From d933fb3519b2f39bec3571c34b6cf6b6b1d38408 Mon Sep 17 00:00:00 2001
From: Daniel Lundin <dln@arity.se>
Date: Sun, 23 Mar 2025 01:03:14 +0100
Subject: [PATCH 01/16] WIP: Use nix function to generate systemd config
I'm not sure this is a great idea, but throwing it up as a PR for
discussion at least.
---
pkgs/image/default.nix | 438 ++++++++++++++++++++++-------------------
1 file changed, 237 insertions(+), 201 deletions(-)
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index a248a09..7407df1 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -1,250 +1,286 @@
{
+ lib,
pkgs,
patosPkgs,
version,
runCommand,
- updateUrl
+ updateUrl,
}:
let
pname = "patos-image";
-in
-runCommand pname {
- inherit version;
- inherit updateUrl;
- buildInputs = with pkgs; [
- erofs-utils
- dosfstools
- mtools
- jq
- ];
+ writeConf =
+ name: attrs:
+ pkgs.writeTextFile {
+ name = name;
+ text = lib.generators.toINI {
+ mkKeyValue = lib.generators.mkKeyValueDefault {
+ mkValueString =
+ v:
+ if v == true then
+ ''"yes"''
+ else if v == false then
+ ''"no"''
+ else if lib.isString v then
+ ''"${v}"''
+ else
+ lib.generators.mkValueStringDefault { } v;
+ } "=";
+ } attrs;
+ };
- env = {
- # vfat options won't efi won't find the fs otherwise.
- SYSTEMD_REPART_MKFS_OPTIONS_VFAT = "-S 512 -c";
- SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
+ secureBootImportKeys = writeConf "secure-boot-import-keys.service" {
+ Unit = {
+ Description = "Import Secure Boot keys";
+ DefaultDependencies = false;
+ RequiresMountsFor = "/var/lib/sbctl /boot";
+ ConditionPathExists = "/boot/sbctl/keys";
+ After = "local-fs.target";
+ };
+
+ Service = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ ExecStart = "sbctl import-keys -d /boot/sbctl/keys";
+ ExecStartPost = "rm -rf /boot/sbctl";
+ };
};
- kernelCmdLine = "console=ttyS0 patos.secureboot=false";
-}
-''
-mkdir -p $out/init.repart.d $out/final.repart.d
-pushd $out
+ ukiTransfer = writeConf "10-uki.transfer" {
+ Source = {
+ Path = updateUrl;
+ MatchPattern = "patos_@v.efi";
+ Type = "url-file";
+ };
-mkdir rootfs
-cp -prP ${patosPkgs.rootfs}/* rootfs/
-find rootfs/ -type d -exec chmod 755 {} \;
+ Target = {
+ InstancesMax = 2;
+ MatchPattern = "patos_@v+@l-@d.efi patos_@v+@l.efi patos_@v.efi";
+ Mode = "0444";
+ Path = "/EFI/Linux";
+ PathRelativeTo = "esp";
+ TriesDone = 0;
+ TriesLeft = 3;
+ Type = "regular-file";
+ };
-# package kernel modules as sysext (will reduce the image size a little bit (~3MB))
-mkdir rootfs/etc/extensions
-rm -rf rootfs/usr/lib/modules
-cp ${patosPkgs.kernel}/patos-kernel-modules* rootfs/etc/extensions/
+ Transfer = {
+ Verify = false;
+ };
+ };
-# set default target to multi-user
-ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
+ rootVerityTransfer = writeConf "22-root-verity.transfer" {
+ Source = {
+ Type = "url-file";
+ Path = updateUrl;
+ MatchPattern = "patos_@v_@u.verity";
+ };
-# enable dbus
-ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
-ln -sf ../dbus.socket rootfs/usr/lib/systemd/system/sockets.target.wants/dbus.socket
+ Target = {
+ Type = "partition";
+ Path = "auto";
+ MatchPattern = "verity-@v";
+ MatchPartitionType = "root-verity";
+ ReadOnly = "1";
+ };
-# enable network services
-ln -sf ../systemd-networkd.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-networkd.service
-ln -sf ../systemd-resolved.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-resolved.service
-ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.target.wants/systemd-timesyncd.service
-# enable default network config
-mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
+ Transfer = {
+ Verify = false;
+ };
+ };
-# enable confext/sysext services
-ln -sf ../systemd-confext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-confext.service
-ln -sf ../systemd-sysext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-sysext.service
+ rootTransfer = writeConf "22-root.transfer" {
+ Source = {
+ Type = "url-file";
+ Path = updateUrl;
+ MatchPattern = "patos_@v_@u.root";
+ };
-cat <<EOF > rootfs/usr/lib/systemd/system/secure-boot-import-keys.service
-[Unit]
-Description=Import Secure Boot keys
-DefaultDependencies=no
-RequiresMountsFor=/var/lib/sbctl /boot
-ConditionPathExists=/boot/sbctl/keys
-After=local-fs.target
+ Target = {
+ Type = "partition";
+ Path = "auto";
+ MatchPattern = "root-@v";
+ MatchPartitionType = "root";
+ ReadOnly = 1;
+ };
+ Transfer = {
+ Verify = false;
+ };
+ };
+in
+runCommand pname
+ {
+ inherit version;
+ inherit updateUrl;
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=sbctl import-keys -d /boot/sbctl/keys
-ExecStartPost=rm -rf /boot/sbctl
-EOF
-ln -sf ../secure-boot-import-keys.service rootfs/usr/lib/systemd/system/sysinit.target.wants/secure-boot-import-keys.service
+ buildInputs = with pkgs; [
+ erofs-utils
+ dosfstools
+ mtools
+ jq
+ ];
-# sysupdate
-mkdir -p rootfs/etc/sysupdate.d
-cat <<EOF > rootfs/etc/sysupdate.d/10-uki.transfer
-[Source]
-Path=${updateUrl}
-MatchPattern=patos_@v.efi
-Type=url-file
+ env = {
+ # vfat options won't efi won't find the fs otherwise.
+ SYSTEMD_REPART_MKFS_OPTIONS_VFAT = "-S 512 -c";
+ SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
+ };
-[Target]
-InstancesMax=2
-MatchPattern=patos_@v+@l-@d.efi patos_@v+@l.efi patos_@v.efi
-Mode=0444
-Path=/EFI/Linux
-PathRelativeTo=esp
-TriesDone=0
-TriesLeft=3
-Type=regular-file
+ kernelCmdLine = "console=ttyS0 patos.secureboot=false";
+ }
+ ''
+ mkdir -p $out/init.repart.d $out/final.repart.d
+ pushd $out
-[Transfer]
-Verify=no
-EOF
+ mkdir rootfs
+ cp -prP ${patosPkgs.rootfs}/* rootfs/
+ find rootfs/ -type d -exec chmod 755 {} \;
-cat <<EOF > rootfs/etc/sysupdate.d/20-root-verity.transfer
-[Source]
-Type=url-file
-Path=${updateUrl}
-MatchPattern=patos_@v_@u.verity
+ # package kernel modules as sysext (will reduce the image size a little bit (~3MB))
+ mkdir rootfs/etc/extensions
+ rm -rf rootfs/usr/lib/modules
+ cp ${patosPkgs.kernel}/patos-kernel-modules* rootfs/etc/extensions/
-[Target]
-Type=partition
-Path=auto
-MatchPattern=verity-@v
-MatchPartitionType=root-verity
-ReadOnly=1
+ # set default target to multi-user
+ ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
-[Transfer]
-Verify=no
-EOF
+ # enable dbus
+ ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
+ ln -sf ../dbus.socket rootfs/usr/lib/systemd/system/sockets.target.wants/dbus.socket
-cat <<EOF > rootfs/etc/sysupdate.d/22-root.transfer
-[Source]
-Type=url-file
-Path=${updateUrl}
-MatchPattern=patos_@v_@u.root
+ # enable network services
+ ln -sf ../systemd-networkd.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-networkd.service
+ ln -sf ../systemd-resolved.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-resolved.service
+ ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.target.wants/systemd-timesyncd.service
+ # enable default network config
+ mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
-[Target]
-Type=partition
-Path=auto
-MatchPattern=root-@v
-MatchPartitionType=root
-ReadOnly=1
+ # enable confext/sysext services
+ ln -sf ../systemd-confext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-confext.service
+ ln -sf ../systemd-sysext.service rootfs/usr/lib/systemd/system/sysinit.target.wants/systemd-sysext.service
-[Transfer]
-Verify=no
-EOF
+ cp ${secureBootImportKeys} rootfs/usr/lib/systemd/system/secure-boot-import-keys.service
+ ln -sf ../secure-boot-import-keys.service rootfs/usr/lib/systemd/system/sysinit.target.wants/secure-boot-import-keys.service
-# Initial partitioning
-cat <<EOF > init.repart.d/10-root.conf
-[Partition]
-Type=root
-Format=erofs
-Minimize=best
-CopyFiles=/rootfs:/
-Verity=data
-VerityMatchKey=root
-SplitName=root
-EOF
+ # sysupdate
+ mkdir -p rootfs/etc/sysupdate.d
+ cp ${rootTransfer} ${rootVerityTransfer} ${ukiTransfer} rootfs/etc/sysupdate.d/
-cat <<EOF > init.repart.d/20-root-verity.conf
-[Partition]
-Type=root-verity
-Verity=hash
-VerityMatchKey=root
-Minimize=best
-SplitName=verity
-EOF
+ # Initial partitioning
+ cat <<EOF > init.repart.d/10-root.conf
+ [Partition]
+ Type=root
+ Format=erofs
+ Minimize=best
+ CopyFiles=/rootfs:/
+ Verity=data
+ VerityMatchKey=root
+ SplitName=root
+ EOF
-#TODO: Add verity signature partition
+ cat <<EOF > init.repart.d/20-root-verity.conf
+ [Partition]
+ Type=root-verity
+ Verity=hash
+ VerityMatchKey=root
+ Minimize=best
+ SplitName=verity
+ EOF
-${patosPkgs.systemd}/usr/bin/systemd-repart \
- --no-pager \
- --empty=create \
- --size=auto \
- --definitions=./init.repart.d \
- --split=true \
- --json=pretty \
- --root=$out \
- patos_$version.raw > init-repart-output.json && rm -f patos_$version.raw
+ #TODO: Add verity signature partition
-roothash=$(jq -r '.[0].roothash' init-repart-output.json)
-rootPart=$(jq -r '.[0].split_path' init-repart-output.json)
-rootUuid=$(jq -r '.[0].uuid' init-repart-output.json)
+ ${patosPkgs.systemd}/usr/bin/systemd-repart \
+ --no-pager \
+ --empty=create \
+ --size=auto \
+ --definitions=./init.repart.d \
+ --split=true \
+ --json=pretty \
+ --root=$out \
+ patos_$version.raw > init-repart-output.json && rm -f patos_$version.raw
-verityPart=$(jq -r '.[1].split_path' init-repart-output.json)
-verityUuid=$(jq -r '.[1].uuid' init-repart-output.json)
+ roothash=$(jq -r '.[0].roothash' init-repart-output.json)
+ rootPart=$(jq -r '.[0].split_path' init-repart-output.json)
+ rootUuid=$(jq -r '.[0].uuid' init-repart-output.json)
-ln -sf patos_$version.verity.raw patos_${version}_$verityUuid.verity
-ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
+ verityPart=$(jq -r '.[1].split_path' init-repart-output.json)
+ verityUuid=$(jq -r '.[1].uuid' init-repart-output.json)
-${patosPkgs.systemd}/usr/bin/ukify build \
- --linux ${patosPkgs.kernel}/bzImage \
- --initrd ${patosPkgs.initrd}/initrd.xz \
- --os-release @rootfs/etc/os-release \
- --cmdline "$kernelCmdLine roothash=$roothash" \
- -o patos_${version}.efi
+ ln -sf patos_$version.verity.raw patos_${version}_$verityUuid.verity
+ ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
-# install ESP
-SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root ./rootfs --esp-path /boot
+ ${patosPkgs.systemd}/usr/bin/ukify build \
+ --linux ${patosPkgs.kernel}/bzImage \
+ --initrd ${patosPkgs.initrd}/initrd.xz \
+ --os-release @rootfs/etc/os-release \
+ --cmdline "$kernelCmdLine roothash=$roothash" \
+ -o patos_${version}.efi
-# setup factory reset
-mkdir -p rootfs/boot/EFI/tools
-cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
+ # install ESP
+ SYSTEMD_RELAX_ESP_CHECKS=1 ${patosPkgs.systemd}/usr/bin/bootctl install --root ./rootfs --esp-path /boot
-cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
-setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
-reset
-EOF
+ # setup factory reset
+ mkdir -p rootfs/boot/EFI/tools
+ cp ${pkgs.edk2-uefi-shell}/shell.efi rootfs/boot/EFI/tools/
-cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
-title Enable Factory Reset
-options -nostartup -nomap
-options \EFI\tools\factoryreset.nsh L"t"
-efi EFI/tools/shell.efi
-EOF
+ cat <<EOF > rootfs/boot/EFI/tools/factoryreset.nsh
+ setvar FactoryReset -guid 8cf2644b-4b0b-428f-9387-6d876050dc67 -nv -rt =%1
+ reset
+ EOF
-echo "timeout 2" > rootfs/boot/loader/loader.conf
+ cat <<EOF > rootfs/boot/loader/entries/factoryreset.conf
+ title Enable Factory Reset
+ options -nostartup -nomap
+ options \EFI\tools\factoryreset.nsh L"t"
+ efi EFI/tools/shell.efi
+ EOF
-# install UKI
-cp patos_${version}.efi rootfs/boot/EFI/Linux
+ echo "timeout 2" > rootfs/boot/loader/loader.conf
-# Final partitioning
-cat <<EOF > final.repart.d/10-esp.conf
-[Partition]
-Type=esp
-Format=vfat
-SizeMinBytes=128M
-SizeMaxBytes=128M
-CopyFiles=/rootfs/boot:/
-EOF
+ # install UKI
+ cp patos_${version}.efi rootfs/boot/EFI/Linux
-cat <<EOF > final.repart.d/20-root.conf
-[Partition]
-Type=root
-Label=root-${version}
-CopyBlocks=/$rootPart
-UUID=$rootUuid
-SizeMinBytes=64M
-SizeMaxBytes=64M
-ReadOnly=1
-EOF
+ # Final partitioning
+ cat <<EOF > final.repart.d/10-esp.conf
+ [Partition]
+ Type=esp
+ Format=vfat
+ SizeMinBytes=128M
+ SizeMaxBytes=128M
+ CopyFiles=/rootfs/boot:/
+ EOF
-cat <<EOF > final.repart.d/22-root-verity.conf
-[Partition]
-Type=root-verity
-Label=verity-${version}
-CopyBlocks=/$verityPart
-UUID=$verityUuid
-ReadOnly=1
-EOF
+ cat <<EOF > final.repart.d/20-root.conf
+ [Partition]
+ Type=root
+ Label=root-${version}
+ CopyBlocks=/$rootPart
+ UUID=$rootUuid
+ SizeMinBytes=64M
+ SizeMaxBytes=64M
+ ReadOnly=1
+ EOF
-# finalize image ready for boot
-${patosPkgs.systemd}/usr/bin/systemd-repart \
- --no-pager \
- --empty=create \
- --size=auto \
- --definitions=./final.repart.d \
- --root=$out \
- patos_${version}.img > final-repart-output.json
+ cat <<EOF > final.repart.d/22-root-verity.conf
+ [Partition]
+ Type=root-verity
+ Label=verity-${version}
+ CopyBlocks=/$verityPart
+ UUID=$verityUuid
+ ReadOnly=1
+ EOF
-rm -rf rootfs init.repart.d final.repart.d *.json
-sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
+ # finalize image ready for boot
+ ${patosPkgs.systemd}/usr/bin/systemd-repart \
+ --no-pager \
+ --empty=create \
+ --size=auto \
+ --definitions=./final.repart.d \
+ --root=$out \
+ patos_${version}.img > final-repart-output.json
-popd
-''
+ rm -rf rootfs init.repart.d final.repart.d *.json
+ sha256sum *.root *.verity *.efi *.tar.xz > SHA256SUMS
+
+ popd
+ ''
From 2841610f418660be880ccfde482255b0de71394d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 26 Mar 2025 10:30:23 +0100
Subject: [PATCH 02/16] chore: bump kernel version
---
pkgs/kernel/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index a5f24db..51a05bf 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.13.7";
- hash = "sha256-Ojm2IDi3rC9D0mofhLQoPhl4BOHoF61jfpo9h0xHgB0=";
+ version = "6.13.8";
+ hash = "sha256-JZr6Wdc9Z2vsKuib6s2UngjVTT9wp/iwp0IxUJV1Grs=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
From bb708e3e61102caef9337c45f29b033dfd2b4ebe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 26 Mar 2025 10:37:38 +0100
Subject: [PATCH 03/16] feat(image): parameter to include microcode and
secureboot
---
flake.nix | 4 +++-
pkgs/image/default.nix | 14 ++++++++++----
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/flake.nix b/flake.nix
index 9e92cc8..99fce5b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,12 +18,14 @@
pkgs = import nixpkgs { inherit system; };
patosPkgs = self.packages.${system};
version = "0.0.1";
+ secureBoot = "false";
+ cpuArch = "intel";
updateUrl = "http://10.0.2.2:8000/";
in
{
packages = {
default = patosPkgs.image;
- image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl; };
+ image = pkgs.callPackage ./pkgs/image { inherit patosPkgs version updateUrl cpuArch secureBoot; };
rootfs = pkgs.callPackage ./pkgs/rootfs/mkrootfs.nix { inherit patosPkgs version; };
initrd = pkgs.callPackage ./pkgs/rootfs/mkinitrd.nix { inherit patosPkgs version; };
kernel = pkgs.callPackage ./pkgs/kernel { };
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index a248a09..05d9c72 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -1,16 +1,21 @@
{
+ lib,
pkgs,
patosPkgs,
version,
runCommand,
- updateUrl
+ updateUrl,
+ cpuArch ? "",
+ secureBoot ? "false"
}:
let
pname = "patos-image";
in
runCommand pname {
- inherit version;
- inherit updateUrl;
+ inherit version cpuArch updateUrl secureBoot;
+
+ microcode = lib.optionalString (cpuArch == "amd") "--microcode ${pkgs.microcode-amd}/amd-ucode.img"
+ + lib.optionalString (cpuArch == "intel") "--microcode ${pkgs.microcode-intel}/intel-ucode.img";
buildInputs = with pkgs; [
erofs-utils
@@ -25,7 +30,7 @@ runCommand pname {
SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
};
- kernelCmdLine = "console=ttyS0 patos.secureboot=false";
+ kernelCmdLine = "console=ttyS0 patos.secureboot=${secureBoot}";
}
''
mkdir -p $out/init.repart.d $out/final.repart.d
@@ -176,6 +181,7 @@ ln -sf patos_$version.root.raw patos_${version}_$rootUuid.root
${patosPkgs.systemd}/usr/bin/ukify build \
--linux ${patosPkgs.kernel}/bzImage \
--initrd ${patosPkgs.initrd}/initrd.xz \
+ $microcode \
--os-release @rootfs/etc/os-release \
--cmdline "$kernelCmdLine roothash=$roothash" \
-o patos_${version}.efi
From 242294eb8dba13d301acb2a5b463cf3648eb7df8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 26 Mar 2025 11:13:16 +0100
Subject: [PATCH 04/16] chore: nix flake update
---
flake.lock | 6 +++---
pkgs/busybox/default.nix | 8 +++-----
pkgs/openssl/default.nix | 9 +++------
3 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/flake.lock b/flake.lock
index 85be38f..2272d3d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1739020877,
- "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
+ "lastModified": 1742669843,
+ "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
+ "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
"type": "github"
},
"original": {
diff --git a/pkgs/busybox/default.nix b/pkgs/busybox/default.nix
index e318d8a..6f22641 100644
--- a/pkgs/busybox/default.nix
+++ b/pkgs/busybox/default.nix
@@ -1,6 +1,7 @@
{
stdenv,
lib,
+ pkgs,
buildPackages,
fetchurl,
fetchpatch,
@@ -57,15 +58,12 @@ in
stdenv.mkDerivation rec {
pname = "busybox";
- version = "1.36.1";
+ version = pkgs.busybox.version;
# Note to whoever is updating busybox: please verify that:
# nix-build pkgs/stdenv/linux/make-bootstrap-tools.nix -A test
# still builds after the update.
- src = fetchurl {
- url = "https://busybox.net/downloads/${pname}-${version}.tar.bz2";
- sha256 = "sha256-uMwkyVdNgJ5yecO+NJeVxdXOtv3xnKcJ+AzeUOR94xQ=";
- };
+ src = pkgs.busybox.src;
hardeningDisable = [
"format"
diff --git a/pkgs/openssl/default.nix b/pkgs/openssl/default.nix
index bc833cc..08c1309 100644
--- a/pkgs/openssl/default.nix
+++ b/pkgs/openssl/default.nix
@@ -1,5 +1,6 @@
{
lib,
+ pkgs,
stdenv,
fetchurl,
perl,
@@ -18,13 +19,9 @@
stdenv.mkDerivation rec {
pname = "openssl";
- version = "3.4.1";
- hash = "sha256-ACotazC1i/S+pGxDvdljZar42qbEKHgqpP7uBtoZffM=";
+ version = pkgs.openssl.version;
- src = fetchurl {
- url = "https://github.com/openssl/openssl/releases/download/openssl-${version}/openssl-${version}.tar.gz";
- hash = hash;
- };
+ src = pkgs.openssl.src;
outputs = [ "out" ];
From c470bf6d595176023198e1164db01f00aa177c50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 26 Mar 2025 11:49:37 +0100
Subject: [PATCH 05/16] chore: track upstream nixpkgs for our forks
---
pkgs/dbus-broker/default.nix | 9 ++-------
pkgs/lvm2/default.nix | 13 ++++---------
pkgs/result | 1 +
pkgs/tpm2-tools/default.nix | 11 +++++------
pkgs/tpm2-tss/default.nix | 10 +++-------
5 files changed, 15 insertions(+), 29 deletions(-)
create mode 120000 pkgs/result
diff --git a/pkgs/dbus-broker/default.nix b/pkgs/dbus-broker/default.nix
index 809f3ce..0002d9c 100644
--- a/pkgs/dbus-broker/default.nix
+++ b/pkgs/dbus-broker/default.nix
@@ -100,14 +100,9 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "dbus-broker";
- version = "36";
+ version = pkgs.dbus-broker.version;
- src = fetchFromGitHub {
- owner = "bus1";
- repo = "dbus-broker";
- rev = "v${finalAttrs.version}";
- hash = "sha256-5dAMKjybqrHG57vArbtWEPR/svSj2ION75JrjvnnpVM=";
- };
+ src = pkgs.dbus-broker.src;
nativeBuildInputs = with pkgs; [
docutils
diff --git a/pkgs/lvm2/default.nix b/pkgs/lvm2/default.nix
index f211e26..8d18663 100644
--- a/pkgs/lvm2/default.nix
+++ b/pkgs/lvm2/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
fetchurl,
lib,
pkg-config,
@@ -7,17 +8,11 @@
udev,
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation {
pname = "lvm2";
- version = "2.03.30";
+ version = pkgs.lvm2.version;
- src = fetchurl {
- urls = [
- "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${version}.tgz"
- "ftp://sourceware.org/pub/lvm2/LVM2.${version}.tgz"
- ];
- hash = "sha256-rXar7LjciHcz4GxEnLmt0Eo1BvnweAwSiBem4aF87AU=";
- };
+ src = pkgs.lvm2.src;
nativeBuildInputs = [
pkg-config
diff --git a/pkgs/result b/pkgs/result
new file mode 120000
index 0000000..301e3b1
--- /dev/null
+++ b/pkgs/result
@@ -0,0 +1 @@
+/nix/store/9m1cdv4fiky0mihfx3ck8vcknclcagn2-patos-image
\ No newline at end of file
diff --git a/pkgs/tpm2-tools/default.nix b/pkgs/tpm2-tools/default.nix
index f447fe6..4bb14c1 100644
--- a/pkgs/tpm2-tools/default.nix
+++ b/pkgs/tpm2-tools/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
fetchurl,
lib,
pandoc,
@@ -10,19 +11,17 @@
libuuid,
}:
-stdenv.mkDerivation rec {
+stdenv.mkDerivation {
pname = "tpm2-tools";
- version = "5.7";
+ version = pkgs.tpm2-tools.version;
- src = fetchurl {
- url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
- sha256 = "sha256-OBDTa1B5JW9PL3zlUuIiE9Q7EDHBMVON+KLbw8VwmDo=";
- };
+ src = pkgs.tpm2-tools.src;
nativeBuildInputs = [
pandoc
pkg-config
];
+
buildInputs = [
curl
openssl
diff --git a/pkgs/tpm2-tss/default.nix b/pkgs/tpm2-tss/default.nix
index 5e23100..5a6477a 100644
--- a/pkgs/tpm2-tss/default.nix
+++ b/pkgs/tpm2-tss/default.nix
@@ -1,5 +1,6 @@
{
stdenv,
+ pkgs,
lib,
fetchFromGitHub,
autoreconfHook,
@@ -19,14 +20,9 @@
stdenv.mkDerivation rec {
pname = "tpm2-tss";
- version = "4.1.3";
+ version = pkgs.tpm2-tss.version;
- src = fetchFromGitHub {
- owner = "tpm2-software";
- repo = pname;
- rev = version;
- hash = "sha256-BP28utEUI9g1VNv3lCXuiKrDtEImFQxxZfIjLiE3Wr8=";
- };
+ src = pkgs.tpm2-tss.src;
patches = [
./no-shadow.patch
From d10bd7bb04c494ef37096467d34135b4b447ca61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 26 Mar 2025 11:57:03 +0100
Subject: [PATCH 06/16] fix(rootfs): symlink /var/tmp to /tmp if no state
partition available this enable systemd networkd and resolved to work
---
pkgs/result | 1 -
pkgs/rootfs/mkrootfs.nix | 3 ++-
2 files changed, 2 insertions(+), 2 deletions(-)
delete mode 120000 pkgs/result
diff --git a/pkgs/result b/pkgs/result
deleted file mode 120000
index 301e3b1..0000000
--- a/pkgs/result
+++ /dev/null
@@ -1 +0,0 @@
-/nix/store/9m1cdv4fiky0mihfx3ck8vcknclcagn2-patos-image
\ No newline at end of file
diff --git a/pkgs/rootfs/mkrootfs.nix b/pkgs/rootfs/mkrootfs.nix
index 235a70a..bda4c7d 100644
--- a/pkgs/rootfs/mkrootfs.nix
+++ b/pkgs/rootfs/mkrootfs.nix
@@ -21,11 +21,12 @@ runCommand "patos-rootfs"
''
### create directory structure
mkdir -p $out/etc/repart.d $out/dev $out/proc $out/sys \
- $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var/tmp
+ $out/tmp $out/root $out/run $out/boot $out/mnt $out/home $out/srv $out/var
ln -sf /usr/bin $out/bin
ln -sf /usr/bin $out/sbin
ln -sf /usr/lib $out/lib
ln -sf /usr/lib $out/lib64
+ln -sf /tmp $out/var/tmp
ln -sf ../proc/self/mounts $out/etc/mtab
### install systemd
From 58861e6de6c80d6b93609185048f2a98e515b444 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Thu, 17 Apr 2025 19:06:37 +0200
Subject: [PATCH 07/16] chore: upgrade systemd
---
pkgs/systemd/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkgs/systemd/default.nix b/pkgs/systemd/default.nix
index a1cb314..a93fd76 100644
--- a/pkgs/systemd/default.nix
+++ b/pkgs/systemd/default.nix
@@ -7,7 +7,7 @@
...
}:
let
- version = "257.4";
+ version = "257.5";
# Use the command below to update `releaseTimestamp` on every (major) version
# change. More details in the commentary at mesonFlags.
From 92c204231b7cfaa9f3b880e8d3b27af2ad6474d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Sat, 19 Apr 2025 22:56:00 +0200
Subject: [PATCH 08/16] chore: nix flake update
---
flake.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/flake.lock b/flake.lock
index 2272d3d..3725da4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1742669843,
- "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
+ "lastModified": 1744932701,
+ "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
+ "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"type": "github"
},
"original": {
From 15227256ecf0e8aea67d3ebb21e2122a7b6a0f46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Sat, 19 Apr 2025 23:06:44 +0200
Subject: [PATCH 09/16] chore: kernel upgrade
---
pkgs/kernel/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index 51a05bf..1297825 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.13.8";
- hash = "sha256-JZr6Wdc9Z2vsKuib6s2UngjVTT9wp/iwp0IxUJV1Grs=";
+ version = "6.14.2";
+ hash = "sha256-xcaCo1TqMZATk1elfTSnnlw3IhrOgjqTjhARa1d6Lhs=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
From b7e526454b66c1aca7875fcab107cc3fbb780099 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Tue, 6 May 2025 18:12:03 +0200
Subject: [PATCH 10/16] chore: nix update
---
flake.lock | 6 +++---
pkgs/kernel/default.nix | 4 ++--
pkgs/systemd/default.nix | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/flake.lock b/flake.lock
index 3725da4..bb33fd6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1744932701,
- "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
+ "lastModified": 1746328495,
+ "narHash": "sha256-uKCfuDs7ZM3QpCE/jnfubTg459CnKnJG/LwqEVEdEiw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
+ "rev": "979daf34c8cacebcd917d540070b52a3c2b9b16e",
"type": "github"
},
"original": {
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index 1297825..dcd382d 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.14.2";
- hash = "sha256-xcaCo1TqMZATk1elfTSnnlw3IhrOgjqTjhARa1d6Lhs=";
+ version = "6.14.4";
+ hash = "sha256-lFLyjXoAUfukiGcSOVtITEx/z5+FlEpi/T2X3JI/Uzk=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
diff --git a/pkgs/systemd/default.nix b/pkgs/systemd/default.nix
index a93fd76..db0b64c 100644
--- a/pkgs/systemd/default.nix
+++ b/pkgs/systemd/default.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation (finalAttrs: {
owner = "systemd";
repo = "systemd";
rev = "v${version}";
- hash = "sha256-6rxJUYRq785U6aik5VhQRqG+Ss67lBB6T3eQF+tkyhk=";
+ hash = "sha256-mn/JB/nrOz2TOobu2d+XBH2dVH3vn/HPvWN4Zz6s+SM=";
};
patches = [ ./skip-verify-esp.patch ];
From af2a063ff2dfed7b8270f72e1d4c6f856b8be7ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 7 May 2025 06:26:16 +0200
Subject: [PATCH 11/16] chore: kernel upgrade
---
pkgs/kernel/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index dcd382d..703b612 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.14.4";
- hash = "sha256-lFLyjXoAUfukiGcSOVtITEx/z5+FlEpi/T2X3JI/Uzk=";
+ version = "6.14.5";
+ hash = "sha256-KCB+xSu+qjUHAQrv+UT0QvfZ8isoa3nK9F7G3xsk9Ak=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
From 8ee40679fc722db4cce24f7f0eb4a1bb159c2a0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Mon, 12 May 2025 19:40:51 +0200
Subject: [PATCH 12/16] chore: os update
---
flake.lock | 6 +++---
pkgs/kernel/default.nix | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/flake.lock b/flake.lock
index bb33fd6..affeabc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1746328495,
- "narHash": "sha256-uKCfuDs7ZM3QpCE/jnfubTg459CnKnJG/LwqEVEdEiw=",
+ "lastModified": 1746904237,
+ "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "979daf34c8cacebcd917d540070b52a3c2b9b16e",
+ "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github"
},
"original": {
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index 703b612..6b8bb21 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.14.5";
- hash = "sha256-KCB+xSu+qjUHAQrv+UT0QvfZ8isoa3nK9F7G3xsk9Ak=";
+ version = "6.14.6";
+ hash = "sha256-IYF/GZjiIw+B9+T2Bfpv3LBA4U+ifZnCfdsWznSXl6k=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
From 7c0d0a099dda8d253b0cefc031a6774fa3877301 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Tue, 20 May 2025 21:05:10 +0200
Subject: [PATCH 13/16] chore: nix flake update
---
flake.lock | 6 +++---
pkgs/kernel/default.nix | 4 ++--
pkgs/kexec-tools/default.nix | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/flake.lock b/flake.lock
index affeabc..bac1c51 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1746904237,
- "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+ "lastModified": 1747542820,
+ "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+ "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"type": "github"
},
"original": {
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index 6b8bb21..fcc8066 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.14.6";
- hash = "sha256-IYF/GZjiIw+B9+T2Bfpv3LBA4U+ifZnCfdsWznSXl6k=";
+ version = "6.14.7";
+ hash = "sha256-gRIgK8JtCGlXqU0hCabc1EeMW6GNDwpeHF3+6gH1SXI=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
diff --git a/pkgs/kexec-tools/default.nix b/pkgs/kexec-tools/default.nix
index 4ba15ba..7454821 100644
--- a/pkgs/kexec-tools/default.nix
+++ b/pkgs/kexec-tools/default.nix
@@ -14,8 +14,8 @@ stdenv.mkDerivation {
src = fetchFromGitHub {
owner = "horms";
repo = "kexec-tools";
- rev = "a7fcd424c4c80dea5a2fd5ffa274ffeb8129c790";
- hash = "sha256-QKE+KCkueA21zNunTMidP9OuZaw0IG5tFDF4UJITTTQ=";
+ rev = "v2.0.31";
+ hash = "sha256-Tgmc8mFlmzzRj7tEaBes7Udw4fRl6cSfe76iPNa3Ffs=";
};
dontPatchShebangs = true;
From d42406c6dc611a0618c3eb5089ed72c1dfd94a63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Wed, 21 May 2025 12:43:41 +0200
Subject: [PATCH 14/16] fix: sysupdate wont work with out systemd.volatile set
to overlay
---
flake.nix | 9 ++++++++-
pkgs/image/default.nix | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/flake.nix b/flake.nix
index 99fce5b..3567477 100644
--- a/flake.nix
+++ b/flake.nix
@@ -49,6 +49,13 @@
{ drv = pkgs.curl; path = "bin/curl"; }
{ drv = pkgs.bash; path = "bin/bash"; }
{ drv = patosPkgs.glibc; path = "bin/ldd"; }
+ { drv = pkgs.util-linux; path = "bin/sfdisk"; }
+ { drv = pkgs.readline.out; path = "lib/libreadline.so.8.2"; }
+ { drv = pkgs.readline.out; path = "lib/libreadline.so.8"; }
+ { drv = pkgs.readline.out; path = "lib/libhistory.so.8.2"; }
+ { drv = pkgs.readline.out; path = "lib/libhistory.so.8"; }
+ { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6.5"; }
+ { drv = pkgs.ncurses.out; path = "/lib/libncursesw.so.6"; }
{ drv = pkgs.keyutils; path = "bin/keyctl"; }
{ drv = pkgs.gnutar; path = "bin/tar"; }
{ drv = pkgs.binutils-unwrapped; path = "bin/strings"; }
@@ -69,7 +76,7 @@
# shared lib required for binutils
{ drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1.0.0"; }
{ drv = pkgs.binutils-unwrapped.lib; path = "lib/libsframe.so.1"; }
- { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd-2.43.1.so"; }
+ { drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd-2.44.so"; }
{ drv = pkgs.binutils-unwrapped.lib; path = "lib/libbfd.so"; }
# shared lib required for strace
{ drv = pkgs.elfutils.out; path = "lib/libdw-0.192.so"; }
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index 05d9c72..f42e95d 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -30,7 +30,7 @@ runCommand pname {
SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
};
- kernelCmdLine = "console=ttyS0 patos.secureboot=${secureBoot}";
+ kernelCmdLine = "console=ttyS0 systemd.volatile=overlay patos.secureboot=${secureBoot}";
}
''
mkdir -p $out/init.repart.d $out/final.repart.d
From c883ff1cb2da53be1bc99ccd95021fd2b28e4e52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Fri, 23 May 2025 13:14:12 +0200
Subject: [PATCH 15/16] Revert sysupdate fix due to a bug in systemd.
sysext need to be unmerged before sysupdate can be used.
https://github.com/systemd/systemd/pull/36617/
fix in main but not backported to stable yet.
---
pkgs/image/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkgs/image/default.nix b/pkgs/image/default.nix
index f42e95d..05d9c72 100644
--- a/pkgs/image/default.nix
+++ b/pkgs/image/default.nix
@@ -30,7 +30,7 @@ runCommand pname {
SYSTEMD_REPART_MKFS_OPTIONS_EROFS = "--all-root -zlz4hc,12 -C1048576 -Efragments,dedupe,ztailpacking";
};
- kernelCmdLine = "console=ttyS0 systemd.volatile=overlay patos.secureboot=${secureBoot}";
+ kernelCmdLine = "console=ttyS0 patos.secureboot=${secureBoot}";
}
''
mkdir -p $out/init.repart.d $out/final.repart.d
From df4c60d87c5c3860556a9f51db4073541aeb689f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20Sj=C3=B6strom?= <lars@radicore.se>
Date: Sat, 24 May 2025 19:19:12 +0200
Subject: [PATCH 16/16] chore: kernel and systemd update
---
pkgs/kernel/default.nix | 4 ++--
pkgs/systemd/default.nix | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/pkgs/kernel/default.nix b/pkgs/kernel/default.nix
index fcc8066..27e4055 100644
--- a/pkgs/kernel/default.nix
+++ b/pkgs/kernel/default.nix
@@ -1,7 +1,7 @@
{ pkgs }:
let
- version = "6.14.7";
- hash = "sha256-gRIgK8JtCGlXqU0hCabc1EeMW6GNDwpeHF3+6gH1SXI=";
+ version = "6.14.8";
+ hash = "sha256-YrEuzTB1o1frMgk1ZX3oTgFVKANxfa04P6fMOqSqKQU=";
in
(pkgs.callPackage ./manual-config.nix { }) {
version = "${version}-patos1";
diff --git a/pkgs/systemd/default.nix b/pkgs/systemd/default.nix
index db0b64c..fea417a 100644
--- a/pkgs/systemd/default.nix
+++ b/pkgs/systemd/default.nix
@@ -7,7 +7,7 @@
...
}:
let
- version = "257.5";
+ version = "257.6";
# Use the command below to update `releaseTimestamp` on every (major) version
# change. More details in the commentary at mesonFlags.