Unverified Commit 1c6dde0d authored Apr 04, 2026 by zowoq Committed by GitHub Apr 04, 2026

linux_hardened: remove (#502342)

parents 274409ab 2879caaf

ci/OWNERS

+0 −3

Original line number	Diff line number	Diff line
		@@ -294,9 +294,6 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
		/nixos/modules/services/databases/mysql.nix @6543
		/nixos/modules/services/backup/mysql-backup.nix @6543

		# Hardened profile & related modules
		/pkgs/os-specific/linux/kernel/hardened/ @fabianhjr

		# Home Automation
		/nixos/modules/services/home-automation/home-assistant.nix @mweinelt
		/nixos/modules/services/home-automation/zigbee2mqtt.nix @mweinelt

doc/packages/linux.section.md

+0 −9

Original line number	Diff line number	Diff line
		@@ -149,15 +149,6 @@ The change gets submitted like this:
		```
		* Update `linux_latest` to the new attribute.
		* __SQUASH__ the changes into the `linux: init at …` commit.
		* If a new hardened is available:
		* Instantiate a `linux_X_Y_hardened = hardenedKernelsFor kernels.linux_X_Y { };` in `kernels` and
		`linux_X_Y_hardened = hardenedKernelFor kernels.linux_X_Y { };` in the `packages`-section.
		* Make sure to remove the hardened variant of the previous kernel version unless it's LTS.
		We only support the latest and latest LTS version of hardened.
		* If no new hardened kernel is available:
		* Keep the previously latest kernel until its mainline counterpart gets removed.
		After that `linux_hardened` points to the latest LTS supported by hardened.
		* __SQUASH__ the changes into the `linux_X_Y_hardened: init at …` commit.

		### Policy for accepting new kernel flavours {#sec-linux-new-kernels}

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -133,6 +133,8 @@

		- `services.pyload` has been removed because the package it relies on does not exist anymore in nixpkgs due to vulnerabilities and being unmaintained.

		- `linux_hardened` kernel has been removed due to a lack of maintenance.

		- `services.tandoor-recipes` now uses a sub-directory for media files by default starting with `26.05`. Existing setups should move media files out of the data directory and adjust `services.tandoor-recipes.extraConfig.MEDIA_ROOT` accordingly. See [Migrating media files for pre 26.05 installations](#module-services-tandoor-recipes-migrating-media).

		- `linux-rt` kernel has been removed due to a lack of maintenance.

nixos/tests/kernel-generic/default.nix

+0 −1

Original line number	Diff line number	Diff line
		@@ -79,7 +79,6 @@ let
		) args);
		kernels = patchedPkgs.linuxKernel.vanillaPackages // {
		inherit (patchedPkgs.linuxKernel.packages)
		linux_6_12_hardened

		linux_testing
		;

pkgs/by-name/ch/chipsec/package.nix

+0 −2

Original line number	Diff line number	Diff line
		@@ -86,8 +86,6 @@ python3.pkgs.buildPythonApplication (finalAttrs: {
		staslyakhov
		];
		platforms = if withDriver then [ "x86_64-linux" ] else with lib.platforms; linux ++ darwin;
		# https://github.com/chipsec/chipsec/issues/1793
		broken = withDriver && kernel.kernelOlder "5.4" && kernel.isHardened;
		mainProgram = "chipsec_main";
		};
		})