mirror of
https://github.com/xddxdd/nix-cachyos-kernel.git
synced 2026-07-03 19:18:07 +02:00
Add hardened kernel source (#47)
* fmt: run ruff and isort on kernel-cachyos/update.py * Add separate hardened source
This commit is contained in:
parent
86a4ac1656
commit
fc5803132d
@ -204,13 +204,13 @@ builtins.listToAttrs (
|
|||||||
})
|
})
|
||||||
(mkCachyKernel {
|
(mkCachyKernel {
|
||||||
pname = "linux-cachyos-hardened";
|
pname = "linux-cachyos-hardened";
|
||||||
inherit (linuxSources.latest) version src;
|
inherit (linuxSources.hardened) version src;
|
||||||
configVariant = "linux-cachyos-hardened";
|
configVariant = "linux-cachyos-hardened";
|
||||||
hardened = true;
|
hardened = true;
|
||||||
})
|
})
|
||||||
(mkCachyKernel {
|
(mkCachyKernel {
|
||||||
pname = "linux-cachyos-hardened-lto";
|
pname = "linux-cachyos-hardened-lto";
|
||||||
inherit (linuxSources.latest) version src;
|
inherit (linuxSources.hardened) version src;
|
||||||
configVariant = "linux-cachyos-hardened";
|
configVariant = "linux-cachyos-hardened";
|
||||||
hardened = true;
|
hardened = true;
|
||||||
lto = "thin";
|
lto = "thin";
|
||||||
|
|||||||
@ -1,16 +1,19 @@
|
|||||||
import json
|
import json
|
||||||
from pathlib import Path
|
|
||||||
import subprocess
|
import subprocess
|
||||||
import tempfile
|
import tempfile
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
|
||||||
def get_srctag(variant: str = "latest") -> str:
|
def get_srctag(variant: str = "latest") -> str:
|
||||||
with tempfile.TemporaryDirectory(ignore_cleanup_errors=True) as dir:
|
with tempfile.TemporaryDirectory(ignore_cleanup_errors=True) as dir:
|
||||||
subprocess.run(
|
subprocess.run(
|
||||||
["nix", "build", ".#cachyos-kernel-input-path", "-o", f"{dir}/result"], check=True
|
["nix", "build", ".#cachyos-kernel-input-path", "-o", f"{dir}/result"],
|
||||||
|
check=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
pkgbuild_path = f"linux-cachyos-{variant}" if variant != "latest" else "linux-cachyos"
|
pkgbuild_path = (
|
||||||
|
f"linux-cachyos-{variant}" if variant != "latest" else "linux-cachyos"
|
||||||
|
)
|
||||||
|
|
||||||
with open(f"{dir}/result/{pkgbuild_path}/PKGBUILD") as f:
|
with open(f"{dir}/result/{pkgbuild_path}/PKGBUILD") as f:
|
||||||
pkgbuild = f.read()
|
pkgbuild = f.read()
|
||||||
@ -33,7 +36,9 @@ def nix_sha256_to_sri(hash: str) -> str:
|
|||||||
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
|
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
|
||||||
|
|
||||||
if result.returncode != 0:
|
if result.returncode != 0:
|
||||||
raise RuntimeError(f"nix hash command failed with return code: {result.returncode}")
|
raise RuntimeError(
|
||||||
|
f"nix hash command failed with return code: {result.returncode}"
|
||||||
|
)
|
||||||
|
|
||||||
output = result.stdout.strip()
|
output = result.stdout.strip()
|
||||||
if not output:
|
if not output:
|
||||||
@ -49,7 +54,9 @@ def run_nix_prefetch_url(url: str) -> str:
|
|||||||
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
|
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
|
||||||
|
|
||||||
if result.returncode != 0:
|
if result.returncode != 0:
|
||||||
raise RuntimeError(f"nix-prefetch-url command failed with return code: {result.returncode}")
|
raise RuntimeError(
|
||||||
|
f"nix-prefetch-url command failed with return code: {result.returncode}"
|
||||||
|
)
|
||||||
|
|
||||||
output = result.stdout.strip()
|
output = result.stdout.strip()
|
||||||
if not output:
|
if not output:
|
||||||
@ -60,7 +67,7 @@ def run_nix_prefetch_url(url: str) -> str:
|
|||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
versions = {}
|
versions = {}
|
||||||
for variant in ["latest", "lts", "rc"]:
|
for variant in ["latest", "lts", "rc", "hardened"]:
|
||||||
print(f"{variant=}")
|
print(f"{variant=}")
|
||||||
srctag = get_srctag(variant)
|
srctag = get_srctag(variant)
|
||||||
real_version = "-".join(srctag.split("-")[1:-1])
|
real_version = "-".join(srctag.split("-")[1:-1])
|
||||||
@ -80,7 +87,9 @@ if __name__ == "__main__":
|
|||||||
current = Path.cwd()
|
current = Path.cwd()
|
||||||
while not (current / "flake.lock").exists():
|
while not (current / "flake.lock").exists():
|
||||||
if current == current.parent:
|
if current == current.parent:
|
||||||
raise RuntimeError("Could not find flake.lock in any parent directory, exiting")
|
raise RuntimeError(
|
||||||
|
"Could not find flake.lock in any parent directory, exiting"
|
||||||
|
)
|
||||||
current = current.parent
|
current = current.parent
|
||||||
|
|
||||||
output_file = current / "kernel-cachyos" / "version.json"
|
output_file = current / "kernel-cachyos" / "version.json"
|
||||||
|
|||||||
@ -13,5 +13,10 @@
|
|||||||
"version": "7.0-rc3",
|
"version": "7.0-rc3",
|
||||||
"url": "https://github.com/CachyOS/linux/releases/download/cachyos-7.0-rc3-1/cachyos-7.0-rc3-1.tar.gz",
|
"url": "https://github.com/CachyOS/linux/releases/download/cachyos-7.0-rc3-1/cachyos-7.0-rc3-1.tar.gz",
|
||||||
"hash": "sha256-+oWnfrNyTioD00QqvV5mbDoz/h/bjIVe0f+uWekjnFI="
|
"hash": "sha256-+oWnfrNyTioD00QqvV5mbDoz/h/bjIVe0f+uWekjnFI="
|
||||||
|
},
|
||||||
|
"hardened": {
|
||||||
|
"version": "6.18.17",
|
||||||
|
"url": "https://github.com/CachyOS/linux/releases/download/cachyos-6.18.17-1/cachyos-6.18.17-1.tar.gz",
|
||||||
|
"hash": "sha256-qpTxo8Q+4Bn3vXl7VHOc4vS4WswrlqNDCr9TQZHdC2Y="
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user