diff options
| author |   Georgy Yakovlev <gyakovlev@gentoo.org> | 2021-06-04 14:17:49 -0700 |
|---|---|---|
| committer | Georgy Yakovlev <gyakovlev@gentoo.org> | 2021-06-08 01:34:51 -0700 |
| commit | 9dbaac00ce68b86e2a63a173fd9cb19171046961 (patch) | |
| tree | 65509739d7e1f1cd2a04960b559f41cca58fd1f8 | |
| parent | media-libs/rubberband: bump to 1.9.2 (diff) | |
| download | gentoo-9dbaac00ce68b86e2a63a173fd9cb19171046961.tar.gz gentoo-9dbaac00ce68b86e2a63a173fd9cb19171046961.tar.bz2 gentoo-9dbaac00ce68b86e2a63a173fd9cb19171046961.zip | |
sys-kernel/gentoo-kernel: add hardened useflag/config
Bug: https://bugs.gentoo.org/689154
Closes: https://github.com/gentoo/gentoo/pull/21124
Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
| -rw-r--r-- | sys-kernel/gentoo-kernel/Manifest | 1 | ||||
| -rw-r--r-- | sys-kernel/gentoo-kernel/gentoo-kernel-5.10.42.ebuild | 25 | ||||
| -rw-r--r-- | sys-kernel/gentoo-kernel/gentoo-kernel-5.12.9.ebuild | 25 | ||||
| -rw-r--r-- | sys-kernel/gentoo-kernel/metadata.xml | 1 |
4 files changed, 42 insertions, 10 deletions
diff --git a/sys-kernel/gentoo-kernel/Manifest b/sys-kernel/gentoo-kernel/Manifest index fac6b9463339..21d8f18513f0 100644 --- a/sys-kernel/gentoo-kernel/Manifest +++ b/sys-kernel/gentoo-kernel/Manifest @@ -33,6 +33,7 @@ DIST genpatches-5.4-126.extras.tar.xz 1772 BLAKE2B 900e7881ef06469e55c4c79b14045 DIST genpatches-5.4-127.base.tar.xz 3553224 BLAKE2B 99331a43982e2dc9efab061b25663e59284e7f1758f683f288fe09ebddc0790ea901e722cde8b9955085afdbb4f2bb45b546ab632a45d310aef9fc16d6cdb0fb SHA512 a78106c658cf7cd1ad08ee100f9cfeade4e1eaf0da9c6e3819a59e54dad9a17a36ee46d8c38dedae58c5f30444054906344e813f9a2d8f0405be2a588a1f9c8b DIST genpatches-5.4-127.extras.tar.xz 1772 BLAKE2B da124b0076e952e1468ee4adc8965a6c346b945fd56e828903fd8dd2689d8433ad07457792ac7a78431a76c142d9c77955b2fbdba042063b80df331acdeb8cf8 SHA512 284260c19cf81d0c444747e1adc588ddc3442c3e69a1729841e39b8e4df9dc4cff8e852fc7db56033a1f2b3770a7c34010dd331eab71910da1a719347f56eed7 DIST gentoo-kernel-config-5.10.32.tar.gz 1269 BLAKE2B 4a21a57d567d9a527ef829f375275c65347b2e6461b00e50099458c496af0a7b3b863a6e1d8421ad18c52c64c1c4cd7e5fd416673b67738cde6253af8a9f18db SHA512 a83ef22a7f9f83f01bd65a5470f0678111b0a7dcf1dc564e04264f68cc54833dbed4cccffe2864caf3ac14169611259f0bb786c1aefe194372d6d3f67fa64c00 +DIST gentoo-kernel-config-5.10.42.tar.gz 3992 BLAKE2B b04f585ccc823c25baafea011a5df9e4ed79f5537fb0c47726bb54d3f6197627b078a6f8510707a68edd9308f7ede84ca3f9bff78e64e06c9ea3d53db496c10f SHA512 5d42e1ac694441acb8ea13fa3e80615bd18f0932a37f50c3d34c8c2f95ef4dfa6541407ddcad802b4fb13468e0e85d8cd09ac37d3612260f9a81d081cb4b6713 DIST gentoo-kernel-config-5.4.114.tar.gz 1298 BLAKE2B e494041cd63ba53f055cfd555e359934d5054238bd096addd7965754e6708bada63398c4b315318f73130ed81c1391524388396775632248870721f1ce23f203 SHA512 225600db53532ee131dd83d10cecc97a83f4615975ff32f3f6190a15eace64707cb59490bb42940e4429f9054221b9d9a589ada443922062bb5ee18ecc42c26c DIST kernel-aarch64-fedora.config.5.10.12 223184 BLAKE2B a0246dac2f7a4ad6a55b611538d24382ac87a8960077811a859c9595ac67f961b4bccb7e139a89abc7c0e26e80832da5c94211fc658082f2e7dde984f14dd29d SHA512 7d803b347b136331db1ad6e22e0445fe0224c3e26cd7c034cbe9794915d457b492e05f77664865079874ec001351553652646e2e08d0fee31e30b841b0008f52 DIST kernel-aarch64-fedora.config.5.11.21 225958 BLAKE2B 69f8cc7bd78ecebc08aace077af06ca09d0a891db5ad8e3d6391024eef3e8fc9d284fc8b9a9cf9a23d9494edf31e2e51bc7b4e2752e7f207e97cff31748e81f5 SHA512 57eb0b3add7e8348fd62557598c2c8ff412812d40438121cf0f14543d2046aa4a7b87f6f4e3c34c9f471b91209857f54c5a540de48df4a7a082ddec125558467 diff --git a/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.42.ebuild b/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.42.ebuild index 624447890ba1..5dd6f6b5adad 100644 --- a/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.42.ebuild +++ b/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.42.ebuild @@ -10,7 +10,7 @@ GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 3 )) # https://koji.fedoraproject.org/koji/packageinfo?packageID=8 CONFIG_VER=5.10.12 CONFIG_HASH=836165dd2dff34e4f2c47ca8f9c803002c1e6530 -GENTOO_CONFIG_VER=5.10.32 +GENTOO_CONFIG_VER=5.10.42 DESCRIPTION="Linux kernel built with Gentoo patches" HOMEPAGE="https://www.kernel.org/" @@ -39,7 +39,7 @@ S=${WORKDIR}/${MY_P} LICENSE="GPL-2" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" -IUSE="debug" +IUSE="debug hardened" REQUIRED_USE="arm? ( savedconfig )" RDEPEND=" @@ -49,6 +49,8 @@ BDEPEND=" PDEPEND=" >=virtual/dist-kernel-${PV}" +QA_FLAGS_IGNORED="usr/src/linux-.*/scripts/gcc-plugins/.*.so" + src_prepare() { local PATCHES=( # meh, genpatches have no directory @@ -78,13 +80,26 @@ src_prepare() { ;; esac - echo 'CONFIG_LOCALVERSION="-gentoo-dist"' > "${T}"/version.config || die + local myversion="-gentoo-dist" + use hardened && myversion+="-hardened" + echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die + local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}" + local merge_configs=( "${T}"/version.config - "${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"/base.config + "${dist_conf_path}"/base.config ) use debug || merge_configs+=( - "${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"/no-debug.config + "${dist_conf_path}"/no-debug.config ) + if use hardened; then + merge_configs+=( "${dist_conf_path}"/hardened-base.config ) + + tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config ) + + if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then + merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" ) + fi + fi kernel-build_merge_configs "${merge_configs[@]}" } diff --git a/sys-kernel/gentoo-kernel/gentoo-kernel-5.12.9.ebuild b/sys-kernel/gentoo-kernel/gentoo-kernel-5.12.9.ebuild index ca7cf2b59bdd..d029af954eaa 100644 --- a/sys-kernel/gentoo-kernel/gentoo-kernel-5.12.9.ebuild +++ b/sys-kernel/gentoo-kernel/gentoo-kernel-5.12.9.ebuild @@ -10,7 +10,7 @@ GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 1 )) # https://koji.fedoraproject.org/koji/packageinfo?packageID=8 CONFIG_VER=5.12.5 CONFIG_HASH=17639df044f5f81bbf267f566426eae4a5187875 -GENTOO_CONFIG_VER=5.10.32 +GENTOO_CONFIG_VER=5.10.42 DESCRIPTION="Linux kernel built with Gentoo patches" HOMEPAGE="https://www.kernel.org/" @@ -39,7 +39,7 @@ S=${WORKDIR}/${MY_P} LICENSE="GPL-2" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" -IUSE="debug" +IUSE="debug hardened" REQUIRED_USE="arm? ( savedconfig )" RDEPEND=" @@ -49,6 +49,8 @@ BDEPEND=" PDEPEND=" >=virtual/dist-kernel-${PV}" +QA_FLAGS_IGNORED="usr/src/linux-.*/scripts/gcc-plugins/.*.so" + src_prepare() { local PATCHES=( # meh, genpatches have no directory @@ -78,13 +80,26 @@ src_prepare() { ;; esac - echo 'CONFIG_LOCALVERSION="-gentoo-dist"' > "${T}"/version.config || die + local myversion="-gentoo-dist" + use hardened && myversion+="-hardened" + echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die + local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}" + local merge_configs=( "${T}"/version.config - "${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"/base.config + "${dist_conf_path}"/base.config ) use debug || merge_configs+=( - "${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"/no-debug.config + "${dist_conf_path}"/no-debug.config ) + if use hardened; then + merge_configs+=( "${dist_conf_path}"/hardened-base.config ) + + tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config ) + + if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then + merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" ) + fi + fi kernel-build_merge_configs "${merge_configs[@]}" } diff --git a/sys-kernel/gentoo-kernel/metadata.xml b/sys-kernel/gentoo-kernel/metadata.xml index ff8c39d21f36..66f9b025d77a 100644 --- a/sys-kernel/gentoo-kernel/metadata.xml +++ b/sys-kernel/gentoo-kernel/metadata.xml @@ -6,6 +6,7 @@ <name>Distribution Kernel Project</name> </maintainer> <use> + <flag name="hardened">Use selection of hardening options recommended by Kernel Self Protection Project</flag> <flag name="initramfs">Build initramfs along with the kernel.</flag> </use> </pkgmetadata> |