FS#42910: Enable TOMOYO and SMACK

author: Kyle De'Vir 2019-04-12 05:50:54 +1000
committer: Kyle De'Vir 2019-04-12 05:50:54 +1000
commit: 41c35d44b749515eb61b6b79bf29c489ffb58c33 (patch)
tree: c0cf94c5c69a60c0cb46b2875fecdd3e00dee4fa
parent: db1d27c2fc981b8f4ee186b64f4d345a7a874e98 (diff)
download: aur-41c35d44b749515eb61b6b79bf29c489ffb58c33.tar.gz
3 files changed, 71 insertions, 37 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 7cab66aa86f7..efa2416e875a 100755
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -4,14 +4,14 @@ pkgbase = linux-bcachefs-git
 	url = https://github.com/koverstreet/bcachefs
 	arch = x86_64
 	license = GPL2
-	makedepends = xmlto
-	makedepends = kmod
-	makedepends = inetutils
 	makedepends = bc
-	makedepends = libelf
 	makedepends = git
-	makedepends = python-sphinx
 	makedepends = graphviz
+	makedepends = inetutils
+	makedepends = kmod
+	makedepends = libelf
+	makedepends = python-sphinx
+	makedepends = xmlto
 	options = !strip
 	source = git+https://github.com/koverstreet/bcachefs#branch=master
 	source = git+https://github.com/graysky2/kernel_gcc_patch
@@ -23,7 +23,7 @@ pkgbase = linux-bcachefs-git
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = SKIP
 	sha256sums = SKIP
-	sha256sums = dc3293984d8d7a6a9fea503d8e4768a2397f6924ec2a79f0a2f6ad8117132ea5
+	sha256sums = 2128176f4fb5f3c43be2552bee77fa182c430e0a9750d1429e5ad3946da663a5
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
@@ -31,21 +31,21 @@ pkgbase = linux-bcachefs-git
 pkgname = linux-bcachefs-git
 	pkgdesc = The Linux-bcachefs-git kernel and modules
 	install = linux.install
+	depends = bcachefs-tools-git
 	depends = coreutils
-	depends = linux-firmware
 	depends = kmod
+	depends = linux-firmware
 	depends = mkinitcpio
-	depends = bcachefs-tools
 	optdepends = crda: to set the correct wireless channels of your country
 	backup = etc/mkinitcpio.d/linux-bcachefs-git.preset
 
 pkgname = linux-bcachefs-git-headers
 	pkgdesc = Header files and scripts for building modules for Linux-bcachefs-git kernel
-	provides = linux-bcachefs-headers=5.0.7.arch1
+	provides = linux-bcachefs-git-headers=5.0.7.arch1
 	provides = linux-headers=5.0.7.arch1
 
 pkgname = linux-bcachefs-git-docs
 	pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-bcachefs-git kernel
-	provides = linux-bcachefs-docs=5.0.7.arch1
+	provides = linux-bcachefs-git-docs=5.0.7.arch1
 	provides = linux-docs=5.0.7.arch1
 
diff --git a/PKGBUILD b/PKGBUILD
index 72a60bf72896..b3b9d6c43d71 100755
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -59,13 +59,22 @@ _subarch=
 _localmodcfg=
 
 pkgbase=linux-bcachefs-git
-_srcver_arch=5.0.7-arch1
-pkgver=${_srcver_arch//-/.}
+_srcver_tag_arch=5.0.7-arch1
+pkgver=${_srcver_tag_arch//-/.}
 pkgrel=1
 arch=(x86_64)
 url="https://github.com/koverstreet/bcachefs"
 license=(GPL2)
-makedepends=(xmlto kmod inetutils bc libelf git python-sphinx graphviz)
+makedepends=(
+    bc
+    git
+    graphviz
+    inetutils
+    kmod
+    libelf
+    python-sphinx
+    xmlto
+)
 options=('!strip')
 
 _reponame="bcachefs"
@@ -75,21 +84,19 @@ _reponame_gcc_patch="kernel_gcc_patch"
 _repo_url_gcc_patch="https://github.com/graysky2/${_reponame_gcc_patch}"
 _gcc_patch_name="enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch"
 
-source=(
-    "git+${_repo_url}#branch=master"
-    "git+${_repo_url_gcc_patch}"
-    config         # the main kernel config file
-    60-linux.hook  # pacman hook for depmod
-    90-linux.hook  # pacman hook for initramfs regeneration
-    linux.preset   # standard config files for mkinitcpio ramdisk
+source=("git+${_repo_url}#branch=master"
+        "git+${_repo_url_gcc_patch}"
+        config         # the main kernel config file
+        60-linux.hook  # pacman hook for depmod
+        90-linux.hook  # pacman hook for initramfs regeneration
+        linux.preset   # standard config files for mkinitcpio ramdisk
 )
-validpgpkeys=(
-    'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
-    '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
+validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
+              '647F28654894E3BD457199BE38DBBDC86092693E'  # Greg Kroah-Hartman
 )
 sha256sums=('SKIP'
             'SKIP'
-            'dc3293984d8d7a6a9fea503d8e4768a2397f6924ec2a79f0a2f6ad8117132ea5'
+            '2128176f4fb5f3c43be2552bee77fa182c430e0a9750d1429e5ad3946da663a5'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
@@ -98,11 +105,11 @@ _kernelname=${pkgbase#linux}
 : ${_kernelname:=-ARCH}
 
 prepare() {
-    cd $_reponame
+    cd ${_reponame}
 
     msg2 "Adding patches from Arch Linux kernel repository..."
     git remote add arch_stable https://git.archlinux.org/linux.git
-    git pull --no-edit arch_stable v$_srcver_arch
+    git pull --no-edit arch_stable v${_srcver_tag_arch}
 
     # https://github.com/graysky2/kernel_gcc_patch
     msg2 "Patching to enabled additional gcc CPU optimizatons..."
@@ -157,13 +164,20 @@ prepare() {
 }
 
 build() {
-    cd $_reponame
+    cd ${_reponame}
+    
     make bzImage modules htmldocs
 }
 
 _package() {
     pkgdesc="The ${pkgbase/linux/Linux} kernel and modules"
-    depends=(coreutils linux-firmware kmod mkinitcpio bcachefs-tools)
+    depends=(
+        bcachefs-tools-git
+        coreutils
+        kmod
+        linux-firmware
+        mkinitcpio
+    )
     optdepends=('crda: to set the correct wireless channels of your country')
     backup=("etc/mkinitcpio.d/$pkgbase.preset")
     install=linux.install
@@ -171,7 +185,7 @@ _package() {
     local kernver="$(<version)"
     local modulesdir="$pkgdir/usr/lib/modules/$kernver"
 
-    cd $_reponame
+    cd ${_reponame}
 
     msg2 "Installing boot image..."
     # systemd expects to find the kernel here to allow hibernation
@@ -218,11 +232,14 @@ _package() {
 
 _package-headers() {
     pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel"
-    provides=("linux-bcachefs-headers=${pkgver}" "linux-headers=${pkgver}")
+    provides=(
+        "linux-bcachefs-git-headers=${pkgver}"
+        "linux-headers=${pkgver}"
+    )
 
     local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
 
-    cd $_reponame
+    cd ${_reponame}
 
     msg2 "Installing build files..."
     install -Dt "$builddir" -m644 Makefile .config Module.symvers System.map vmlinux
@@ -300,11 +317,14 @@ _package-headers() {
 
 _package-docs() {
     pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel"
-    provides=("linux-bcachefs-docs=${pkgver}" "linux-docs=${pkgver}")
+    provides=(
+        "linux-bcachefs-git-docs=${pkgver}"
+        "linux-docs=${pkgver}"
+    )
 
     local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
 
-    cd $_reponame
+    cd ${_reponame}
 
     msg2 "Installing documentation..."
     mkdir -p "$builddir"
@@ -330,7 +350,11 @@ _package-docs() {
     chmod -Rc u=rwX,go=rX "$pkgdir"
 }
 
-pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
+pkgname=(
+    "$pkgbase"
+    "$pkgbase-headers"
+    "$pkgbase-docs"
+)
 for _p in "${pkgname[@]}"; do
     eval "package_$_p() {
         $(declare -f "_package${_p#$pkgbase}")
diff --git a/config b/config
index c9312f51a79b..73a7b6a68f10 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.0.6-arch1 Kernel Configuration
+# Linux/x86 5.0.7-arch1 Kernel Configuration
 #
 
 #
@@ -9271,8 +9271,16 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
-# CONFIG_SECURITY_SMACK is not set
-# CONFIG_SECURITY_TOMOYO is not set
+CONFIG_SECURITY_SMACK=y
+CONFIG_SECURITY_SMACK_BRINGUP=y
+CONFIG_SECURITY_SMACK_NETFILTER=y
+CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y
+CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_APPARMOR_HASH=y
@@ -9286,6 +9294,8 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_SMACK is not set
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
author	Kyle De'Vir	2019-04-12 05:50:54 +1000
committer	Kyle De'Vir	2019-04-12 05:50:54 +1000
commit	41c35d44b749515eb61b6b79bf29c489ffb58c33 (patch)
tree	c0cf94c5c69a60c0cb46b2875fecdd3e00dee4fa
parent	db1d27c2fc981b8f4ee186b64f4d345a7a874e98 (diff)
download	aur-41c35d44b749515eb61b6b79bf29c489ffb58c33.tar.gz