diff --git a/nixos/lib/test-driver/src/test_driver/machine/__init__.py b/nixos/lib/test-driver/src/test_driver/machine/__init__.py index 5f17006f90da..31ea0d1364ae 100644 --- a/nixos/lib/test-driver/src/test_driver/machine/__init__.py +++ b/nixos/lib/test-driver/src/test_driver/machine/__init__.py @@ -194,8 +194,7 @@ class StartCommand: class NixStartScript(StartCommand): - """A start script from nixos/modules/virtualiation/qemu-vm.nix - that also satisfies the requirement of the BaseStartCommand. + """A start script from nixos/modules/virtualiation/qemu-vm.nix. These Nix commands have the particular characteristic that the machine name can be extracted out of them via a regex match. (Admittedly a _very_ implicit contract, evtl. TODO fix) diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 9a1cde27bf77..f09bd38aa393 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -53,8 +53,6 @@ let ${config.boot.bootspec.writer} ${optionalString config.boot.bootspec.enableValidation ''${config.boot.bootspec.validator} "$out/${config.boot.bootspec.filename}"''} ''} - - ${config.system.extraSystemBuilderCmds} ''; # Putting it all together. This builds a store path containing @@ -129,6 +127,7 @@ in [ "system" "replaceRuntimeDependencies" ] [ "system" "replaceDependencies" "replacements" ] ) + (mkRenamedOptionModule [ "system" "extraSystemBuilderCmds" ] [ "system" "systemBuilderCommands" ]) ]; options = { @@ -213,15 +212,6 @@ in ''; }; - system.extraSystemBuilderCmds = mkOption { - type = types.lines; - internal = true; - default = ""; - description = '' - This code will be added to the builder creating the system store path. - ''; - }; - system.extraDependencies = mkOption { type = types.listOf types.pathInStore; default = [ ]; @@ -343,7 +333,7 @@ in } ]; - system.extraSystemBuilderCmds = + system.systemBuilderCommands = optionalString config.system.copySystemConfiguration '' ln -s '${import ../../../lib/from-env.nix "NIXOS_CONFIG" }' \ "$out/configuration.nix" diff --git a/nixos/tests/switch-test.nix b/nixos/tests/switch-test.nix index c01dbc90ec7a..3ff6dcbc4e02 100644 --- a/nixos/tests/switch-test.nix +++ b/nixos/tests/switch-test.nix @@ -64,7 +64,7 @@ in boot.loader.grub.enable = false; specialisation = rec { - brokenInitInterface.configuration.config.system.extraSystemBuilderCmds = '' + brokenInitInterface.configuration.config.system.systemBuilderCommands = '' echo "systemd 0" > $out/init-interface-version ''; diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index bcbd01d44244..62cb8fdd903c 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -25,13 +25,13 @@ "lts": true }, "6.12": { - "version": "6.12.57", - "hash": "sha256:06jlsawz1wgk13gyxphkglb8a4iiwg0vg5hrfc7bj1s6gk1s2p0n", + "version": "6.12.58", + "hash": "sha256:1b0k8snqa2hhviv9imn02y6jrbbb62an3ypx8q8ai9k0cra4q72z", "lts": true }, "6.17": { - "version": "6.17.7", - "hash": "sha256:03lxl2p8hvi4hdzbf72v3xh8yigr58826dmy6rqxbq9r8h6ymwnx", + "version": "6.17.8", + "hash": "sha256:1nmi5xmsys023xgy55dikm1ihim7fp7pf2kc3k00d9zwfm5fd3as", "lts": false } } diff --git a/pkgs/tools/misc/grub/default.nix b/pkgs/tools/misc/grub/default.nix index 4980c1db61a9..68f3921354a1 100644 --- a/pkgs/tools/misc/grub/default.nix +++ b/pkgs/tools/misc/grub/default.nix @@ -505,6 +505,11 @@ stdenv.mkDerivation rec { url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=348cd416a3574348f4255bf2b04ec95938990997"; hash = "sha256-WBLYQxv8si2tvdPAvbm0/4NNqYWBMJpFV4GC0HhN/kE="; }) + (fetchpatch { + name = "CVE-2025-4382.patch"; + url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c448f511e74cb7c776b314fcb7943f98d3f22b6d"; + hash = "sha256-64gMhCEW0aYHt46crX/qN/3Hj8MgvWLazgQlVXqe8LE="; + }) ]; postPatch =