+2

.github/workflows/periodic-merge-6h.yml

··· 35 35 into: staging-next 36 36 - from: staging-next 37 37 into: staging 38 38 + - from: master 39 39 + into: staging-nixos 38 40 uses: ./.github/workflows/periodic-merge.yml 39 41 with: 40 42 from: ${{ matrix.pairs.from }}

+30 -8

CONTRIBUTING.md

··· 430 430 431 431 Here's an overview of the different branches: 432 432 433 433 - | branch | `master` | `staging-next` | `staging` | 434 434 - | --- | --- | --- | --- | 435 435 - | Used for development | ✔️ | ❌ | ✔️ | 436 436 - | Built by Hydra | ✔️ | ✔️ | ❌ | 437 437 - | [Mass rebuilds][mass-rebuild] | ❌ | ⚠️ Only to fix Hydra builds | ✔️ | 438 438 - | Critical security fixes | ✔️ for non-mass-rebuilds | ✔️ for mass-rebuilds | ❌ | 439 439 - | Automatically merged into | `staging-next` | `staging` | - | 440 440 - | Manually merged into | - | `master` | `staging-next` | 433 433 + | branch | `master` | `staging-next` | `staging` | [`staging-nixos`](#test-driver-rebuild) | 434 434 + | --- | --- | --- | --- | --- | 435 435 + | Used for development | ✔️ | ❌ | ✔️ | ✔️ | 436 436 + | Built by Hydra | ✔️ | ✔️ | ❌ | ❌ | 437 437 + | [Mass rebuilds][mass-rebuild] | ❌ | ⚠️ Only to fix Hydra builds | ✔️ | ❌[^1] | 438 438 + | Critical security fixes | ✔️ for non-mass-rebuilds | ✔️ for mass-rebuilds | ❌ | ✔️ | 439 439 + | Automatically merged into | `staging-next` & `staging-nixos` | `staging` | - | - | 440 440 + | Manually merged into | - | `master` | `staging-next` | `master` | 441 441 442 442 The staging workflow is used for all stable branches with corresponding names: 443 443 - `master`/`release-YY.MM` 444 444 - `staging`/`staging-YY.MM` 445 445 - `staging-next`/`staging-next-YY.MM` 446 446 + 447 447 + [^1]: Except changes that cause no more rebuilds than kernel updates 446 448 447 449 # Conventions 448 450 ··· 494 496 In order to help the decision, CI automatically assigns [`rebuild` labels](https://github.com/NixOS/nixpkgs/labels?q=rebuild) to pull requests based on the number of packages they cause rebuilds for. 495 497 As a rule of thumb, if the number of rebuilds is **500 or more**, consider targeting the `staging` branch instead of `master`; if the number is **1000 or more**, the pull request causes a mass rebuild, and should target the `staging` branch. 496 498 See [previously merged pull requests to the staging branches](https://github.com/NixOS/nixpkgs/issues?q=base%3Astaging+-base%3Astaging-next+is%3Amerged) to get a sense for what changes are considered mass rebuilds. 499 499 + 500 500 + Please note that changes to the Linux kernel are an exception to this rule. 501 501 + These PRs go to `staging-nixos`, see [the next section for more context](#changes-rebuilding-all-tests). 502 502 + 503 503 + ### Changes rebuilding all NixOS tests 504 504 + [test-driver-rebuild]: #changes-rebuilding-all-tests 505 505 + 506 506 + Changes causing a rebuild of all NixOS tests get a special [`10.rebuild-nixos-tests`](https://github.com/NixOS/nixpkgs/issues?q=state%3Aopen%20label%3A10.rebuild-nixos-tests) label. 507 507 + These changes pose a significant impact on the build infrastructure. 508 508 + 509 509 + Hence, these PRs should either target a `staging`-branch or `staging-nixos`, provided one of following conditions applies: 510 510 + 511 511 + * The label `10.rebuild-nixos-tests` is set, or 512 512 + * The PR is a change affecting the Linux kernel. 513 513 + 514 514 + The branch gets merged whenever mainline kernel updates or critical security fixes land on the branch. 515 515 + This usually happens on a weekly basis. 516 516 + 517 517 + Backports are not handled by such a branch. 518 518 + The relevant PRs from this branch must be backported manually. 497 519 498 520 ## Commit conventions 499 521 [commit-conventions]: #commit-conventions

+2

ci/supportedBranches.js

··· 8 8 release: ['development', 'primary'], 9 9 staging: ['development', 'secondary'], 10 10 'staging-next': ['development', 'secondary'], 11 11 + 'staging-nixos': ['development', 'secondary'], 11 12 'haskell-updates': ['development', 'secondary'], 12 13 nixos: ['channel'], 13 14 nixpkgs: ['channel'], ··· 19 20 master: 0, 20 21 release: 1, 21 22 staging: 2, 23 23 + 'staging-nixos': 2, 22 24 'haskell-updates': 3, 23 25 'staging-next': 4, 24 26 }

+53

doc/packages/linux.section.md

··· 105 105 ``` 106 106 107 107 ::: 108 108 + 109 109 + ## Maintainer information {#sec-linux-kernel-maintainer-information} 110 110 + 111 111 + ### Updating kernels {#sec-linux-updates} 112 112 + 113 113 + Updating all kernels can be done with the following script: 114 114 + 115 115 + ```ShellSession 116 116 + $ pkgs/os-specific/linux/kernel/update.sh 117 117 + ``` 118 118 + 119 119 + The change gets submitted like this: 120 120 + 121 121 + * File a PR against `staging-nixos`. 122 122 + * Add a `backport release-XX.XX` label for an automated backport. 123 123 + We don't expect many other changes on that branch to require a backport, hence there's no such branch for stable. 124 124 + By using an additional PR, we get the automatic backport against stable without manual cherry-picks. 125 125 + * Merge into `staging-nixos`. 126 126 + * File as PR from `staging-nixos` against `master`. 127 127 + * When all status checks are green, merge. 128 128 + 129 129 + ### Add a new (major) version of the Linux kernel {#sec-linux-add-new-kernel-version} 130 130 + 131 131 + * When running `./pkgs/os-specific/linux/kernel/update.sh`, new kernel majors get discovered automatically. 132 132 + * Prepare all Nix expressions for the new kernel 133 133 + * Instantiate the new kernel in `pkgs/top-level/linux-kernels.nix` in the `kernels`-section. 134 134 + ```nix 135 135 + { 136 136 + linux_X_Y = callPackage ../os-specific/linux/kernel/mainline.nix { 137 137 + branch = "X.Y"; 138 138 + kernelPatches = [ 139 139 + # any new patches required (it makes to look which patches are used by its predecessor) 140 140 + ]; 141 141 + }; 142 142 + } 143 143 + ``` 144 144 + * Instantiate the package-set in `vanillaPackages`: 145 145 + ```nix 146 146 + { 147 147 + linux_X_Y = recurseIntoAttrs (packagesFor kernels.linux_X_Y); 148 148 + } 149 149 + ``` 150 150 + * Update `linux_latest` to the new attribute. 151 151 + * __SQUASH__ the changes into the `linux: init at …` commit. 152 152 + * If a new hardened is available: 153 153 + * Instantiate a `linux_X_Y_hardened = hardenedKernelsFor kernels.linux_X_Y { };` in `kernels` and 154 154 + `linux_X_Y_hardened = hardenedKernelFor kernels.linux_X_Y { };` in the `packages`-section. 155 155 + * Make sure to remove the hardened variant of the previous kernel version unless it's LTS. 156 156 + We only support the latest and latest LTS version of hardened. 157 157 + * If no new hardened kernel is available: 158 158 + * Keep the previously latest kernel until its mainline counterpart gets removed. 159 159 + After that `linux_hardened` points to the latest LTS supported by hardened. 160 160 + * __SQUASH__ the changes into the `linux_X_Y_hardened: init at …` commit.

+9

doc/redirects.json

··· 4306 4306 "sec-linux-kernel": [ 4307 4307 "index.html#sec-linux-kernel" 4308 4308 ], 4309 4309 + "sec-linux-kernel-maintainer-information": [ 4310 4310 + "index.html#sec-linux-kernel-maintainer-information" 4311 4311 + ], 4312 4312 + "sec-linux-updates": [ 4313 4313 + "index.html#sec-linux-updates" 4314 4314 + ], 4315 4315 + "sec-linux-add-new-kernel-version": [ 4316 4316 + "index.html#sec-linux-add-new-kernel-version" 4317 4317 + ], 4309 4318 "ex-overriding-kernel-derivation": [ 4310 4319 "index.html#ex-overriding-kernel-derivation" 4311 4320 ],

-47

pkgs/os-specific/linux/kernel/README.md

··· 1 1 - # How to add a new (major) version of the Linux kernel to Nixpkgs: 2 2 - 3 3 - 1. Copy the old Nix expression (e.g., `linux-2.6.21.nix`) to the new one (e.g., `linux-2.6.22.nix`) and update it. 4 4 - 5 5 - 2. Add the new kernel to the `kernels` attribute set in [`linux-kernels.nix`](../../../top-level/linux-kernels.nix) (e.g., create an attribute `kernel_2_6_22`). 6 6 - 7 7 - 3. Update the kernel configuration: 8 8 - 9 9 - 1. While in the Nixpkgs repository, enter the development shell for that kernel: 10 10 - 11 11 - ```console 12 12 - $ nix-shell -A linuxKernel.kernels.linux_2_6_22 13 13 - ``` 14 14 - 15 15 - 2. Unpack the kernel: 16 16 - 17 17 - ```console 18 18 - [nix-shell]$ pushd $(mktemp -d) 19 19 - [nix-shell]$ unpackPhase 20 20 - ``` 21 21 - 22 22 - 3. For each supported platform (`i686`, `x86_64`, `uml`) do the following: 23 23 - 24 24 - 1. Make a copy from the old config (e.g., `config-2.6.21-i686-smp`) to the new one (e.g., `config-2.6.22-i686-smp`). 25 25 - 26 26 - 2. Copy the config file for this platform (e.g., `config-2.6.22-i686-smp`) to `.config` in the unpacked kernel source tree. 27 27 - 28 28 - 3. Run `make oldconfig ARCH={i386,x86_64,um}` and answer all questions. (For the uml configuration, also add `SHELL=bash`.) Make sure to keep the configuration consistent between platforms (i.e., don’t enable some feature on `i686` and disable it on `x86_64`). 29 29 - 30 30 - 4. If needed, you can also run `make menuconfig`: 31 31 - 32 32 - ```ShellSession 33 33 - $ nix-shell -p ncurses pkg-config 34 34 - $ make menuconfig ARCH=arch 35 35 - ``` 36 36 - 37 37 - 5. Copy `.config` over the new config file (e.g., `config-2.6.22-i686-smp`). 38 38 - 39 39 - 4. Test building the kernel: 40 40 - 41 41 - ```ShellSession 42 42 - nix-build -A linuxKernel.kernels.kernel_2_6_22 43 43 - ``` 44 44 - 45 45 - If it compiles, ship it! For extra credit, try booting NixOS with it. 46 46 - 47 47 - 5. It may be that the new kernel requires updating the external kernel modules and kernel-dependent packages listed in the `linuxPackagesFor` function in `linux-kernels.nix` (such as the NVIDIA drivers, AUFS, etc.). If the updated packages aren’t backwards compatible with older kernels, you may need to keep the older versions around.