diff options
-rw-r--r-- | libre/linux-libre-hardened/PKGBUILD | 62 | ||||
-rw-r--r-- | libre/linux-libre-hardened/config.x86_64 | 24 |
2 files changed, 42 insertions, 44 deletions
diff --git a/libre/linux-libre-hardened/PKGBUILD b/libre/linux-libre-hardened/PKGBUILD index f62ab602e..ac3dc88f6 100644 --- a/libre/linux-libre-hardened/PKGBUILD +++ b/libre/linux-libre-hardened/PKGBUILD @@ -4,7 +4,7 @@ pkgbase=linux-libre-hardened _srcbasever=5.0-gnu -_srcver=5.0.6-gnu +_srcver=5.0.16-gnu _hardenedver=a _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname @@ -18,7 +18,7 @@ pkgrel=1 arch=(x86_64) url='https://linux-libre.fsfla.org/' license=(GPL2) -makedepends=(xmlto kmod inetutils bc libelf python-sphinx graphviz) +makedepends=(xmlto kmod inetutils bc libelf) options=('!strip') source=( "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcbasever/linux-libre-$_srcbasever.tar.xz"{,.sign} @@ -27,14 +27,17 @@ source=( "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_clut224.ppm"{,.sig} "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig} "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig} - # the main kernel config files - config.x86_64 - # pacman hooks for depmod and initramfs regeneration - 60-linux.hook 90-linux.hook - # standard config files for mkinitcpio ramdisk - linux.preset - # other patches + config.x86_64 # the main kernel config file + 60-linux.hook # pacman hook for depmod + 90-linux.hook # pacman hook for initramfs regeneration + linux.preset # standard config files for mkinitcpio ramdisk + + # maintain the TTY over USB disconnects + # http://www.coreboot.org/EHCI_Gadget_Debug 0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch + # fix Atmel maXTouch touchscreen support + # https://labs.parabola.nu/issues/877 + # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html 0002-fix-Atmel-maXTouch-touchscreen-support.patch ) validpgpkeys=( @@ -45,9 +48,9 @@ validpgpkeys=( ) sha512sums=('56b8e77eb445c92c3e0ec0dc45fa5fb09641cad18003b79991652b83cf1d96cc1651750dfa9eec15652108a1b8aff1781c4f8ec5f92784b8542e59e0605922d9' 'SKIP' - 'c015da00812cfc9cb16e408807338d2e09270e3b33deb85c5cab36e9c2e6155dbc2a3653d744de272032d524bbb59b428984debf1369e42b788b51caf4591526' + '5b3acf94db36055ad760cee8ca16972eb041105585d90fc25543ebbd2b40c31eb9587d65852016e935aad89b9187bbdcdbb602894213bd4a04b32a52aae4c8c0' 'SKIP' - 'e6f82b082418f5f408713ba85de74a9ec44f5daaab6060a6690b00ab9ee2730e4b4049becc8287efea2c468b213369bdc75ae6e3c167cc3c892529ba13233f62' + '31f6df035b7dbb149af8f5253669a4b42d0ff25f2bf783388dcb40c36ea320dad2ea065a7fcf0e2bb344d78bce58590a18c20741a7a6abf9eb44c5df85723522' 'SKIP' '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' 'SKIP' @@ -55,7 +58,7 @@ sha512sums=('56b8e77eb445c92c3e0ec0dc45fa5fb09641cad18003b79991652b83cf1d96cc165 'SKIP' '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78' 'SKIP' - '543de5a62a19109fad75249f2c90593732dfbb7d2c97670248e1ecfd9c5f86819559fe8ee77b1cc1d0fae94293fd8a458df68fe23d34e5593b38848f426f700f' + 'a6570865c511dcd52a89f781fbb3a41f550200c7227339699720ebcb35f7ce3a8512fb8cfad7d010ab60303fbae06990d57471e49590846e2f604301aa4889bd' '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a' '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' @@ -75,28 +78,25 @@ prepare() { patch -p1 -i ../patch-$_srcbasever-$_srcver fi - # add linux-hardened patch - patch -p1 -i ../linux-hardened-${_srcver%-*}.${_hardenedver}.patch - # add freedo as boot logo install -m644 -t drivers/video/logo \ ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm} - # maintain the TTY over USB disconnects - # http://www.coreboot.org/EHCI_Gadget_Debug - patch -p1 -i ../0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch - - # fix Atmel maXTouch touchscreen support - # https://labs.parabola.nu/issues/877 - # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html - patch -p1 -i ../0002-fix-Atmel-maXTouch-touchscreen-support.patch - msg2 "Setting version..." sed -e "/^EXTRAVERSION = -gnu/s/= -gnu.*/= .${_hardenedver}-gnu/" -i Makefile scripts/setlocalversion --save-scmversion echo "-$pkgrel" > localversion.10-pkgrel echo "$_kernelname" > localversion.20-pkgname + local src + for src in "${source[@]}"; do + src="${src%%::*}" + src="${src##*/}" + [[ $src = *.patch ]] || continue + msg2 "Applying patch $src..." + patch -Np1 < "../$src" + done + msg2 "Setting config..." cp ../config.x86_64 .config make olddefconfig @@ -107,7 +107,7 @@ prepare() { build() { cd $_srcname - make bzImage modules htmldocs + make bzImage modules } _package() { @@ -268,18 +268,6 @@ _package-docs() { mkdir -p "$builddir" cp -t "$builddir" -a Documentation - msg2 "Removing doctrees..." - rm -r "$builddir/Documentation/output/.doctrees" - - msg2 "Moving HTML docs..." - local src dst - while read -rd '' src; do - dst="$builddir/Documentation/${src#$builddir/Documentation/output/}" - mkdir -p "${dst%/*}" - mv "$src" "$dst" - rmdir -p --ignore-fail-on-non-empty "${src%/*}" - done < <(find "$builddir/Documentation/output" -type f -print0) - msg2 "Adding symlink..." mkdir -p "$pkgdir/usr/share/doc" ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase" diff --git a/libre/linux-libre-hardened/config.x86_64 b/libre/linux-libre-hardened/config.x86_64 index 9e692d0c7..3081e09d5 100644 --- a/libre/linux-libre-hardened/config.x86_64 +++ b/libre/linux-libre-hardened/config.x86_64 @@ -1,13 +1,13 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.0.5-gnu Kernel Configuration +# Linux/x86 5.0.16-gnu Kernel Configuration # # -# Compiler: gcc (GCC) 8.2.1 20181127 +# Compiler: gcc (GCC) 8.3.0 # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80201 +CONFIG_GCC_VERSION=80300 CONFIG_CLANG_VERSION=0 CONFIG_CC_HAS_ASM_GOTO=y CONFIG_IRQ_WORK=y @@ -2992,7 +2992,7 @@ CONFIG_IXGBE=m CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCA=y CONFIG_IXGBE_DCB=y -CONFIG_IXGBE_IPSEC=y +# CONFIG_IXGBE_IPSEC is not set CONFIG_IXGBEVF=m CONFIG_IXGBEVF_IPSEC=y CONFIG_I40E=m @@ -4017,6 +4017,7 @@ CONFIG_N_HDLC=m CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_DEVMEM is not set # CONFIG_DEVKMEM is not set @@ -4103,7 +4104,6 @@ CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=m CONFIG_NVRAM=m -CONFIG_R3964=m CONFIG_APPLICOM=m # @@ -9188,8 +9188,16 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y -# CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_SMACK=y +CONFIG_SECURITY_SMACK_BRINGUP=y +CONFIG_SECURITY_SMACK_NETFILTER=y +CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y +CONFIG_SECURITY_TOMOYO=y +CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 +CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 +# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set +CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 CONFIG_SECURITY_APPARMOR_HASH=y @@ -9203,6 +9211,8 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_IMA is not set # CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_SMACK is not set +# CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" |