From ef2489b777e3523bde5a999773696214d1de7c43 Mon Sep 17 00:00:00 2001
From: Alexander Miroshnichenko <alex@millerson.name>
Date: Mon, 13 Oct 2025 17:47:56 +0300
Subject: [PATCH] sys-kernel/hardened-kernel: update SRC_URI

Signed-off-by: Alexander Miroshnichenko <alex@millerson.name>
---
 .../hardened-kernel-6.16.10.ebuild            | 45 +++++++++----------
 sys-kernel/hardened-kernel/metadata.xml       | 13 +++++-
 2 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/sys-kernel/hardened-kernel/hardened-kernel-6.16.10.ebuild b/sys-kernel/hardened-kernel/hardened-kernel-6.16.10.ebuild
index c599610..0c7d21c 100644
--- a/sys-kernel/hardened-kernel/hardened-kernel-6.16.10.ebuild
+++ b/sys-kernel/hardened-kernel/hardened-kernel-6.16.10.ebuild
@@ -27,15 +27,15 @@ HOMEPAGE="
 	https://www.kernel.org/
 "
 SRC_URI+="
-    https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
+	https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
 	https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/patch-${PV}.xz
-    https://dev.gentoo.org/~mgorny/dist/linux/${PATCHSET}.tar.xz
+	https://dev.gentoo.org/~mgorny/dist/linux/${PATCHSET}.tar.xz
 	https://github.com/anthraxx/linux-hardened/releases/download/v${HARDENED_PATCH_VER}/linux-hardened-v${HARDENED_PATCH_VER}.patch
 	https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
 		-> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
-    verify-sig? (
-        https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/sha256sums.asc
-            -> linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc
+	verify-sig? (
+		https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/sha256sums.asc
+			-> linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc
     )
 	amd64? (
 		https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config
@@ -65,8 +65,6 @@ REQUIRED_USE="
 	sparc? ( savedconfig )
 "
 
-RDEPEND="
-"
 BDEPEND="
         debug? ( dev-util/pahole )
         verify-sig? ( >=sec-keys/openpgp-keys-kernel-20250702 )
@@ -84,35 +82,36 @@ QA_FLAGS_IGNORED="
 VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/kernel.org.asc
 
 src_unpack() {
-        if use verify-sig; then
-                cd "${DISTDIR}" || die
-                verify-sig_verify_signed_checksums \
-                        "linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc" \
-                        sha256 "${MY_P}.tar.xz patch-${PV}.xz"
-                cd "${WORKDIR}" || die
-        fi
+	if use verify-sig; then
+	    cd "${DISTDIR}" || die
+	    verify-sig_verify_signed_checksums \
+	            "linux-$(ver_cut 1).x-sha256sums-${SHA256SUM_DATE}.asc" \
+	            sha256 "${MY_P}.tar.xz patch-${PV}.xz"
+	    cd "${WORKDIR}" || die
+	fi
 
-        default
+	default
 }
 
 src_prepare() {
 	local patch
 
-	mkdir ${WORKDIR}/${USER_PATCHSET}
+	mkdir "${WORKDIR}/${USER_PATCHSET}"
 	
 	# remove some genpatches causes conflicts with linux-hardened patch
-	for patch in ${GENPATCHES_EXCLUDE}; do
-		rm -f ${WORKDIR}/${PATCHSET}/${patch}
+	for patch in "${GENPATCHES_EXCLUDE}"; do
+		rm -f "${WORKDIR}/${PATCHSET}/${patch}"
 	done
 	# Remove already exists changes in linux-hardened patch
 	sed -i '344,356d' "${WORKDIR}/${PATCHSET}/0010-Add-Gentoo-Linux-support-config-settings-and-default.patch"
 	# include linux-hardened patch with priority
-	cp ${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch ${WORKDIR}/${USER_PATCHSET}/1198_linux-hardened-${HARDENED_PATCH_VER}.patch
+	cp "${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch" \
+	"${WORKDIR}/${USER_PATCHSET}/1198_linux-hardened-${HARDENED_PATCH_VER}.patch"
 
-    # copy pkg maintainer supplied patches
-    if [ -d "${FILESDIR}/${MY_P}" ]; then
-            cp "${FILESDIR}/${MY_P}"/*.patch ${WORKDIR}/${USER_PATCHSET}/
-    fi
+	# copy pkg maintainer supplied patches
+	if [ -d "${FILESDIR}/${MY_P}" ]; then
+		cp "${FILESDIR}/${MY_P}"/*.patch "${WORKDIR}/${USER_PATCHSET}"/
+	fi
 
 	eapply "${WORKDIR}/patch-${PV}"
 	for patch in "${WORKDIR}/${PATCHSET}"/*.patch; do
diff --git a/sys-kernel/hardened-kernel/metadata.xml b/sys-kernel/hardened-kernel/metadata.xml
index eab4423..ae43806 100644
--- a/sys-kernel/hardened-kernel/metadata.xml
+++ b/sys-kernel/hardened-kernel/metadata.xml
@@ -1,11 +1,20 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
 		<email>alex@millerson.name</email>
 		<name>Alexander Miroshnichenko</name>
 	</maintainer>
 	<use>
-		<flag name='initramfs'>Build initramfs along with the kernel.</flag>
+		<flag name="experimental">
+			Apply experimental patches; for more information, see "https://wiki.gentoo.org/wiki/Project:Kernel/Experimental".
+		</flag>
+		<flag name="hardened">
+			Use selection of hardening options recommended by Kernel Self
+			Protection Project
+		</flag>
+		<flag name="initramfs">
+			Build initramfs along with the kernel.
+		</flag>
 	</use>
 </pkgmetadata>