bpftrace doesn't actually need to be a kernel package anymore.
It used to require path to kernel sources, but we build our kernels
with IKHEADER and BTF so the currently running configuration can always
be found automatically without any patch
bcc doesn't really need kernel itself, it just cares about module path.
It's actually better to use /run/booted-system/kernel-modules/lib/modules
for two reasons:
- no need to rebuild bcc for each new kernel
- can use a newer bcc with a booted kernel that doesn't match the current
system
bcachefs now supports snapshots so we need the latest version to use
them. Additionally, it appears to build on AArch64 so I've removed the
x86 requirement.
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].
This change aims to provide a solution this issue:
* The hardened patchset now references the kernel version it's released
for (including a sha256 hash for the fixed-output path of the source
tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
now, but also overrides version & src to match the kernel version the
patch was built & tested for.
Refs #140281
[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all
- boost 167 removed on staging-next (7915d1e03f) × boost attributes are inherited on staging (d20aa4955d)
- linux kernels were moved to linux-kernels.nix on staging-next (c62f911507) × hardened kernels are versioned on staging (a5341beb78) + removed linux_5_12 (e55554491d)
- conflict in node-packages – I regenerated it using node2nix from nixos-unstable (does not build on staging)
