From 44178fe4782c4a3812eb35702d148046e8db04d3 Mon Sep 17 00:00:00 2001 From: David P Date: Tue, 2 Mar 2021 09:31:03 -0500 Subject: updpkg: libre/linux-libre-hardened 5.10.19.hardened1-1 Signed-off-by: David P --- libre/linux-libre-hardened/PKGBUILD | 13 +++++++------ libre/linux-libre-hardened/config | 19 ++++++++++--------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/libre/linux-libre-hardened/PKGBUILD b/libre/linux-libre-hardened/PKGBUILD index 4c2059148..1e3a4405f 100644 --- a/libre/linux-libre-hardened/PKGBUILD +++ b/libre/linux-libre-hardened/PKGBUILD @@ -9,7 +9,7 @@ _replacesoldkernels=() # '%' gets replaced with kernel suffix _replacesoldmodules=() # '%' gets replaced with kernel suffix pkgbase=linux-libre-hardened -pkgver=5.10.7.a +pkgver=5.10.19.hardened1 pkgrel=1 pkgdesc='Security-Hardened Linux-libre' url='https://linux-libre.fsfla.org/' @@ -21,10 +21,11 @@ makedepends=( ) options=('!strip') _srcname=linux-5.10 +_srctag=${pkgver%.*}-${pkgver##*.} source=( "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcname##*-}-gnu/linux-libre-${_srcname##*-}-gnu.tar.xz"{,.sign} "https://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver%.*}-gnu/patch-${_srcname##*-}-gnu-${pkgver%.*}-gnu.xz"{,.sign} - "https://github.com/anthraxx/linux-hardened/releases/download/$pkgver/linux-hardened-$pkgver.patch"{,.sig} + "https://github.com/anthraxx/linux-hardened/releases/download/${_srctag}/linux-hardened-${_srctag}.patch"{,.sig} "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig} config # the main kernel config file @@ -45,9 +46,9 @@ validpgpkeys=( ) sha512sums=('ccc52db049a66ff146d9fc84fb00e783f2d04211156233a382f87589fec7631b8fbb3e76bfd94279607b883d25f9745e6c7d2bd62b13311dc6b425002bd42ec0' 'SKIP' - 'f3e5ee9ef33eaf2a15de39b99a2a01b88681df0519f1b03dc19fa8db63120096dbddcbce9c00f8b7515b55161d3d440a9439954fc2356a35f7da5f878b5dfedb' + 'ed4bf87f5b9f4bcc3cdaa3aa7e4fb1e39d5182157d96c49aaff4d54f9454922330b1a47c74f40af62869ee81ff5e3cb78abcfe883af5463084180c556961f068' 'SKIP' - '66ab8e0e8338fe446a31a107b5c7acab97f37f432c95f6bf5142c097643043c1345acf96114479fdd0ee4b387ca182c4907e9f883e405e7a3564a1912eb5a7e1' + '4bea351580ebe3e52e18a1b5e82b9a40855b77fc0c6e6581c5f3fc9e0a2ac5df8274d29b6907e7ac4e7f20df9b74749fb97317d68f111f88ebd6907966d3d04b' 'SKIP' '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3' 'SKIP' @@ -55,7 +56,7 @@ sha512sums=('ccc52db049a66ff146d9fc84fb00e783f2d04211156233a382f87589fec7631b8fb 'SKIP' '267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1' 'SKIP' - 'da78994e8c265b4fd3130180c194c28c2709545dcc2e51555ef5db5222254a1623bf43454eb931b57fffd8157b14927029618ce9e020e73858c3e7bbd8259716' + '77092070fdfd8dba9f497b2a7ae8f779e177846209f602918fadb946e43fa11578a04b55123294756bc1de5ff5ca750d34e824ae32190ed94a3692345630c7d3' '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af' 'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168') @@ -80,7 +81,7 @@ prepare() { ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm} echo "Setting version..." - sed -e "/^-EXTRAVERSION =/s/=/= -gnu/" -i "../linux-hardened-$pkgver.patch" + sed -e "/^-EXTRAVERSION =/s/=/= -gnu/" -i "../linux-hardened-$_srctag.patch" scripts/setlocalversion --save-scmversion echo "-$pkgrel" > localversion.10-pkgrel echo "${pkgbase#linux-libre}" > localversion.20-pkgname diff --git a/libre/linux-libre-hardened/config b/libre/linux-libre-hardened/config index d776b4028..797e9c9e4 100644 --- a/libre/linux-libre-hardened/config +++ b/libre/linux-libre-hardened/config @@ -1,11 +1,11 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.7-gnu Kernel Configuration +# Linux/x86 5.10.19-gnu Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=100200 -CONFIG_LD_VERSION=235010000 +CONFIG_LD_VERSION=236010000 CONFIG_CLANG_VERSION=0 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y @@ -2890,7 +2890,7 @@ CONFIG_B53_SRAB_DRIVER=m CONFIG_B53_SERDES=m CONFIG_NET_DSA_BCM_SF2=m CONFIG_NET_DSA_LOOP=m -CONFIG_NET_DSA_LANTIQ_GSWIP=m +# CONFIG_NET_DSA_LANTIQ_GSWIP is not set CONFIG_NET_DSA_MT7530=m CONFIG_NET_DSA_MV88E6060=m CONFIG_NET_DSA_MICROCHIP_KSZ_COMMON=m @@ -3285,7 +3285,7 @@ CONFIG_AT803X_PHY=m CONFIG_QSEMI_PHY=m CONFIG_REALTEK_PHY=m CONFIG_RENESAS_PHY=m -CONFIG_ROCKCHIP_PHY=m +# CONFIG_ROCKCHIP_PHY is not set CONFIG_SMSC_PHY=m CONFIG_STE10XP=m CONFIG_TERANETICS_PHY=m @@ -4110,7 +4110,7 @@ CONFIG_SERIAL_UARTLITE_NR_UARTS=1 CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_JSM=m -CONFIG_SERIAL_LANTIQ=m +# CONFIG_SERIAL_LANTIQ is not set CONFIG_SERIAL_SCCNXP=m CONFIG_SERIAL_SC16IS7XX_CORE=m CONFIG_SERIAL_SC16IS7XX=m @@ -4350,11 +4350,11 @@ CONFIG_SPI_DLN2=m CONFIG_SPI_NXP_FLEXSPI=m CONFIG_SPI_GPIO=m CONFIG_SPI_LM70_LLP=m -CONFIG_SPI_LANTIQ_SSC=m +# CONFIG_SPI_LANTIQ_SSC is not set CONFIG_SPI_OC_TINY=m CONFIG_SPI_PXA2XX=m CONFIG_SPI_PXA2XX_PCI=m -CONFIG_SPI_ROCKCHIP=m +# CONFIG_SPI_ROCKCHIP is not set CONFIG_SPI_SC18IS602=m CONFIG_SPI_SIFIVE=m CONFIG_SPI_MXIC=m @@ -9314,7 +9314,8 @@ CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set -# CONFIG_SECURITY_LOADPIN is not set +CONFIG_SECURITY_LOADPIN=y +CONFIG_SECURITY_LOADPIN_ENFORCE=y CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_SAFESETID=y CONFIG_SECURITY_LOCKDOWN_LSM=y @@ -9329,7 +9330,7 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="lockdown,yama" +CONFIG_LSM="lockdown,yama,bpf" # # Kernel hardening options -- cgit v1.2.3