sys-kernel/hardened-kernel: update SRC_URI
Signed-off-by: Alexander Miroshnichenko <alex@millerson.name>
This commit is contained in:
parent
b3935cf52c
commit
ef2489b777
@ -27,15 +27,15 @@ HOMEPAGE="
|
||||
https://www.kernel.org/
|
||||
"
|
||||
SRC_URI+="
|
||||
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
|
||||
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
|
||||
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/patch-${PV}.xz
|
||||
https://dev.gentoo.org/~mgorny/dist/linux/${PATCHSET}.tar.xz
|
||||
https://dev.gentoo.org/~mgorny/dist/linux/${PATCHSET}.tar.xz
|
||||
https://github.com/anthraxx/linux-hardened/releases/download/v${HARDENED_PATCH_VER}/linux-hardened-v${HARDENED_PATCH_VER}.patch
|
||||
https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
|
||||
-> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
|
||||
verify-sig? (
|
||||
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/sha256sums.asc
|
||||
-> linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc
|
||||
verify-sig? (
|
||||
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/sha256sums.asc
|
||||
-> linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc
|
||||
)
|
||||
amd64? (
|
||||
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config
|
||||
@ -65,8 +65,6 @@ REQUIRED_USE="
|
||||
sparc? ( savedconfig )
|
||||
"
|
||||
|
||||
RDEPEND="
|
||||
"
|
||||
BDEPEND="
|
||||
debug? ( dev-util/pahole )
|
||||
verify-sig? ( >=sec-keys/openpgp-keys-kernel-20250702 )
|
||||
@ -84,35 +82,36 @@ QA_FLAGS_IGNORED="
|
||||
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/kernel.org.asc
|
||||
|
||||
src_unpack() {
|
||||
if use verify-sig; then
|
||||
cd "${DISTDIR}" || die
|
||||
verify-sig_verify_signed_checksums \
|
||||
"linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc" \
|
||||
sha256 "${MY_P}.tar.xz patch-${PV}.xz"
|
||||
cd "${WORKDIR}" || die
|
||||
fi
|
||||
if use verify-sig; then
|
||||
cd "${DISTDIR}" || die
|
||||
verify-sig_verify_signed_checksums \
|
||||
"linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc" \
|
||||
sha256 "${MY_P}.tar.xz patch-${PV}.xz"
|
||||
cd "${WORKDIR}" || die
|
||||
fi
|
||||
|
||||
default
|
||||
default
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
local patch
|
||||
|
||||
mkdir ${WORKDIR}/${USER_PATCHSET}
|
||||
mkdir "${WORKDIR}/${USER_PATCHSET}"
|
||||
|
||||
# remove some genpatches causes conflicts with linux-hardened patch
|
||||
for patch in ${GENPATCHES_EXCLUDE}; do
|
||||
rm -f ${WORKDIR}/${PATCHSET}/${patch}
|
||||
for patch in "${GENPATCHES_EXCLUDE}"; do
|
||||
rm -f "${WORKDIR}/${PATCHSET}/${patch}"
|
||||
done
|
||||
# Remove already exists changes in linux-hardened patch
|
||||
sed -i '344,356d' "${WORKDIR}/${PATCHSET}/0010-Add-Gentoo-Linux-support-config-settings-and-default.patch"
|
||||
# include linux-hardened patch with priority
|
||||
cp ${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch ${WORKDIR}/${USER_PATCHSET}/1198_linux-hardened-${HARDENED_PATCH_VER}.patch
|
||||
cp "${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch" \
|
||||
"${WORKDIR}/${USER_PATCHSET}/1198_linux-hardened-${HARDENED_PATCH_VER}.patch"
|
||||
|
||||
# copy pkg maintainer supplied patches
|
||||
if [ -d "${FILESDIR}/${MY_P}" ]; then
|
||||
cp "${FILESDIR}/${MY_P}"/*.patch ${WORKDIR}/${USER_PATCHSET}/
|
||||
fi
|
||||
# copy pkg maintainer supplied patches
|
||||
if [ -d "${FILESDIR}/${MY_P}" ]; then
|
||||
cp "${FILESDIR}/${MY_P}"/*.patch "${WORKDIR}/${USER_PATCHSET}"/
|
||||
fi
|
||||
|
||||
eapply "${WORKDIR}/patch-${PV}"
|
||||
for patch in "${WORKDIR}/${PATCHSET}"/*.patch; do
|
||||
|
||||
@ -1,11 +1,20 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
|
||||
<pkgmetadata>
|
||||
<maintainer type="person">
|
||||
<email>alex@millerson.name</email>
|
||||
<name>Alexander Miroshnichenko</name>
|
||||
</maintainer>
|
||||
<use>
|
||||
<flag name='initramfs'>Build initramfs along with the kernel.</flag>
|
||||
<flag name="experimental">
|
||||
Apply experimental patches; for more information, see "https://wiki.gentoo.org/wiki/Project:Kernel/Experimental".
|
||||
</flag>
|
||||
<flag name="hardened">
|
||||
Use selection of hardening options recommended by Kernel Self
|
||||
Protection Project
|
||||
</flag>
|
||||
<flag name="initramfs">
|
||||
Build initramfs along with the kernel.
|
||||
</flag>
|
||||
</use>
|
||||
</pkgmetadata>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user