summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/linux-libre-hardened/PKGBUILD62
-rw-r--r--libre/linux-libre-hardened/config.x86_6424
2 files changed, 42 insertions, 44 deletions
diff --git a/libre/linux-libre-hardened/PKGBUILD b/libre/linux-libre-hardened/PKGBUILD
index f62ab602e..ac3dc88f6 100644
--- a/libre/linux-libre-hardened/PKGBUILD
+++ b/libre/linux-libre-hardened/PKGBUILD
@@ -4,7 +4,7 @@
pkgbase=linux-libre-hardened
_srcbasever=5.0-gnu
-_srcver=5.0.6-gnu
+_srcver=5.0.16-gnu
_hardenedver=a
_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
@@ -18,7 +18,7 @@ pkgrel=1
arch=(x86_64)
url='https://linux-libre.fsfla.org/'
license=(GPL2)
-makedepends=(xmlto kmod inetutils bc libelf python-sphinx graphviz)
+makedepends=(xmlto kmod inetutils bc libelf)
options=('!strip')
source=(
"https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcbasever/linux-libre-$_srcbasever.tar.xz"{,.sign}
@@ -27,14 +27,17 @@ source=(
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_clut224.ppm"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig}
- # the main kernel config files
- config.x86_64
- # pacman hooks for depmod and initramfs regeneration
- 60-linux.hook 90-linux.hook
- # standard config files for mkinitcpio ramdisk
- linux.preset
- # other patches
+ config.x86_64 # the main kernel config file
+ 60-linux.hook # pacman hook for depmod
+ 90-linux.hook # pacman hook for initramfs regeneration
+ linux.preset # standard config files for mkinitcpio ramdisk
+
+ # maintain the TTY over USB disconnects
+ # http://www.coreboot.org/EHCI_Gadget_Debug
0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
+ # fix Atmel maXTouch touchscreen support
+ # https://labs.parabola.nu/issues/877
+ # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
0002-fix-Atmel-maXTouch-touchscreen-support.patch
)
validpgpkeys=(
@@ -45,9 +48,9 @@ validpgpkeys=(
)
sha512sums=('56b8e77eb445c92c3e0ec0dc45fa5fb09641cad18003b79991652b83cf1d96cc1651750dfa9eec15652108a1b8aff1781c4f8ec5f92784b8542e59e0605922d9'
'SKIP'
- 'c015da00812cfc9cb16e408807338d2e09270e3b33deb85c5cab36e9c2e6155dbc2a3653d744de272032d524bbb59b428984debf1369e42b788b51caf4591526'
+ '5b3acf94db36055ad760cee8ca16972eb041105585d90fc25543ebbd2b40c31eb9587d65852016e935aad89b9187bbdcdbb602894213bd4a04b32a52aae4c8c0'
'SKIP'
- 'e6f82b082418f5f408713ba85de74a9ec44f5daaab6060a6690b00ab9ee2730e4b4049becc8287efea2c468b213369bdc75ae6e3c167cc3c892529ba13233f62'
+ '31f6df035b7dbb149af8f5253669a4b42d0ff25f2bf783388dcb40c36ea320dad2ea065a7fcf0e2bb344d78bce58590a18c20741a7a6abf9eb44c5df85723522'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -55,7 +58,7 @@ sha512sums=('56b8e77eb445c92c3e0ec0dc45fa5fb09641cad18003b79991652b83cf1d96cc165
'SKIP'
'7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
'SKIP'
- '543de5a62a19109fad75249f2c90593732dfbb7d2c97670248e1ecfd9c5f86819559fe8ee77b1cc1d0fae94293fd8a458df68fe23d34e5593b38848f426f700f'
+ 'a6570865c511dcd52a89f781fbb3a41f550200c7227339699720ebcb35f7ce3a8512fb8cfad7d010ab60303fbae06990d57471e49590846e2f604301aa4889bd'
'7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
'4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
'2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
@@ -75,28 +78,25 @@ prepare() {
patch -p1 -i ../patch-$_srcbasever-$_srcver
fi
- # add linux-hardened patch
- patch -p1 -i ../linux-hardened-${_srcver%-*}.${_hardenedver}.patch
-
# add freedo as boot logo
install -m644 -t drivers/video/logo \
../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
- # maintain the TTY over USB disconnects
- # http://www.coreboot.org/EHCI_Gadget_Debug
- patch -p1 -i ../0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
-
- # fix Atmel maXTouch touchscreen support
- # https://labs.parabola.nu/issues/877
- # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
- patch -p1 -i ../0002-fix-Atmel-maXTouch-touchscreen-support.patch
-
msg2 "Setting version..."
sed -e "/^EXTRAVERSION = -gnu/s/= -gnu.*/= .${_hardenedver}-gnu/" -i Makefile
scripts/setlocalversion --save-scmversion
echo "-$pkgrel" > localversion.10-pkgrel
echo "$_kernelname" > localversion.20-pkgname
+ local src
+ for src in "${source[@]}"; do
+ src="${src%%::*}"
+ src="${src##*/}"
+ [[ $src = *.patch ]] || continue
+ msg2 "Applying patch $src..."
+ patch -Np1 < "../$src"
+ done
+
msg2 "Setting config..."
cp ../config.x86_64 .config
make olddefconfig
@@ -107,7 +107,7 @@ prepare() {
build() {
cd $_srcname
- make bzImage modules htmldocs
+ make bzImage modules
}
_package() {
@@ -268,18 +268,6 @@ _package-docs() {
mkdir -p "$builddir"
cp -t "$builddir" -a Documentation
- msg2 "Removing doctrees..."
- rm -r "$builddir/Documentation/output/.doctrees"
-
- msg2 "Moving HTML docs..."
- local src dst
- while read -rd '' src; do
- dst="$builddir/Documentation/${src#$builddir/Documentation/output/}"
- mkdir -p "${dst%/*}"
- mv "$src" "$dst"
- rmdir -p --ignore-fail-on-non-empty "${src%/*}"
- done < <(find "$builddir/Documentation/output" -type f -print0)
-
msg2 "Adding symlink..."
mkdir -p "$pkgdir/usr/share/doc"
ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
diff --git a/libre/linux-libre-hardened/config.x86_64 b/libre/linux-libre-hardened/config.x86_64
index 9e692d0c7..3081e09d5 100644
--- a/libre/linux-libre-hardened/config.x86_64
+++ b/libre/linux-libre-hardened/config.x86_64
@@ -1,13 +1,13 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.0.5-gnu Kernel Configuration
+# Linux/x86 5.0.16-gnu Kernel Configuration
#
#
-# Compiler: gcc (GCC) 8.2.1 20181127
+# Compiler: gcc (GCC) 8.3.0
#
CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=80201
+CONFIG_GCC_VERSION=80300
CONFIG_CLANG_VERSION=0
CONFIG_CC_HAS_ASM_GOTO=y
CONFIG_IRQ_WORK=y
@@ -2992,7 +2992,7 @@ CONFIG_IXGBE=m
CONFIG_IXGBE_HWMON=y
CONFIG_IXGBE_DCA=y
CONFIG_IXGBE_DCB=y
-CONFIG_IXGBE_IPSEC=y
+# CONFIG_IXGBE_IPSEC is not set
CONFIG_IXGBEVF=m
CONFIG_IXGBEVF_IPSEC=y
CONFIG_I40E=m
@@ -4017,6 +4017,7 @@ CONFIG_N_HDLC=m
CONFIG_N_GSM=m
CONFIG_TRACE_ROUTER=m
CONFIG_TRACE_SINK=m
+CONFIG_LDISC_AUTOLOAD=y
# CONFIG_DEVMEM is not set
# CONFIG_DEVKMEM is not set
@@ -4103,7 +4104,6 @@ CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_NVRAM=m
-CONFIG_R3964=m
CONFIG_APPLICOM=m
#
@@ -9188,8 +9188,16 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
-# CONFIG_SECURITY_SMACK is not set
-# CONFIG_SECURITY_TOMOYO is not set
+CONFIG_SECURITY_SMACK=y
+CONFIG_SECURITY_SMACK_BRINGUP=y
+CONFIG_SECURITY_SMACK_NETFILTER=y
+CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y
+CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
CONFIG_SECURITY_APPARMOR_HASH=y
@@ -9203,6 +9211,8 @@ CONFIG_INTEGRITY_AUDIT=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_SMACK is not set
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""