diff --git a/kernel-cachyos/default.nix b/kernel-cachyos/default.nix index 9486452..810bffa 100644 --- a/kernel-cachyos/default.nix +++ b/kernel-cachyos/default.nix @@ -204,13 +204,13 @@ builtins.listToAttrs ( }) (mkCachyKernel { pname = "linux-cachyos-hardened"; - inherit (linuxSources.latest) version src; + inherit (linuxSources.hardened) version src; configVariant = "linux-cachyos-hardened"; hardened = true; }) (mkCachyKernel { pname = "linux-cachyos-hardened-lto"; - inherit (linuxSources.latest) version src; + inherit (linuxSources.hardened) version src; configVariant = "linux-cachyos-hardened"; hardened = true; lto = "thin"; diff --git a/kernel-cachyos/update.py b/kernel-cachyos/update.py index 2542c6d..57f7f9d 100644 --- a/kernel-cachyos/update.py +++ b/kernel-cachyos/update.py @@ -1,16 +1,19 @@ import json -from pathlib import Path import subprocess import tempfile +from pathlib import Path def get_srctag(variant: str = "latest") -> str: with tempfile.TemporaryDirectory(ignore_cleanup_errors=True) as dir: subprocess.run( - ["nix", "build", ".#cachyos-kernel-input-path", "-o", f"{dir}/result"], check=True + ["nix", "build", ".#cachyos-kernel-input-path", "-o", f"{dir}/result"], + check=True, ) - pkgbuild_path = f"linux-cachyos-{variant}" if variant != "latest" else "linux-cachyos" + pkgbuild_path = ( + f"linux-cachyos-{variant}" if variant != "latest" else "linux-cachyos" + ) with open(f"{dir}/result/{pkgbuild_path}/PKGBUILD") as f: pkgbuild = f.read() @@ -33,7 +36,9 @@ def nix_sha256_to_sri(hash: str) -> str: result = subprocess.run(cmd, capture_output=True, text=True, timeout=300) if result.returncode != 0: - raise RuntimeError(f"nix hash command failed with return code: {result.returncode}") + raise RuntimeError( + f"nix hash command failed with return code: {result.returncode}" + ) output = result.stdout.strip() if not output: @@ -49,7 +54,9 @@ def run_nix_prefetch_url(url: str) -> str: result = subprocess.run(cmd, capture_output=True, text=True, timeout=300) if result.returncode != 0: - raise RuntimeError(f"nix-prefetch-url command failed with return code: {result.returncode}") + raise RuntimeError( + f"nix-prefetch-url command failed with return code: {result.returncode}" + ) output = result.stdout.strip() if not output: @@ -60,7 +67,7 @@ def run_nix_prefetch_url(url: str) -> str: if __name__ == "__main__": versions = {} - for variant in ["latest", "lts", "rc"]: + for variant in ["latest", "lts", "rc", "hardened"]: print(f"{variant=}") srctag = get_srctag(variant) real_version = "-".join(srctag.split("-")[1:-1]) @@ -80,7 +87,9 @@ if __name__ == "__main__": current = Path.cwd() while not (current / "flake.lock").exists(): if current == current.parent: - raise RuntimeError("Could not find flake.lock in any parent directory, exiting") + raise RuntimeError( + "Could not find flake.lock in any parent directory, exiting" + ) current = current.parent output_file = current / "kernel-cachyos" / "version.json" diff --git a/kernel-cachyos/version.json b/kernel-cachyos/version.json index 9920b0c..243c498 100644 --- a/kernel-cachyos/version.json +++ b/kernel-cachyos/version.json @@ -13,5 +13,10 @@ "version": "7.0-rc3", "url": "https://github.com/CachyOS/linux/releases/download/cachyos-7.0-rc3-1/cachyos-7.0-rc3-1.tar.gz", "hash": "sha256-+oWnfrNyTioD00QqvV5mbDoz/h/bjIVe0f+uWekjnFI=" + }, + "hardened": { + "version": "6.18.17", + "url": "https://github.com/CachyOS/linux/releases/download/cachyos-6.18.17-1/cachyos-6.18.17-1.tar.gz", + "hash": "sha256-qpTxo8Q+4Bn3vXl7VHOc4vS4WswrlqNDCr9TQZHdC2Y=" } } \ No newline at end of file