mirror of
https://github.com/xddxdd/nix-cachyos-kernel.git
synced 2026-07-03 11:08:07 +02:00
Add hardened kernel source (#47)
* fmt: run ruff and isort on kernel-cachyos/update.py * Add separate hardened source
This commit is contained in:
parent
86a4ac1656
commit
fc5803132d
@ -204,13 +204,13 @@ builtins.listToAttrs (
|
||||
})
|
||||
(mkCachyKernel {
|
||||
pname = "linux-cachyos-hardened";
|
||||
inherit (linuxSources.latest) version src;
|
||||
inherit (linuxSources.hardened) version src;
|
||||
configVariant = "linux-cachyos-hardened";
|
||||
hardened = true;
|
||||
})
|
||||
(mkCachyKernel {
|
||||
pname = "linux-cachyos-hardened-lto";
|
||||
inherit (linuxSources.latest) version src;
|
||||
inherit (linuxSources.hardened) version src;
|
||||
configVariant = "linux-cachyos-hardened";
|
||||
hardened = true;
|
||||
lto = "thin";
|
||||
|
||||
@ -1,16 +1,19 @@
|
||||
import json
|
||||
from pathlib import Path
|
||||
import subprocess
|
||||
import tempfile
|
||||
from pathlib import Path
|
||||
|
||||
|
||||
def get_srctag(variant: str = "latest") -> str:
|
||||
with tempfile.TemporaryDirectory(ignore_cleanup_errors=True) as dir:
|
||||
subprocess.run(
|
||||
["nix", "build", ".#cachyos-kernel-input-path", "-o", f"{dir}/result"], check=True
|
||||
["nix", "build", ".#cachyos-kernel-input-path", "-o", f"{dir}/result"],
|
||||
check=True,
|
||||
)
|
||||
|
||||
pkgbuild_path = f"linux-cachyos-{variant}" if variant != "latest" else "linux-cachyos"
|
||||
pkgbuild_path = (
|
||||
f"linux-cachyos-{variant}" if variant != "latest" else "linux-cachyos"
|
||||
)
|
||||
|
||||
with open(f"{dir}/result/{pkgbuild_path}/PKGBUILD") as f:
|
||||
pkgbuild = f.read()
|
||||
@ -33,7 +36,9 @@ def nix_sha256_to_sri(hash: str) -> str:
|
||||
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
|
||||
|
||||
if result.returncode != 0:
|
||||
raise RuntimeError(f"nix hash command failed with return code: {result.returncode}")
|
||||
raise RuntimeError(
|
||||
f"nix hash command failed with return code: {result.returncode}"
|
||||
)
|
||||
|
||||
output = result.stdout.strip()
|
||||
if not output:
|
||||
@ -49,7 +54,9 @@ def run_nix_prefetch_url(url: str) -> str:
|
||||
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
|
||||
|
||||
if result.returncode != 0:
|
||||
raise RuntimeError(f"nix-prefetch-url command failed with return code: {result.returncode}")
|
||||
raise RuntimeError(
|
||||
f"nix-prefetch-url command failed with return code: {result.returncode}"
|
||||
)
|
||||
|
||||
output = result.stdout.strip()
|
||||
if not output:
|
||||
@ -60,7 +67,7 @@ def run_nix_prefetch_url(url: str) -> str:
|
||||
|
||||
if __name__ == "__main__":
|
||||
versions = {}
|
||||
for variant in ["latest", "lts", "rc"]:
|
||||
for variant in ["latest", "lts", "rc", "hardened"]:
|
||||
print(f"{variant=}")
|
||||
srctag = get_srctag(variant)
|
||||
real_version = "-".join(srctag.split("-")[1:-1])
|
||||
@ -80,7 +87,9 @@ if __name__ == "__main__":
|
||||
current = Path.cwd()
|
||||
while not (current / "flake.lock").exists():
|
||||
if current == current.parent:
|
||||
raise RuntimeError("Could not find flake.lock in any parent directory, exiting")
|
||||
raise RuntimeError(
|
||||
"Could not find flake.lock in any parent directory, exiting"
|
||||
)
|
||||
current = current.parent
|
||||
|
||||
output_file = current / "kernel-cachyos" / "version.json"
|
||||
|
||||
@ -13,5 +13,10 @@
|
||||
"version": "7.0-rc3",
|
||||
"url": "https://github.com/CachyOS/linux/releases/download/cachyos-7.0-rc3-1/cachyos-7.0-rc3-1.tar.gz",
|
||||
"hash": "sha256-+oWnfrNyTioD00QqvV5mbDoz/h/bjIVe0f+uWekjnFI="
|
||||
},
|
||||
"hardened": {
|
||||
"version": "6.18.17",
|
||||
"url": "https://github.com/CachyOS/linux/releases/download/cachyos-6.18.17-1/cachyos-6.18.17-1.tar.gz",
|
||||
"hash": "sha256-qpTxo8Q+4Bn3vXl7VHOc4vS4WswrlqNDCr9TQZHdC2Y="
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user