summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/linux-libre-hardened/PKGBUILD43
-rw-r--r--libre/linux-libre-hardened/config81
2 files changed, 44 insertions, 80 deletions
diff --git a/libre/linux-libre-hardened/PKGBUILD b/libre/linux-libre-hardened/PKGBUILD
index ac5475a7f..6dca19e65 100644
--- a/libre/linux-libre-hardened/PKGBUILD
+++ b/libre/linux-libre-hardened/PKGBUILD
@@ -9,11 +9,9 @@ _replacesoldkernels=('linux-grsec' 'linux-libre-grsec') # '%' gets replaced with
_replacesoldmodules=() # '%' gets replaced with kernel suffix
pkgbase=linux-libre-hardened
-_srcbasever=5.3-gnu
-_srcver=5.3.8-gnu
-_srcname=linux-${_srcbasever%-*}
-pkgver=${_srcver//-/.a_}
+pkgver=5.3.13.a_gnu
pkgrel=1
+pkgdesc='Security-Hardened Linux-libre'
url='https://linux-libre.fsfla.org/'
arch=(x86_64)
license=(GPL2)
@@ -22,9 +20,10 @@ makedepends=(
python-sphinx python-sphinx_rtd_theme graphviz imagemagick
)
options=('!strip')
+_srcname=linux-5.3
source=(
- "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcbasever/linux-libre-$_srcbasever.tar.xz"{,.sign}
- "https://linux-libre.fsfla.org/pub/linux-libre/releases/$_srcver/patch-$_srcbasever-$_srcver.xz"{,.sign}
+ "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcname##*-}-gnu/linux-libre-${_srcname##*-}-gnu.tar.xz"{,.sign}
+ "https://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver//${pkgver%.*}.*_/${pkgver%.*}-}/patch-${_srcname##*-}-gnu-${pkgver//${pkgver%.*}.*_/${pkgver%.*}-}.xz"{,.sign}
"https://github.com/anthraxx/linux-hardened/releases/download/${pkgver%%_*}/linux-hardened-${pkgver%%_*}.patch"{,.sig}
"https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig}
config # the main kernel config file
@@ -45,9 +44,9 @@ validpgpkeys=(
)
sha512sums=('85d83c973ef96ab414354414da70ab3e1c3df19c3088458498cec1594952878b7967a8988bd9e36d4e728cc573a36e6eac056dbcab2f9aa742f18cbb4fb3164f'
'SKIP'
- 'eca168c4c460bf8d8fbf322e1aa9c6b509f205c7597142967648c09402de95c8438ae302b4920c8f120192b1a54286f0fb860955c66414f3a3c376e41f246391'
+ '3e9c95825f6852a0721a940c80b01b9772c17ae1680c1ce5a151e4f5b577a4a50f030aa0f2fbbc2b53b898b081bf33e67bfdeb513fe5535f95c4b479452264c3'
'SKIP'
- 'bfb66281d772b24741471e93ea265a9b6a15081fe2a2c1cd6bde9eef34b2943bcbe42f7908cb7335b97a92c189a8fceff2aa7b753c08447a913928f343eeb336'
+ '4df1d7be2823df714f9a1f5480ff2d5476929c58910fc4a6b1af3e4d325a4519072850dc0dc218ec402b17aa7456bc1596f95409f2f92717dc7cac07cb42b0b6'
'SKIP'
'13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
'SKIP'
@@ -55,7 +54,7 @@ sha512sums=('85d83c973ef96ab414354414da70ab3e1c3df19c3088458498cec1594952878b796
'SKIP'
'267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1'
'SKIP'
- '796272cb732bc2ce988037a48891b04f3cfda74ccb6ff3f1f8863f760805f2c66ee083dd66b2ced6783f369638aa1dff498894e67e7d17e3b0cf5fc1ce62946b'
+ '9330c175265136b9a0fcf36350d8235cec88899534cb7ea31ce9175b177e3cca5c4e315ff24ad5871baff7cb9093b13e5f149556a10f145cc6a369d1e764c049'
'02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168')
@@ -65,17 +64,17 @@ _replacesoldmodules=("${_replacesoldmodules[@]/\%/${pkgbase#linux-libre}}")
export KBUILD_BUILD_HOST=parabola
export KBUILD_BUILD_USER=$pkgbase
-export KBUILD_BUILD_TIMESTAMP="@${SOURCE_DATE_EPOCH:-$(date +%s)}"
+export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
prepare() {
cd $_srcname
- # add upstream patch
- if [ "$_srcbasever" != "$_srcver" ]; then
- patch -p1 -i ../patch-$_srcbasever-$_srcver
+ if [ "${_srcname##*-}-gnu" != "${pkgver//${pkgver%.*}.*_/${pkgver%.*}-}" ]; then
+ msg2 "Applying upstream patch..."
+ patch -p1 -i ../patch-${_srcname##*-}-gnu-${pkgver//${pkgver%.*}.*_/${pkgver%.*}-}
fi
- # add freedo as boot logo
+ msg2 "Adding freedo as boot logo..."
install -m644 -t drivers/video/logo \
../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
@@ -109,12 +108,12 @@ build() {
}
_package() {
- pkgdesc="The ${pkgbase^} kernel and modules"
+ pkgdesc="The $pkgdesc kernel and modules"
depends=(coreutils kmod initramfs)
optdepends=('crda: to set the correct wireless channels of your country'
'linux-libre-firmware: firmware images needed for some devices'
'usbctl: deny_new_usb control')
- provides=("${_replacesarchkernel[@]/%/=${_srcver%%-*}}" "LINUX-ABI_VERSION=${_srcver%%-*}")
+ provides=("${_replacesarchkernel[@]/%/=${pkgver%%_*}}" "LINUX-ABI_VERSION=${pkgver%.*}")
conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
@@ -141,8 +140,8 @@ _package() {
}
_package-headers() {
- pkgdesc="Header files and scripts for building modules for ${pkgbase^} kernel"
- provides=("${_replacesarchkernel[@]/%/-headers=${_srcver%%-*}}")
+ pkgdesc="Header files and scripts for building modules for $pkgdesc kernel"
+ provides=("${_replacesarchkernel[@]/%/-headers=${pkgver%%_*}}")
conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
@@ -222,8 +221,8 @@ _package-headers() {
}
_package-docs() {
- pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase^} kernel"
- provides=("${_replacesarchkernel[@]/%/-docs=${_srcver%%-*}}")
+ pkgdesc="Kernel hacker's manual for the $pkgdesc kernel"
+ provides=("${_replacesarchkernel[@]/%/-docs=${pkgver%%_*}}")
conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
@@ -234,8 +233,8 @@ _package-docs() {
mkdir -p "$builddir"
cp -t "$builddir" -a Documentation
- msg2 "Removing doctrees..."
- rm -r "$builddir/Documentation/output/.doctrees"
+ msg2 "Removing unneeded files..."
+ rm -rv "$builddir"/Documentation/{,output/}.[^.]*
msg2 "Moving HTML docs..."
local src dst
diff --git a/libre/linux-libre-hardened/config b/libre/linux-libre-hardened/config
index ab9e9c519..1e263f62f 100644
--- a/libre/linux-libre-hardened/config
+++ b/libre/linux-libre-hardened/config
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.3.7-gnu Kernel Configuration
+# Linux/x86 5.3.13-gnu Kernel Configuration
#
#
@@ -86,10 +86,8 @@ CONFIG_GENERIC_CMOS_UPDATE=y
CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ_COMMON=y
# CONFIG_HZ_PERIODIC is not set
-# CONFIG_NO_HZ_IDLE is not set
-CONFIG_NO_HZ_FULL=y
-CONFIG_CONTEXT_TRACKING=y
-# CONFIG_CONTEXT_TRACKING_FORCE is not set
+CONFIG_NO_HZ_IDLE=y
+# CONFIG_NO_HZ_FULL is not set
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
# end of Timers subsystem
@@ -103,8 +101,8 @@ CONFIG_PREEMPTION=y
#
# CPU/Task time and stats accounting
#
-CONFIG_VIRT_CPU_ACCOUNTING=y
-CONFIG_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
CONFIG_IRQ_TIME_ACCOUNTING=y
CONFIG_HAVE_SCHED_AVG_IRQ=y
CONFIG_BSD_PROCESS_ACCT=y
@@ -129,12 +127,12 @@ CONFIG_TREE_SRCU=y
CONFIG_TASKS_RCU=y
CONFIG_RCU_STALL_COMMON=y
CONFIG_RCU_NEED_SEGCBLIST=y
-CONFIG_RCU_FANOUT=32
+CONFIG_RCU_FANOUT=64
CONFIG_RCU_FANOUT_LEAF=16
CONFIG_RCU_FAST_NO_HZ=y
CONFIG_RCU_BOOST=y
CONFIG_RCU_BOOST_DELAY=500
-CONFIG_RCU_NOCB_CPU=y
+# CONFIG_RCU_NOCB_CPU is not set
# end of RCU Subsystem
CONFIG_BUILD_BIN2C=y
@@ -444,6 +442,9 @@ CONFIG_X86_SMAP=y
CONFIG_X86_INTEL_UMIP=y
# CONFIG_X86_INTEL_MPX is not set
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
+# CONFIG_X86_INTEL_TSX_MODE_OFF is not set
+# CONFIG_X86_INTEL_TSX_MODE_ON is not set
+CONFIG_X86_INTEL_TSX_MODE_AUTO=y
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_EFI_MIXED=y
@@ -675,7 +676,14 @@ CONFIG_ISCSI_IBFT_FIND=y
CONFIG_ISCSI_IBFT=m
CONFIG_FW_CFG_SYSFS=m
# CONFIG_FW_CFG_SYSFS_CMDLINE is not set
-# CONFIG_GOOGLE_FIRMWARE is not set
+CONFIG_GOOGLE_FIRMWARE=y
+# CONFIG_GOOGLE_SMI is not set
+CONFIG_GOOGLE_COREBOOT_TABLE=m
+CONFIG_GOOGLE_MEMCONSOLE=m
+# CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY is not set
+CONFIG_GOOGLE_FRAMEBUFFER_COREBOOT=m
+CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=m
+CONFIG_GOOGLE_VPD=m
#
# EFI (Extensible Firmware Interface) Support
@@ -4016,7 +4024,7 @@ CONFIG_RMI4_F11=y
CONFIG_RMI4_F12=y
CONFIG_RMI4_F30=y
CONFIG_RMI4_F34=y
-CONFIG_RMI4_F54=y
+# CONFIG_RMI4_F54 is not set
CONFIG_RMI4_F55=y
#
@@ -6689,11 +6697,11 @@ CONFIG_SND_DESIGNWARE_PCM=y
#
# CONFIG_SND_SOC_FSL_ASRC is not set
# CONFIG_SND_SOC_FSL_SAI is not set
-CONFIG_SND_SOC_FSL_AUDMIX=m
+# CONFIG_SND_SOC_FSL_AUDMIX is not set
# CONFIG_SND_SOC_FSL_SSI is not set
# CONFIG_SND_SOC_FSL_SPDIF is not set
# CONFIG_SND_SOC_FSL_ESAI is not set
-CONFIG_SND_SOC_FSL_MICFIL=m
+# CONFIG_SND_SOC_FSL_MICFIL is not set
# CONFIG_SND_SOC_IMX_AUDMUX is not set
# end of SoC Audio for Freescale CPUs
@@ -6727,7 +6735,7 @@ CONFIG_SND_SOC_INTEL_CML_H=m
CONFIG_SND_SOC_INTEL_CML_LP=m
CONFIG_SND_SOC_INTEL_SKYLAKE_FAMILY=m
CONFIG_SND_SOC_INTEL_SKYLAKE_SSP_CLK=m
-CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC=y
+# CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC is not set
CONFIG_SND_SOC_INTEL_SKYLAKE_COMMON=m
CONFIG_SND_SOC_ACPI_INTEL_MATCH=m
CONFIG_SND_SOC_INTEL_MACH=y
@@ -6755,50 +6763,8 @@ CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH=m
CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH=m
CONFIG_SND_SOC_INTEL_KBL_RT5660_MACH=m
CONFIG_SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH=m
-CONFIG_SND_SOC_INTEL_SKL_HDA_DSP_GENERIC_MACH=m
-CONFIG_SND_SOC_INTEL_SOF_RT5682_MACH=m
CONFIG_SND_SOC_MTK_BTCVSD=m
-CONFIG_SND_SOC_SOF_TOPLEVEL=y
-CONFIG_SND_SOC_SOF_PCI=m
-CONFIG_SND_SOC_SOF_ACPI=m
-CONFIG_SND_SOC_SOF_OPTIONS=m
-# CONFIG_SND_SOC_SOF_NOCODEC_SUPPORT is not set
-# CONFIG_SND_SOC_SOF_STRICT_ABI_CHECKS is not set
-# CONFIG_SND_SOC_SOF_DEBUG is not set
-CONFIG_SND_SOC_SOF=m
-CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE=y
-CONFIG_SND_SOC_SOF_INTEL_TOPLEVEL=y
-CONFIG_SND_SOC_SOF_INTEL_ACPI=m
-CONFIG_SND_SOC_SOF_INTEL_PCI=m
-CONFIG_SND_SOC_SOF_INTEL_HIFI_EP_IPC=m
-CONFIG_SND_SOC_SOF_INTEL_ATOM_HIFI_EP=m
-CONFIG_SND_SOC_SOF_INTEL_COMMON=m
-CONFIG_SND_SOC_SOF_BAYTRAIL_SUPPORT=y
-CONFIG_SND_SOC_SOF_BAYTRAIL=m
-CONFIG_SND_SOC_SOF_BROADWELL_SUPPORT=y
-CONFIG_SND_SOC_SOF_BROADWELL=m
-CONFIG_SND_SOC_SOF_MERRIFIELD_SUPPORT=y
-CONFIG_SND_SOC_SOF_MERRIFIELD=m
-CONFIG_SND_SOC_SOF_APOLLOLAKE_SUPPORT=y
-CONFIG_SND_SOC_SOF_APOLLOLAKE=m
-CONFIG_SND_SOC_SOF_GEMINILAKE_SUPPORT=y
-CONFIG_SND_SOC_SOF_GEMINILAKE=m
-CONFIG_SND_SOC_SOF_CANNONLAKE_SUPPORT=y
-CONFIG_SND_SOC_SOF_CANNONLAKE=m
-CONFIG_SND_SOC_SOF_COFFEELAKE_SUPPORT=y
-CONFIG_SND_SOC_SOF_COFFEELAKE=m
-CONFIG_SND_SOC_SOF_ICELAKE_SUPPORT=y
-CONFIG_SND_SOC_SOF_ICELAKE=m
-CONFIG_SND_SOC_SOF_COMETLAKE_LP=m
-CONFIG_SND_SOC_SOF_COMETLAKE_LP_SUPPORT=y
-CONFIG_SND_SOC_SOF_COMETLAKE_H=m
-CONFIG_SND_SOC_SOF_COMETLAKE_H_SUPPORT=y
-CONFIG_SND_SOC_SOF_HDA_COMMON=m
-CONFIG_SND_SOC_SOF_HDA_LINK=y
-CONFIG_SND_SOC_SOF_HDA_AUDIO_CODEC=y
-CONFIG_SND_SOC_SOF_HDA_LINK_BASELINE=m
-CONFIG_SND_SOC_SOF_HDA=m
-CONFIG_SND_SOC_SOF_XTENSA=m
+# CONFIG_SND_SOC_SOF_TOPLEVEL is not set
#
# STMicroelectronics STM32 SOC audio support
@@ -6871,7 +6837,6 @@ CONFIG_SND_SOC_ES8328_I2C=m
CONFIG_SND_SOC_ES8328_SPI=m
CONFIG_SND_SOC_GTM601=m
CONFIG_SND_SOC_HDAC_HDMI=m
-CONFIG_SND_SOC_HDAC_HDA=m
CONFIG_SND_SOC_INNO_RK3036=m
CONFIG_SND_SOC_LOCHNAGAR_SC=m
CONFIG_SND_SOC_MAX98088=m