Relevant upstream changes:
- Sources were moved from trace-cmd repository to a new repository.
- Makefile for building documentation is broken. Therefore, we don't
build documentation. After upstream fixes it, we can build it again.
Besides updating trace-cmd, this commit also switches from bundled
libtraceevent and libtracefs to their external sources. Upstream
copied those libraries to separate repositories (see
https://lore.kernel.org/linux-trace-devel/20210325172357.6e059c31@gandalf.local.home/).
Another change relates to documentation building, which upstream
reworked. We disable HTML documentation - previous versions did not
provide it too.
Finally, we enable parallel build, which is simpler if `buildPhase` is
not overridden.
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].
This change aims to provide a solution this issue:
* The hardened patchset now references the kernel version it's released
for (including a sha256 hash for the fixed-output path of the source
tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
now, but also overrides version & src to match the kernel version the
patch was built & tested for.
Refs #140281
[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all
Now there are a few more folks who should get pinged on kernel changes:
$ nix-instantiate -E 'with import ./. {}; (map (x: x.github) linux.meta.maintainers)' --eval --strict
[ "TredwellGit" "mweinelt" "ma27" "nequissimus" "alyssais" "thoughtpolice" ]
Refs #140281
This reverts commit 98ae18fa62.
Appearantly the consens is that a broken kernel is preferred over a
working one that is based on an outdated kernel:
98ae18fa62
