diff options
-rw-r--r-- | .SRCINFO | 24 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 22 | ||||
-rw-r--r-- | PKGBUILD | 132 |
3 files changed, 103 insertions, 75 deletions
@@ -1,13 +1,12 @@ pkgbase = linux-rc - pkgver = 6.8rc1 + pkgver = 6.9rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 - license = GPL2 + license = GPL-2.0-only makedepends = bc makedepends = cpio makedepends = gettext - makedepends = git makedepends = libelf makedepends = pahole makedepends = perl @@ -16,6 +15,11 @@ pkgbase = linux-rc makedepends = xz makedepends = kmod makedepends = xmlto + makedepends = graphviz + makedepends = imagemagick + makedepends = python-sphinx + makedepends = python-yaml + makedepends = texlive-latexextra makedepends = bison makedepends = flex makedepends = zstd @@ -25,13 +29,15 @@ pkgbase = linux-rc makedepends = gcc-libs makedepends = glibc makedepends = binutils + makedepends = git + options = !debug options = !strip - source = https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-6.8-rc1.tar.gz - source = https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/7d2b6771ff6939d0ca6e8c9a7185d902a37b4eea/config + source = https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-6.9-rc1.tar.gz + source = https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/abef9db380deca88617f7014b683667ef6fc81e4/config source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - sha256sums = 327c0c2dcbe348ab9902dc30511f5cfb239cfff8a8d285b29779c4b5bd7c8e42 - sha256sums = aa47193f89794412776f36c970cabbf19e9abaccf01e3c33f4f891dd4661e5af - sha256sums = f936aae4d832ac87db8fbb9effb066dd368d092f71dd7135d1548babdb7d10c8 + sha256sums = a0239424e10e45c43252d5decc6978a3fa58e0d4d631d0855db57fa209f53165 + sha256sums = c2b00c84c4b543db431e06604d939a62f93107d18369f4d9860dc8062b01ab45 + sha256sums = 416609986399d3046811bcc2344f4ee0833b6c92e305da3925a6e193f810dad2 pkgname = linux-rc pkgdesc = The Linux kernel and modules - Release Candidate version @@ -40,9 +46,9 @@ pkgname = linux-rc depends = kmod optdepends = wireless-regdb: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices + provides = KSMBD-MODULE provides = VIRTUALBOX-GUEST-MODULES provides = WIREGUARD-MODULE - provides = KSMBD-MODULE replaces = virtualbox-guest-modules-arch replaces = wireguard-arch diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 66cb0bb1d276..d00d967d7c92 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,7 +1,7 @@ -From 35d79b574508f84805b19ef3e1c4b21b9605e946 Mon Sep 17 00:00:00 2001 +From 9d3a77d68441f82ae970418e45de3d3db14daabc Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 -Subject: [PATCH 1/2] ZEN: Add sysctl and CONFIG to disallow unprivileged +Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER Our default behavior continues to match the vanilla kernel. @@ -36,10 +36,10 @@ index 6030a8235..60b7fe5fa 100644 { return &init_user_ns; diff --git a/init/Kconfig b/init/Kconfig -index 9ffb103fc..f91ccd3c1 100644 +index bee58f746..859989666 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1226,6 +1226,22 @@ config USER_NS +@@ -1247,6 +1247,22 @@ config USER_NS If unsure, say N. @@ -63,12 +63,12 @@ index 9ffb103fc..f91ccd3c1 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index 10917c3e1..458360cf9 100644 +index 0d944e92a..5449c990a 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -100,6 +100,10 @@ - #include <linux/user_events.h> +@@ -102,6 +102,10 @@ #include <linux/iommu.h> + #include <linux/rseq.h> +#ifdef CONFIG_USER_NS +#include <linux/user_namespace.h> @@ -77,7 +77,7 @@ index 10917c3e1..458360cf9 100644 #include <asm/pgalloc.h> #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -2265,6 +2269,10 @@ __latent_entropy struct task_struct *copy_process( +@@ -2260,6 +2264,10 @@ __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -88,7 +88,7 @@ index 10917c3e1..458360cf9 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -3411,6 +3419,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -3406,6 +3414,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -132,7 +132,7 @@ index 157f7ce29..881fc4f5d 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index eabe8bcc7..ac9d1f702 100644 +index ce4d99df5..8272e2e35 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -22,6 +22,13 @@ @@ -150,5 +150,5 @@ index eabe8bcc7..ac9d1f702 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.43.0 +2.44.0 @@ -35,23 +35,59 @@ fi ################################################################################### pkgbase=linux-rc -pkgver=6.8rc1 -_pkgver=6.8-rc1 +pkgver=6.9rc1 +_pkgver=6.9-rc1 pkgrel=1 -commit=7d2b6771ff6939d0ca6e8c9a7185d902a37b4eea +commit=abef9db380deca88617f7014b683667ef6fc81e4 arch=(x86_64) url='https://www.kernel.org/' -license=(GPL2) -makedepends=(bc cpio gettext git libelf pahole perl python tar xz kmod xmlto) -makepends+=(graphviz imagemagick python-sphinx texlive-latexextra) # htmldocs -makedepends+=(bison flex zstd make patch gcc gcc-libs glibc binutils) +license=(GPL-2.0-only) +makedepends=( + bc + cpio + gettext + libelf + pahole + perl + python + tar + xz + kmod + xmlto + # htmldocs + graphviz + imagemagick + python-sphinx + python-yaml + texlive-latexextra +) +makedepends+=( + bison + flex + zstd + make + patch + gcc + gcc-libs + glibc + binutils + git +) if [[ "$_compiler" = "2" ]]; then - makedepends+=(clang llvm llvm-libs lld python) + makedepends+=( + clang + llvm + llvm-libs + lld + clang + python + ) fi -options=(!strip) - +options=( + !debug + !strip +) archlinuxpath=https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/$commit - source=(#https://github.com/torvalds/linux/archive/refs/tags/v${_pkgver}.tar.gz https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-${_pkgver}.tar.gz ${archlinuxpath}/config @@ -77,8 +113,7 @@ prepare(){ plain "" # Copy the config file first - # Copy "${srcdir}"/config to "${srcdir}"/linux-${_pkgver}/.config - msg "Copy "${srcdir}"/config to "${srcdir}"/linux-$_pkgver/.config" + msg "Copy the config file first..." cp "${srcdir}"/config .config sleep 2s @@ -97,6 +132,7 @@ prepare(){ # fi # Set LTO with CLANG/LLVM + if [[ "$_compiler" = "2" ]]; then msg "Enable THIN LTO" @@ -128,38 +164,8 @@ prepare(){ plain "" fi - msg "Apply some Archlinux config" - - msg2 "Compress modules by default (following Arch's kernel)" - scripts/config --enable CONFIG_MODULE_COMPRESS_ZSTD - - sleep 2s - - msg2 "CONFIG_STACK_VALIDATION gives better stack traces. Also is enabled in all official kernel packages by Archlinux team" - scripts/config --enable CONFIG_STACK_VALIDATION - - sleep 2s - - msg2 "Enable IKCONFIG following Arch's philosophy" - scripts/config --enable CONFIG_IKCONFIG - scripts/config --enable CONFIG_IKCONFIG_PROC - - sleep 2s - - msg2 "Enable FUNCTION_TRACER/GRAPH_TRACER" - scripts/config --enable CONFIG_FUNCTION_TRACER - scripts/config --enable CONFIG_STACK_TRACER - - sleep 2s - - msg2 "Enable CONFIG_USER_NS_UNPRIVILEGED" - scripts/config --enable CONFIG_USER_NS - - sleep 2s - - plain "" - - msg "Supress depmod" + # Supress depmod + msg "Supress depmod..." sed -i '2iexit 0' scripts/depmod.sh sleep 2s @@ -176,6 +182,7 @@ prepare(){ plain "" # Config + msg "make olddefconfig..." make ARCH=${ARCH} ${BUILD_FLAGS[*]} olddefconfig plain "" @@ -189,17 +196,32 @@ prepare(){ build(){ cd ${srcdir}/linux-$_pkgver - msg "make -j$(nproc) all..." + msg "make all" make ARCH=${ARCH} ${BUILD_FLAGS[*]} -j$(nproc) all + msg "make -C tools/bpf/bpftool vmlinux.h feature-clang-bpf-co-re=1" + make ARCH=${ARCH} ${BUILD_FLAGS[*]} -j$(nproc) -C tools/bpf/bpftool vmlinux.h feature-clang-bpf-co-re=1 } _package(){ pkgdesc='The Linux kernel and modules - Release Candidate version' - depends=(coreutils initramfs kmod) - optdepends=('wireless-regdb: to set the correct wireless channels of your country' - 'linux-firmware: firmware images needed for some devices') - provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE KSMBD-MODULE) - replaces=(virtualbox-guest-modules-arch wireguard-arch) + depends=( + coreutils + initramfs + kmod + ) + optdepends=( + 'wireless-regdb: to set the correct wireless channels of your country' + 'linux-firmware: firmware images needed for some devices' + ) + provides=( + KSMBD-MODULE + VIRTUALBOX-GUEST-MODULES + WIREGUARD-MODULE + ) + replaces=( + virtualbox-guest-modules-arch + wireguard-arch + ) cd ${srcdir}/linux-$_pkgver @@ -231,7 +253,7 @@ _package-headers(){ local builddir="$pkgdir"/usr/lib/modules/"$(<version)"/build msg "Installing build files..." - install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map *localversion* version vmlinux + install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map *localversion* version vmlinux tools/bpf/bpftool/vmlinux.h install -Dt "$builddir/kernel" -m644 kernel/Makefile install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile cp -t "$builddir" -a scripts @@ -306,9 +328,9 @@ _package-headers(){ ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase" } -sha256sums=('327c0c2dcbe348ab9902dc30511f5cfb239cfff8a8d285b29779c4b5bd7c8e42' - 'aa47193f89794412776f36c970cabbf19e9abaccf01e3c33f4f891dd4661e5af' - 'f936aae4d832ac87db8fbb9effb066dd368d092f71dd7135d1548babdb7d10c8') +sha256sums=('a0239424e10e45c43252d5decc6978a3fa58e0d4d631d0855db57fa209f53165' + 'c2b00c84c4b543db431e06604d939a62f93107d18369f4d9860dc8062b01ab45' + '416609986399d3046811bcc2344f4ee0833b6c92e305da3925a6e193f810dad2') pkgname=($pkgbase $pkgbase-headers) for _p in "${pkgname[@]}"; do |