nix
+++ b/nixos/tests/kernel-generic.nix
@ -32,6 +32,7 @@ let
      linux_5_15_hardened
      linux_6_1_hardened
      linux_6_3_hardened
+      linux_6_4_hardened

      linux_testing;
  };
--- a/pkgs/os-specific/linux/kernel/hardened/config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened/config.nix
@ -28,7 +28,7 @@ assert (versionAtLeast version "4.9");
  #
  # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the
  # config builder fails to detect that it has indeed been unset.
-  SECURITY_SELINUX_DISABLE = no;
+  SECURITY_SELINUX_DISABLE = whenOlder "6.4" no; # On 6.4: error: unused option: SECURITY_SELINUX_DISABLE
  SECURITY_WRITABLE_HOOKS  = option no;

  STRICT_KERNEL_RWX = yes;
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@ -68,5 +68,15 @@
        },
        "sha256": "1mvcirkhqnf03cci3jiq077fs9b42a3xdk3zjkpyim3x43ydwzyb",
        "version": "6.3.12"
+    },
+    "6.4": {
+        "patch": {
+            "extra": "-hardened1",
+            "name": "linux-hardened-6.4.3-hardened1.patch",
+            "sha256": "1xwy9088f8qy7algv1gad90gd6sv03diz16jvfnk2yb01k4f87wv",
+            "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.3-hardened1/linux-hardened-6.4.3-hardened1.patch"
+        },
+        "sha256": "18c8ikghvlr6h9jajy11dldck4h57wl301j14rxg7xhd6qlysd3i",
+        "version": "6.4.3"
    }
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -27651,6 +27651,8 @@ with pkgs;
  linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened;
  linuxPackages_6_3_hardened = linuxKernel.packages.linux_6_3_hardened;
  linux_6_3_hardened = linuxKernel.kernels.linux_6_3_hardened;
+  linuxPackages_6_4_hardened = linuxKernel.packages.linux_6_4_hardened;
+  linux_6_4_hardened = linuxKernel.kernels.linux_6_4_hardened;

  # Hardkernel (Odroid) kernels.
  linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest;
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@ -268,6 +268,7 @@ in {
    linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { };
    linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { };
    linux_6_3_hardened = hardenedKernelFor kernels.linux_6_3 { };
+    linux_6_4_hardened = hardenedKernelFor kernels.linux_6_4 { };

  } // lib.optionalAttrs config.allowAliases {
    linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
@ -614,6 +615,7 @@ in {
    linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened);
    linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened);
    linux_6_3_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_3_hardened);
+    linux_6_4_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_4_hardened);

    linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen);
    linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);