From ccdaa94feaf8bd2380f2ce6c3be05b7e99530292 Mon Sep 17 00:00:00 2001 From: Alexander Miroshnichenko Date: Fri, 3 Jul 2020 14:22:40 +0300 Subject: [PATCH] hardened-kernel-5.4.48: update ebuild --- sys-kernel/hardened-kernel/Manifest | 2 +- .../hardened-kernel/hardened-kernel-5.4.48.ebuild | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/sys-kernel/hardened-kernel/Manifest b/sys-kernel/hardened-kernel/Manifest index f980699..7691716 100644 --- a/sys-kernel/hardened-kernel/Manifest +++ b/sys-kernel/hardened-kernel/Manifest @@ -45,5 +45,5 @@ DIST linux-hardened-5.4.48.a.patch 100543 BLAKE2B 48c15ec66ec6ef9c70c5b600b37b12 DIST tinycorelinux-10.1-amd64.qcow2 16842752 BLAKE2B e013e76503c335739a9623c0901ca791937a0e6b177854535cadec1e2c2cd2df588283ed3128cf652595f32264fbfe5b3bd3a8c97665fd4da344e308535be366 SHA512 c3aeb20ff8769da9211694b7f701907cc7ae7582cdfad2c2fdc008d97ebcbd9dc08245b4e8f8450e1cb304bd705345a11fe79f901a47979fee91443841d55641 DIST tinycorelinux-10.1-x86.qcow2 14876672 BLAKE2B 3c760eb7438b13261e52ecfaa33a53649ced95f1ab40aae52134b8cdc31a16d7aa0d6a6dd716e268ed148e9d77a10b7c700b141b61d70c82d271ffe88e8e2a3c SHA512 9964538dc42f232a11949f74b61d46422ea5da3bdc253a217119bd0b8a750c40fd2da0b07157067be9ac0226472614f210a1248114df0d331df390979867a895 EBUILD hardened-kernel-4.19.125.ebuild 2568 BLAKE2B 1c165f8359a5d5926cc866769f0ca7fe8b999e190cc92cd92b253efac18ca6d4bcddb89c1ffe8d83bdcb2249421dd58b7372ec4d74f4f432e874503a8fe2e5ab SHA512 08c7c6ef75a00bbf78ab49a01214230e44a602c51b70ad9d61b49c76a014b6d006d67984a482b3142b9aba835ab819f80bbde0a8adc40eab298fba9e9d3b3742 -EBUILD hardened-kernel-5.4.48.ebuild 2682 BLAKE2B 757684d31a3be43a30670f3d65fb387725f07cff93bb90b95061c23a7732f944d99235cbb22e34c437d28bb963d9c2bb2bdbfc2bfe51fb48d6dacb57e272b20d SHA512 5f8f425ade83c99cb01cbc213397c9716b55edb6fb9bed7dd604b8e789f38733c0829c2cc7612a204223d77ce8ec2084f0df541b5c8edb2680cb2549098b3fd6 +EBUILD hardened-kernel-5.4.48.ebuild 2906 BLAKE2B f6b41e3a4942413ab87d7800005723c6c1782bfdb52386e1283f77e0a8c3d489dafbe94e927b34d80c231391048efff3255f747d6619dfbb2f893a209294957a SHA512 84923b06453a405c0e56ee6ad34b37877707400c4918094baba8ab22063d5f537afd0fd89e19e18a4b7e63a09ebb85f78a1f3a5f7e2c0e8fb761b2dff12a534b MISC metadata.xml 345 BLAKE2B 4003222d76459210cbeba27d68bcef9b42f500dd3dafe53505dae42004c5224eeae395fb30d7582de614654d2fde19d118c8c31fbc35e5335c9150d93f42efc9 SHA512 994d288cd16858bad3177d383a279f0f549ddf40ef87c62683815540b331bd48d4afa4d0c6af947e409c58f8abb5e1da045bb98dc00a422ea724cdf0610d6619 diff --git a/sys-kernel/hardened-kernel/hardened-kernel-5.4.48.ebuild b/sys-kernel/hardened-kernel/hardened-kernel-5.4.48.ebuild index e2178c7..8f79d56 100644 --- a/sys-kernel/hardened-kernel/hardened-kernel-5.4.48.ebuild +++ b/sys-kernel/hardened-kernel/hardened-kernel-5.4.48.ebuild @@ -26,7 +26,9 @@ S=${WORKDIR}/${MY_P} LICENSE="GPL-2" KEYWORDS="~amd64" -IUSE="debug" +IUSE="debug extra-hardened" + +REQUIRED_USE="extra-hardened? ( !debug )" BDEPEND=" !initramfs? ( sys-kernel/initramfs-image ) @@ -69,15 +71,19 @@ src_prepare() { local config_tweaks=( # shove arch under the carpet! -e 's:^CONFIG_DEFAULT_HOSTNAME=:&"gentoo":' - # disable signatures - -e '/CONFIG_MODULE_SIG/d' - -e '/CONFIG_SECURITY_LOCKDOWN/d' # disable compression to allow stripping -e '/CONFIG_MODULE_COMPRESS/d' ) use debug || config_tweaks+=( -e '/CONFIG_DEBUG_INFO/d' ) + use extra-hardened || config_tweaks+=( + # disable signatures + -e '/CONFIG_MODULE_SIG/d' + -e '/CONFIG_SECURITY_LOCKDOWN/d' + # Reqired to be disabled for out of tree kernel modules + -e '/CONFIG_TRIM_UNUSED_KSYMS/d' + ) sed -i "${config_tweaks[@]}" .config || die }