From ad38070be80ee67953a622ba9f0951f6ce3fe58b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Tue, 11 Jul 2023 16:42:59 -0600 Subject: [PATCH] linux/hardened/patches/6.4: init at 6.4.3-hardened1 --- nixos/tests/kernel-generic.nix | 1 + pkgs/os-specific/linux/kernel/hardened/config.nix | 2 +- pkgs/os-specific/linux/kernel/hardened/patches.json | 10 ++++++++++ pkgs/top-level/all-packages.nix | 2 ++ pkgs/top-level/linux-kernels.nix | 2 ++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix index 82d9118c6fb..76deb0f0aa1 100644 --- a/nixos/tests/kernel-generic.nix +++ b/nixos/tests/kernel-generic.nix @@ -32,6 +32,7 @@ let linux_5_15_hardened linux_6_1_hardened linux_6_3_hardened + linux_6_4_hardened linux_testing; }; diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index 3f23b8c1344..92192eb79f8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -28,7 +28,7 @@ assert (versionAtLeast version "4.9"); # # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the # config builder fails to detect that it has indeed been unset. - SECURITY_SELINUX_DISABLE = no; + SECURITY_SELINUX_DISABLE = whenOlder "6.4" no; # On 6.4: error: unused option: SECURITY_SELINUX_DISABLE SECURITY_WRITABLE_HOOKS = option no; STRICT_KERNEL_RWX = yes; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 361f3dc80cd..d61e13b25ae 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -68,5 +68,15 @@ }, "sha256": "1mvcirkhqnf03cci3jiq077fs9b42a3xdk3zjkpyim3x43ydwzyb", "version": "6.3.12" + }, + "6.4": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-6.4.3-hardened1.patch", + "sha256": "1xwy9088f8qy7algv1gad90gd6sv03diz16jvfnk2yb01k4f87wv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.3-hardened1/linux-hardened-6.4.3-hardened1.patch" + }, + "sha256": "18c8ikghvlr6h9jajy11dldck4h57wl301j14rxg7xhd6qlysd3i", + "version": "6.4.3" } } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d6bfc26b607..300bf97423c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27605,6 +27605,8 @@ with pkgs; linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened; linuxPackages_6_3_hardened = linuxKernel.packages.linux_6_3_hardened; linux_6_3_hardened = linuxKernel.kernels.linux_6_3_hardened; + linuxPackages_6_4_hardened = linuxKernel.packages.linux_6_4_hardened; + linux_6_4_hardened = linuxKernel.kernels.linux_6_4_hardened; # Hardkernel (Odroid) kernels. linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest; diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index c2492acfe9b..72840c945e1 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -268,6 +268,7 @@ in { linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; linux_6_3_hardened = hardenedKernelFor kernels.linux_6_3 { }; + linux_6_4_hardened = hardenedKernelFor kernels.linux_6_4 { }; } // lib.optionalAttrs config.allowAliases { linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11"; @@ -614,6 +615,7 @@ in { linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened); linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened); linux_6_3_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_3_hardened); + linux_6_4_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_4_hardened); linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);