diff options
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | 60-linux.hook | 12 | ||||
-rw-r--r-- | 90-linux.hook | 11 | ||||
-rw-r--r-- | PKGBUILD | 69 | ||||
-rw-r--r-- | config (renamed from config.x86_64) | 83 | ||||
-rw-r--r-- | linux.install | 13 | ||||
-rw-r--r-- | linux.preset | 14 |
7 files changed, 45 insertions, 177 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-hardened-git - pkgver = 5.3.0.r857780.g1317ca6048b5 + pkgver = 5.3.8.r858798.gdb18e081bc2b pkgrel = 1 url = https://github.com/anthraxx/linux-hardened arch = x86_64 @@ -14,26 +14,18 @@ pkgbase = linux-hardened-git makedepends = graphviz makedepends = imagemagick makedepends = git - replaces = linux-grsec options = !strip - source = git+https://github.com/anthraxx/linux-hardened#branch=5.3?signed - source = config.x86_64 - source = 60-linux.hook - source = 90-linux.hook - source = linux.preset + source = linux-hardened::git+https://github.com/anthraxx/linux-hardened#branch=5.3?signed + source = config validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E validpgpkeys = 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A validpgpkeys = E240B57E2C4630BA768E2F26FC1B547C8D8172C8 sha256sums = SKIP - sha256sums = 63feccba3f160c368c694f6a8fed4d8caa2c2a62cf73c7de28ab5fe276fe9923 - sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 - sha256sums = c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636 - sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 + sha256sums = 037cd07b6f1586f6c567cb9c4f78b1017bed4e73f69631f41ca417ab86e467dc pkgname = linux-hardened-git pkgdesc = The Linux-hardened-git kernel and modules - install = linux.install depends = coreutils depends = kmod depends = initramfs @@ -41,16 +33,12 @@ pkgname = linux-hardened-git optdepends = linux-firmware: firmware images needed for some devices optdepends = usbctl: deny_new_usb control provides = linux-hardened - conflicts = linux-hardened - backup = etc/mkinitcpio.d/linux-hardened-git.preset pkgname = linux-hardened-headers-git pkgdesc = Header files and scripts for building modules for Linux-hardened-git kernel provides = linux-hardened-headers - conflicts = linux-hardened-headers pkgname = linux-hardened-docs-git pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-hardened-git kernel provides = linux-hardened-docs - conflicts = linux-hardened-docs diff --git a/60-linux.hook b/60-linux.hook deleted file mode 100644 index b33873c854fb..000000000000 --- a/60-linux.hook +++ /dev/null @@ -1,12 +0,0 @@ -[Trigger] -Type = File -Operation = Install -Operation = Upgrade -Operation = Remove -Target = usr/lib/modules/%KERNVER%/* -Target = usr/lib/modules/%EXTRAMODULES%/* - -[Action] -Description = Updating %PKGBASE% module dependencies... -When = PostTransaction -Exec = /usr/bin/depmod %KERNVER% diff --git a/90-linux.hook b/90-linux.hook deleted file mode 100644 index fca45abe1a62..000000000000 --- a/90-linux.hook +++ /dev/null @@ -1,11 +0,0 @@ -[Trigger] -Type = File -Operation = Install -Operation = Upgrade -Target = usr/lib/modules/%KERNVER%/vmlinuz -Target = usr/lib/initcpio/* - -[Action] -Description = Updating %PKGBASE% initcpios... -When = PostTransaction -Exec = /usr/bin/mkinitcpio -p %PKGBASE% @@ -4,29 +4,23 @@ # Contributor: Thomas Baechler <thomas@archlinux.org> pkgbase=linux-hardened-git +_srcname=${pkgbase/-git/} _gitbranch=5.3 -pkgver=5.3.0.r857780.g1317ca6048b5 +pkgver=5.3.8.r858798.gdb18e081bc2b pkgrel=1 url='https://github.com/anthraxx/linux-hardened' -arch=('x86_64') -license=('GPL2') +arch=(x86_64) +license=(GPL2) makedepends=( xmlto kmod inetutils bc libelf python-sphinx python-sphinx_rtd_theme graphviz imagemagick git ) options=('!strip') -source=("git+https://github.com/anthraxx/linux-hardened#branch=${_gitbranch}?signed" - config.x86_64 # the main kernel config files - 60-linux.hook # pacman hook for depmod - 90-linux.hook # pacman hook for initramfs regeneration - linux.preset # standard config files for mkinitcpio ramdisk +source=("${_srcname}::git+https://github.com/anthraxx/linux-hardened#branch=${_gitbranch}?signed" + config # the main kernel config files ) -replaces=('linux-grsec') sha256sums=('SKIP' - '63feccba3f160c368c694f6a8fed4d8caa2c2a62cf73c7de28ab5fe276fe9923' - 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' - 'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636' - 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65') + '037cd07b6f1586f6c567cb9c4f78b1017bed4e73f69631f41ca417ab86e467dc') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -34,11 +28,8 @@ validpgpkeys=( 'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak ) -_kernelname=${pkgbase#linux} -: ${_kernelname:=-hardened} - pkgver() { - cd ${pkgbase/-git/} + cd $_srcname printf "%s.%s.%s%s.r%s.g%s" \ "$(grep '^VERSION = ' Makefile|awk -F' = ' '{print $2}')" \ "$(grep '^PATCHLEVEL = ' Makefile|awk -F' = ' '{print $2}')" \ @@ -49,13 +40,13 @@ pkgver() { } prepare() { - cd ${pkgbase/-git/} + cd $_srcname msg2 "Setting version..." rm -f localversion* include/config/kernel.release scripts/setlocalversion --save-scmversion echo "-$pkgrel" > localversion.10-pkgrel - echo "$_kernelname" > localversion.20-pkgname + echo "${pkgbase#linux}" > localversion.20-pkgname echo "-r$(git rev-list --count HEAD)" > localversion.30-revision local src @@ -68,7 +59,7 @@ prepare() { done msg2 "Setting config..." - cp ../config.x86_64 .config + cp ../config .config make olddefconfig make -s kernelrelease > version @@ -76,7 +67,7 @@ prepare() { } build() { - cd ${pkgbase/-git/} + cd $_srcname make bzImage modules htmldocs } @@ -86,10 +77,8 @@ _package() { optdepends=('crda: to set the correct wireless channels of your country' 'linux-firmware: firmware images needed for some devices' 'usbctl: deny_new_usb control') - backup=("etc/mkinitcpio.d/$pkgbase.preset") - install=linux.install - cd ${pkgbase/-git/} + cd $_srcname local kernver="$(<version)" local modulesdir="$pkgdir/usr/lib/modules/$kernver" @@ -97,10 +86,10 @@ _package() { # systemd expects to find the kernel here to allow hibernation # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344 install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz" - install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-${pkgbase/-git/}" + install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-$pkgbase" # Used by mkinitcpio to name the kernel - echo "${pkgbase/-git/}" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" + echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase" msg2 "Installing modules..." make INSTALL_MOD_PATH="$pkgdir/usr" modules_install @@ -108,25 +97,6 @@ _package() { # remove build and source links rm "$modulesdir"/{source,build} - msg2 "Installing hooks..." - # sed expression for following substitutions - local subst=" - s|%PKGBASE%|${pkgbase/-git/}|g - s|%KERNVER%|$kernver|g - " - - # hack to allow specifying an initially nonexisting install file - sed "$subst" "$startdir/$install" > "$startdir/$install.pkg" - true && install=$install.pkg - - # fill in mkinitcpio preset and pacman hooks - sed "$subst" ../linux.preset | install -Dm644 /dev/stdin \ - "$pkgdir/etc/mkinitcpio.d/${pkgbase/-git/}.preset" - sed "$subst" ../60-linux.hook | install -Dm644 /dev/stdin \ - "$pkgdir/usr/share/libalpm/hooks/60-${pkgbase/-git/}.hook" - sed "$subst" ../90-linux.hook | install -Dm644 /dev/stdin \ - "$pkgdir/usr/share/libalpm/hooks/90-${pkgbase/-git/}.hook" - msg2 "Fixing permissions..." chmod -Rc u=rwX,go=rX "$pkgdir" } @@ -134,7 +104,7 @@ _package() { _package-headers() { pkgdesc="Header files and scripts for building modules for ${pkgbase/linux/Linux} kernel" - cd ${pkgbase/-git/} + cd $_srcname local builddir="$pkgdir/usr/lib/modules/$(<version)/build" msg2 "Installing build files..." @@ -203,7 +173,7 @@ _package-headers() { msg2 "Adding symlink..." mkdir -p "$pkgdir/usr/src" - ln -sr "$builddir" "$pkgdir/usr/src/${pkgbase/-git/}" + ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" msg2 "Fixing permissions..." chmod -Rc u=rwX,go=rX "$pkgdir" @@ -212,7 +182,7 @@ _package-headers() { _package-docs() { pkgdesc="Kernel hackers manual - HTML documentation that comes with the ${pkgbase/linux/Linux} kernel" - cd ${pkgbase/-git/} + cd $_srcname local builddir="$pkgdir/usr/lib/modules/$(<version)/build" msg2 "Installing documentation..." @@ -233,7 +203,7 @@ _package-docs() { msg2 "Adding symlink..." mkdir -p "$pkgdir/usr/share/doc" - ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/${pkgbase/-git/}" + ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase" msg2 "Fixing permissions..." chmod -Rc u=rwX,go=rX "$pkgdir" @@ -244,7 +214,6 @@ for _p in "${pkgname[@]}"; do _p=${_p/-git/} eval "package_$_p-git() { provides=(${_p}) - conflicts=(${_p}) $(declare -f "_package${_p#linux-hardened}") _package${_p#linux-hardened} }" diff --git a/config.x86_64 b/config index 54975416edc4..471c37dfd5f2 100644 --- a/config.x86_64 +++ b/config @@ -1,13 +1,13 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.3.0 Kernel Configuration +# Linux/x86 5.3.8 Kernel Configuration # # -# Compiler: gcc (GCC) 9.1.0 +# Compiler: gcc (GCC) 9.2.0 # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=90100 +CONFIG_GCC_VERSION=90200 CONFIG_CLANG_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_HAS_ASM_GOTO=y @@ -86,10 +86,8 @@ CONFIG_GENERIC_CMOS_UPDATE=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ_COMMON=y # CONFIG_HZ_PERIODIC is not set -# CONFIG_NO_HZ_IDLE is not set -CONFIG_NO_HZ_FULL=y -CONFIG_CONTEXT_TRACKING=y -# CONFIG_CONTEXT_TRACKING_FORCE is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y # end of Timers subsystem @@ -103,8 +101,8 @@ CONFIG_PREEMPTION=y # # CPU/Task time and stats accounting # -CONFIG_VIRT_CPU_ACCOUNTING=y -CONFIG_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set CONFIG_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_SCHED_AVG_IRQ=y CONFIG_BSD_PROCESS_ACCT=y @@ -129,12 +127,12 @@ CONFIG_TREE_SRCU=y CONFIG_TASKS_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y -CONFIG_RCU_FANOUT=32 +CONFIG_RCU_FANOUT=64 CONFIG_RCU_FANOUT_LEAF=16 CONFIG_RCU_FAST_NO_HZ=y CONFIG_RCU_BOOST=y CONFIG_RCU_BOOST_DELAY=500 -CONFIG_RCU_NOCB_CPU=y +# CONFIG_RCU_NOCB_CPU is not set # end of RCU Subsystem CONFIG_BUILD_BIN2C=y @@ -675,7 +673,14 @@ CONFIG_ISCSI_IBFT_FIND=y CONFIG_ISCSI_IBFT=m CONFIG_FW_CFG_SYSFS=m # CONFIG_FW_CFG_SYSFS_CMDLINE is not set -# CONFIG_GOOGLE_FIRMWARE is not set +CONFIG_GOOGLE_FIRMWARE=y +# CONFIG_GOOGLE_SMI is not set +CONFIG_GOOGLE_COREBOOT_TABLE=m +CONFIG_GOOGLE_MEMCONSOLE=m +# CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY is not set +CONFIG_GOOGLE_FRAMEBUFFER_COREBOOT=m +CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=m +CONFIG_GOOGLE_VPD=m # # EFI (Extensible Firmware Interface) Support @@ -4093,7 +4098,7 @@ CONFIG_RMI4_F11=y CONFIG_RMI4_F12=y CONFIG_RMI4_F30=y CONFIG_RMI4_F34=y -CONFIG_RMI4_F54=y +# CONFIG_RMI4_F54 is not set CONFIG_RMI4_F55=y # @@ -6770,11 +6775,11 @@ CONFIG_SND_DESIGNWARE_PCM=y # # CONFIG_SND_SOC_FSL_ASRC is not set # CONFIG_SND_SOC_FSL_SAI is not set -CONFIG_SND_SOC_FSL_AUDMIX=m +# CONFIG_SND_SOC_FSL_AUDMIX is not set # CONFIG_SND_SOC_FSL_SSI is not set # CONFIG_SND_SOC_FSL_SPDIF is not set # CONFIG_SND_SOC_FSL_ESAI is not set -CONFIG_SND_SOC_FSL_MICFIL=m +# CONFIG_SND_SOC_FSL_MICFIL is not set # CONFIG_SND_SOC_IMX_AUDMUX is not set # end of SoC Audio for Freescale CPUs @@ -6808,7 +6813,7 @@ CONFIG_SND_SOC_INTEL_CML_H=m CONFIG_SND_SOC_INTEL_CML_LP=m CONFIG_SND_SOC_INTEL_SKYLAKE_FAMILY=m CONFIG_SND_SOC_INTEL_SKYLAKE_SSP_CLK=m -CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC=y +# CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC is not set CONFIG_SND_SOC_INTEL_SKYLAKE_COMMON=m CONFIG_SND_SOC_ACPI_INTEL_MATCH=m CONFIG_SND_SOC_INTEL_MACH=y @@ -6836,50 +6841,8 @@ CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH=m CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH=m CONFIG_SND_SOC_INTEL_KBL_RT5660_MACH=m CONFIG_SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH=m -CONFIG_SND_SOC_INTEL_SKL_HDA_DSP_GENERIC_MACH=m -CONFIG_SND_SOC_INTEL_SOF_RT5682_MACH=m CONFIG_SND_SOC_MTK_BTCVSD=m -CONFIG_SND_SOC_SOF_TOPLEVEL=y -CONFIG_SND_SOC_SOF_PCI=m -CONFIG_SND_SOC_SOF_ACPI=m -CONFIG_SND_SOC_SOF_OPTIONS=m -# CONFIG_SND_SOC_SOF_NOCODEC_SUPPORT is not set -# CONFIG_SND_SOC_SOF_STRICT_ABI_CHECKS is not set -# CONFIG_SND_SOC_SOF_DEBUG is not set -CONFIG_SND_SOC_SOF=m -CONFIG_SND_SOC_SOF_PROBE_WORK_QUEUE=y -CONFIG_SND_SOC_SOF_INTEL_TOPLEVEL=y -CONFIG_SND_SOC_SOF_INTEL_ACPI=m -CONFIG_SND_SOC_SOF_INTEL_PCI=m -CONFIG_SND_SOC_SOF_INTEL_HIFI_EP_IPC=m -CONFIG_SND_SOC_SOF_INTEL_ATOM_HIFI_EP=m -CONFIG_SND_SOC_SOF_INTEL_COMMON=m -CONFIG_SND_SOC_SOF_BAYTRAIL_SUPPORT=y -CONFIG_SND_SOC_SOF_BAYTRAIL=m -CONFIG_SND_SOC_SOF_BROADWELL_SUPPORT=y -CONFIG_SND_SOC_SOF_BROADWELL=m -CONFIG_SND_SOC_SOF_MERRIFIELD_SUPPORT=y -CONFIG_SND_SOC_SOF_MERRIFIELD=m -CONFIG_SND_SOC_SOF_APOLLOLAKE_SUPPORT=y -CONFIG_SND_SOC_SOF_APOLLOLAKE=m -CONFIG_SND_SOC_SOF_GEMINILAKE_SUPPORT=y -CONFIG_SND_SOC_SOF_GEMINILAKE=m -CONFIG_SND_SOC_SOF_CANNONLAKE_SUPPORT=y -CONFIG_SND_SOC_SOF_CANNONLAKE=m -CONFIG_SND_SOC_SOF_COFFEELAKE_SUPPORT=y -CONFIG_SND_SOC_SOF_COFFEELAKE=m -CONFIG_SND_SOC_SOF_ICELAKE_SUPPORT=y -CONFIG_SND_SOC_SOF_ICELAKE=m -CONFIG_SND_SOC_SOF_COMETLAKE_LP=m -CONFIG_SND_SOC_SOF_COMETLAKE_LP_SUPPORT=y -CONFIG_SND_SOC_SOF_COMETLAKE_H=m -CONFIG_SND_SOC_SOF_COMETLAKE_H_SUPPORT=y -CONFIG_SND_SOC_SOF_HDA_COMMON=m -CONFIG_SND_SOC_SOF_HDA_LINK=y -CONFIG_SND_SOC_SOF_HDA_AUDIO_CODEC=y -CONFIG_SND_SOC_SOF_HDA_LINK_BASELINE=m -CONFIG_SND_SOC_SOF_HDA=m -CONFIG_SND_SOC_SOF_XTENSA=m +# CONFIG_SND_SOC_SOF_TOPLEVEL is not set # # STMicroelectronics STM32 SOC audio support @@ -6952,7 +6915,6 @@ CONFIG_SND_SOC_ES8328_I2C=m CONFIG_SND_SOC_ES8328_SPI=m CONFIG_SND_SOC_GTM601=m CONFIG_SND_SOC_HDAC_HDMI=m -CONFIG_SND_SOC_HDAC_HDA=m CONFIG_SND_SOC_INNO_RK3036=m CONFIG_SND_SOC_LOCHNAGAR_SC=m CONFIG_SND_SOC_MAX98088=m @@ -7451,7 +7413,6 @@ CONFIG_USB_EMI62=m CONFIG_USB_EMI26=m CONFIG_USB_ADUTUX=m CONFIG_USB_SEVSEG=m -CONFIG_USB_RIO500=m CONFIG_USB_LEGOTOWER=m CONFIG_USB_LCD=m CONFIG_USB_CYPRESS_CY7C63=m diff --git a/linux.install b/linux.install deleted file mode 100644 index c78c1a9835b6..000000000000 --- a/linux.install +++ /dev/null @@ -1,13 +0,0 @@ -post_upgrade() { - if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then - echo "WARNING: /boot appears to be a separate partition but is not mounted." - fi - -} - -post_remove() { - rm -f boot/initramfs-%PKGBASE%.img - rm -f boot/initramfs-%PKGBASE%-fallback.img -} - -# vim:set ft=sh ts=8 sts=2 sw=2 et: diff --git a/linux.preset b/linux.preset deleted file mode 100644 index 66709a8c1537..000000000000 --- a/linux.preset +++ /dev/null @@ -1,14 +0,0 @@ -# mkinitcpio preset file for the '%PKGBASE%' package - -ALL_config="/etc/mkinitcpio.conf" -ALL_kver="/boot/vmlinuz-%PKGBASE%" - -PRESETS=('default' 'fallback') - -#default_config="/etc/mkinitcpio.conf" -default_image="/boot/initramfs-%PKGBASE%.img" -#default_options="" - -#fallback_config="/etc/mkinitcpio.conf" -fallback_image="/boot/initramfs-%PKGBASE%-fallback.img" -fallback_options="-S autodetect" |