我諗可以直接喺flake加個release-25.11 input, 之後 set { boot.kernelPackages = inputs.release-25.11.legaecyPackages.${pkgs.stdenv.hostPlatform.system}.linuxPackages_6_12; } 但直接用linuxPackages_6_18仲簡單有冇得自己build住先?望返arch package 佢地都係接copy kernel.org既release tar 所以睇返上面version number應該冇事 至於用6.12 你希望nixos快D package已經有啦,backport咗去 release-25.11 channel 都算快手,五個鐘頭前嘅事 https://github.com/NixOS/nixpkgs/pull/515037/files 但正常人用stable係用nixos-25.11 channel, 所以我都唔知幾時先有,可能要等多幾日用咗咁耐都唔係好知佢地點運作
https://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心係時侯轉gentoobuild 個kernel唔知要build幾耐
https://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心我手build 6.18 Fedora & Slackware 兩用 要做過夜build 個kernel唔知要build幾耐
其實我係用緊hardened kernel + hardened profile kernel只係去到6.12.69, 本身諗住用住blocklist方法之後等佢慢慢上6.12.85 但啱啱check返,原來呢兩樣野nixos-unstable經delete咗hardened profile 係咪指nixpkgs入邊個嗰hardened profile? 之前都有諗住用 但睇睇吓發覺已經無咗即係一個月後上nixos-26.05我又要大執個config 吊nixos越嚟越垃圾,成能日都話unmaintain之後cut features[love]
部steam deck build kernel通常都2個鐘左右https://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心我手build 6.18 Fedora & Slackware 兩用 要做過夜build 個kernel唔知要build幾耐 又要再做一次 又想試7.1個新ntfs driver
用guixhttps://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心係時侯轉gentoobuild 個kernel唔知要build幾耐
https://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心係時侯轉gentoobuild 個kernel唔知要build幾耐
下 一個kernel俾兩個distro用都得嘅咩https://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心我手build 6.18 Fedora & Slackware 兩用 要做過夜build 個kernel唔知要build幾耐 又要再做一次 又想試7.1個新ntfs driver
yes, 其實只係一堆config嘅collection, copy落自己config都好容易 https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/profiles/hardened.nix 如果用嘅話,留意返入面有啲config會break home-manager / chromium / containers / hyperthreading 咩係[boot.]initrd.systemd nixos班人真係好鐘意systemd其實我係用緊hardened kernel + hardened profile kernel只係去到6.12.69, 本身諗住用住blocklist方法之後等佢慢慢上6.12.85 但啱啱check返,原來呢兩樣野nixos-unstable經delete咗hardened profile 係咪指nixpkgs入邊個嗰hardened profile? 之前都有諗住用 但睇睇吓發覺已經無咗即係一個月後上nixos-26.05我又要大執個config 吊nixos越嚟越垃圾,成能日都話unmaintain之後cut features[love] 26.05 轉咗去default用initrd.systemd 如果本身initrd有custom config應該都要搞一排
點解你咁快佢咁慢部steam deck build kernel通常都2個鐘左右https://github.com/NixOS/nixpkgs/pull/502342#issuecomment-4193494350 真係好貼心我手build 6.18 Fedora & Slackware 兩用 要做過夜build 個kernel唔知要build幾耐 又要再做一次 又想試7.1個新ntfs driver
用guix感覺仲未成熟,會玩死自己
參考吓先 另外有個flake叫nix-mineral睇落都唔錯 之前睇過有個blog post話極端paranoid嘅話可以除咗 /nix 以外嘅filesystem mount option都set noexec 呢個我有啲想試吓yes, 其實只係一堆config嘅collection, copy落自己config都好容易 https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/profiles/hardened.nix 如果用嘅話,留意返入面有啲config會break home-manager / chromium / containers / hyperthreading其實我係用緊hardened kernel + hardened profile kernel只係去到6.12.69, 本身諗住用住blocklist方法之後等佢慢慢上6.12.85 但啱啱check返,原來呢兩樣野nixos-unstable經delete咗hardened profile 係咪指nixpkgs入邊個嗰hardened profile? 之前都有諗住用 但睇睇吓發覺已經無咗即係一個月後上nixos-26.05我又要大執個config 吊nixos越嚟越垃圾,成能日都話unmaintain之後cut features[love] 26.05 轉咗去default用initrd.systemd 如果本身initrd有custom config應該都要搞一排
咩係[boot.]initrd.systemd nixos班人真係好鐘意systemd以我所知就係stage 1會轉做systemd 如果有複雜嘅boot logic其實用systemd都唔錯我有[boot.]initrd.secrets嗰啲用嚟解鎖luks filesystems 唔知有無影響
nix-mineral好似唔錯,不過幾複雜,遲啲轉會先 用noexec我諗會太strict 原來initrd轉systemd即係用佢嚟做luks volume解鎖,我用緊grub所以應該要disable佢參考吓先 另外有個flake叫nix-mineral睇落都唔錯 之前睇過有個blog post話極端paranoid嘅話可以除咗 /nix 以外嘅filesystem mount option都set noexec 呢個我有啲想試吓yes, 其實只係一堆config嘅collection, copy落自己config都好容易 https://github.com/NixOS/nixpkgs/blob/nixos-25.11/nixos/modules/profiles/hardened.nix 如果用嘅話,留意返入面有啲config會break home-manager / chromium / containers / hyperthreading其實我係用緊hardened kernel + hardened profile kernel只係去到6.12.69, 本身諗住用住blocklist方法之後等佢慢慢上6.12.85 但啱啱check返,原來呢兩樣野nixos-unstable經delete咗hardened profile 係咪指nixpkgs入邊個嗰hardened profile? 之前都有諗住用 但睇睇吓發覺已經無咗即係一個月後上nixos-26.05我又要大執個config 吊nixos越嚟越垃圾,成能日都話unmaintain之後cut features[love] 26.05 轉咗去default用initrd.systemd 如果本身initrd有custom config應該都要搞一排 我有[boot.]initrd.secrets嗰啲用嚟解鎖luks filesystems 唔知有無影響
最後用咗個半鐘完工,好彩無fail @十字鎅豆腐 btw點解你steam要build kernel好似係因為佢用valve kernel 有一堆custom driver https://samuel.dionne-riel.com/blog/2024/11/20/whats-in-a-steam-deck-kernel-anyway.html
原來係custom kernel最後用咗個半鐘完工,好彩無fail @十字鎅豆腐 btw點解你steam要build kernel好似係因為佢用valve kernel 有一堆custom driver https://samuel.dionne-riel.com/blog/2024/11/20/whats-in-a-steam-deck-kernel-anyway.html
有無人玩過copy.fail個exploit? 好似話玩過之後部機個su binary會壞咗想玩唔知可以點搞返好
好似話一用copy.fail gain到root access之後個su就會壞咗 之後就咁run su都會自動passwordless root access有無人玩過copy.fail個exploit? 好似話玩過之後部機個su binary會壞咗想玩唔知可以點搞返好 有事個功能我無特別開 我個ESP有份systemrescue 睇下用佢救唔救到
-current 係 3.12.13好似話一用copy.fail gain到root access之後個su就會壞咗 之後就咁run su都會自動passwordless root access有無人玩過copy.fail個exploit? 好似話玩過之後部機個su binary會壞咗想玩唔知可以點搞返好 有事個功能我無特別開 我個ESP有份systemrescue 睇下用佢救唔救到 好似話slackware冇python3.10, 見到有人tailer made咗個特別版本exploit專俾Slackware用 但最好對比過啲code先好run以防萬一
搵到你講個Slackware版 分別係 Python 3.10 先有個splice 而且提過permission有唔同,可以用/bin/mount代替 我原版同Slackware版都試過 我個su permission 係 rws--x--x 兩個版本都無權開嚟玩 但改咗針對/bin/mount後 個 exploit 又真係發動到su-current 係 3.12.13好似話一用copy.fail gain到root access之後個su就會壞咗 之後就咁run su都會自動passwordless root access有無人玩過copy.fail個exploit? 好似話玩過之後部機個su binary會壞咗想玩唔知可以點搞返好 有事個功能我無特別開 我個ESP有份systemrescue 睇下用佢救唔救到 好似話slackware冇python3.10, 見到有人tailer made咗個特別版本exploit專俾Slackware用 但最好對比過啲code先好run以防萬一 會唔會係exploit完改咗root做無密碼 玩完望下 shadow & passwd 就知