sys-kernel/hardened-kernel: update v6.6.47 ebuild

net-vpn/amneziawg-linux-kernel-module/amneziawg-linux-kernel-module-1.0.20240711.ebuild

@@ -52,7 +52,7 @@ pkg_postinst() {
 		einfo
 		einfo "You have enabled the module-src USE flag without the module USE"
 		einfo "flag. This means that sources are installed to"
-		einfo "${ROOT}/usr/src/wireguard instead of having the"
+		einfo "${ROOT}/usr/src/amneziawg instead of having the"
 		einfo "kernel module compiled. You will need to compile the module"
 		einfo "yourself. Most likely, you don't want this USE flag, and should"
 		einfo "rather use USE=module"

sys-kernel/hardened-kernel/Manifest

@@ -1,7 +1,18 @@
 AUX linux-6.1.amd64.config 174782 BLAKE2B 0e4a6382a52a14dc8f7fcb7d0912b9509cba70119a4d9818cf30af0a2b1c1d8a47fda164b5190c0916c90d7aaf106c82dcd79b8de9aaf9cb50c97501bd43b5a9 SHA512 dcb15715c26a4790782594c53a4c7614a85b141a5c2bca790189012a115be5bfcdc3119854ced8fa7b6668c4f32d2472b60af975fba262c355181bd6dab5c590
+AUX linux-6.6.amd64.config 181689 BLAKE2B f32a31e26e3ce14e665125bbe80ac7a9d4006197af7f32eb1350d84f91a7b98ec117ca18e6de1a2de928d457ebb0fa351af6b53d109f819fa733f6c4f818ffe0 SHA512 e660cf0c5a8713f36063f71300741d7fb684f41e29d44d69819bdccd57ba1b37c00ee92066128c3c838fd2a2648264e7d44168373ea98314a3c0306c5ec02ff5
 DIST genpatches-6.1-77.base.tar.xz 4198960 BLAKE2B 9c6921ca87ec2c3338107a994d6e094c6bf4ca5a705f21b3efa2803454327782ccf2cefa78b2a1bfa59413402d5d89b757a5522b86943c8c8c5d97592138758a SHA512 34daab45df35b30a5bc155aa82b074f6516bb1af7b2976590f88d88e25f6e8ae369fd1299f7e2f645c045b29d6b805dd07291ab45c212a9aa27df566dd6aca96
 DIST genpatches-6.1-77.extras.tar.xz 3816 BLAKE2B 2129b36991f127c4bb4783a535a2d58bbe8ba9f4f139f7b70bf41a1c54bc2ac9026cdf3e3662f47c28118844ff40b6ad1c8da1c5fa8f1f4edc768fa69cae2083 SHA512 1de0ce45d9a0a1555faa92842f884cbaed8f5e727e4e59cbafc31326c9a183acc4954b2cdba1bec2019466545870ead8b5300f419533e30386aa2a36f6606a9a
+DIST genpatches-6.6-54.base.tar.xz 2922380 BLAKE2B f65404127bb6547208aeddac1996a4a2659bd99ff7429bcaff28247a867c000e962457725eab80db2c76297f1e5c27806dc6fb23e31d5694b6df783e65995227 SHA512 102f721f87478ad18599bb5ff65cd236180dd3d9d058786a5306cb36be3f30a2d2ef684e83b6f458d4de78a196323e87d346eba704bfbce733010aed6ac3d7f9
+DIST genpatches-6.6-54.extras.tar.xz 4060 BLAKE2B 22ea7d143bfe168bc5d9d30832423bcd33b49c1b3b5ddf031000d7d9fce96f6fa0fb1d06fd33b27a5de9c9f3833a139557f0ed7408ef12b23568784ff38ca7a9 SHA512 1b1a229b5923e7f3426139b17608b5feae6061313f7aea66de23f09a54696def39bf4b384c4e884a3e5c758c08e04dcfe1ab7f2aa331db74b59f5e511c6f2c5b
+DIST gentoo-kernel-config-g13.tar.gz 5759 BLAKE2B 831f89078e539c8b4ce244528dfd847c12a45b52d540eb10d85ec0d9deb1c14288d8de12456865c92d16e3523ec3595676787a8f3b79545d76870b0fb68deb5d SHA512 2a7230cce57a67e3333f9a88a311afe4a928e27ce76036747451cb77d3186569ad11d7a5b827748ad53290a17ad63637a8362ca896516f85ff0944a8d68265a6
+DIST kernel-aarch64-fedora.config.6.6.12-gentoo 271041 BLAKE2B 5af7c2f57cd6cd9230d9ab1a539a4b12b02cfdd777f5921b2d69329b171060a8085909a60eed9916aea504e8d9c9d1e907a61f0c6681ac75d5c64864052f821e SHA512 f744444f2840020dce2dc8473e3e562fa53ac1c34a641a9f322c2c7efd8fc4d9b3677479d3a31e705fa60beff0b1beca79ab78ad7dd4b6633d4499bebbfc76bd
+DIST kernel-i686-fedora.config.6.6.12-gentoo 242515 BLAKE2B dbb4df93a5c8ee34d687262cced152a07f412a89ef2e8122429477633424fdac80809ed57a5a6de72de05313ec91f266d37c3494426099621d047c0561ccb57e SHA512 a65fe3299b6d8f89373937d2a782aa1469ebf18954b00bbf2798cee952b9946d7fead795388c079cb508f6d431e49b2812fb6d845c8a0e3861a4a3bd11e81968
+DIST kernel-ppc64le-fedora.config.6.6.12-gentoo 232147 BLAKE2B d67c2ab2d089ecdde3879129d2b1f85a592adae811ed053d00d4ff120e6bb44546bb41d74817be558adb1d669d06f3dd50e6ea542c8a9c2f13672f77f4e4eed5 SHA512 b130b4c57959c0f7be983334b08354640d5e2946bfdd956d6c5b895f816f6177d5fa4bb1c4382cca5c4dd4723aac42e9e89a002b71d86f4eb30f755008f8f9af
+DIST kernel-x86_64-fedora.config.6.6.12-gentoo 243607 BLAKE2B 7e670d37c6471e50aa0ba395570cd0173af0210afe63faa48d7a147327110652e3aab5c339cf10ed22a6a20e81e505aee84311beb21fda3eb577e06ea55ecac8 SHA512 c484403a60670dd006ecbe65240cb00d97e8b3fe22d1169c5b6ccb92bcdbddb3ecd474d2b57880b30baf6a38bcef11fc8d56b8b0b02fcddd859833c3640cdc9c
 DIST linux-6.1.tar.xz 134728520 BLAKE2B ae60257860b2bd1bd708d183f0443afc60ebbd2b3d535c45e44c2e541bd0928530a3b62de6385dd4e4726ebbedcc0a871d4f3ffb4105b9f1f6d8ed7467f5688e SHA512 6ed2a73c2699d0810e54753715635736fc370288ad5ce95c594f2379959b0e418665cd71bc512a0273fe226fe90074d8b10d14c209080a6466498417a4fdda68
+DIST linux-6.6.tar.xz 140064536 BLAKE2B 5f02fd8696d42f7ec8c5fbadec8e7270bdcfcb1f9844a6c4db3e1fd461c93ce1ccda650ca72dceb4890ebcbbf768ba8fba0bce91efc49fbd2c307b04e95665f2 SHA512 458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35
 DIST linux-hardened-6.1.69-hardened1.patch 100238 BLAKE2B 4f5165e261273e040bf4a12e6759ce817e30560562ae129ed2fa76fc20ffc510f8380a1221c743c59b0d1e4c811fa704941bc1a6c02b243857eaaba1ecaebce5 SHA512 17813e6b55a2f6e614a2ec80ceac3cb14fd3beb807cd594dcb47df5456f6b8a5d6396b131cbdabb0582e47b0a7771b0444e97f77d5e57fd899e60550a2c32b01
+DIST linux-hardened-v6.6.47-hardened1.patch 98378 BLAKE2B 8a27a23f968313f3ce30a2654b953ba4e9605ca59cf1203acf9e658a7d6c2af130fcba6f41f11915831ac822d2d53db08b5566e7458e45dd8326725c29a945fb SHA512 267302e27742b502507d04fb12ecb6d3d9e5cd20c2899309408f7dfe4cf88136466005329a2e7c190259dba9b2f4e5d3d575b81acc8a5cc2a3f5b998f20a125c
 EBUILD hardened-kernel-6.1.69.ebuild 2978 BLAKE2B 70f353bd642de513cfd448c763aafa8a98deb0bfbd652d4ca63cff103af370bf851eded7d7a1597de08ae177b72932f5832be0f0c1d02aaac3794b2ed99f7ad1 SHA512 f0df36ced965c4b4ff077f87705f76e18912f302edfff7eeabf52f7905e75432957e68925a6d0b393d6347139c5fd9494bcdbef4d1e9a06af00c49f3c9f9e997
+EBUILD hardened-kernel-6.6.47.ebuild 4163 BLAKE2B a7ed6eb04686511b69bce2b9419f544650a8986df348674e3cbf75bafd3f702f81bea7b62849c9cfca64605fb8bb1658d9fe67da380bbebf70c0447709492d6a SHA512 baf1ac31aca2c0680daff980a96685bc39e62595154004c7c3e675d48e6e9e01cdc9569d642cab835b574a9247ecda8d6d8d8efc3201060a0da57b41c6943284
 MISC metadata.xml 345 BLAKE2B 4003222d76459210cbeba27d68bcef9b42f500dd3dafe53505dae42004c5224eeae395fb30d7582de614654d2fde19d118c8c31fbc35e5335c9150d93f42efc9 SHA512 994d288cd16858bad3177d383a279f0f549ddf40ef87c62683815540b331bd48d4afa4d0c6af947e409c58f8abb5e1da045bb98dc00a422ea724cdf0610d6619

sys-kernel/hardened-kernel/hardened-kernel-6.6.47.ebuild

@@ -0,0 +1,137 @@
+# Copyright 2020-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+KERNEL_IUSE_GENERIC_UKI=1
+KERNEL_IUSE_MODULES_SIGN=1
+
+inherit kernel-build toolchain-funcs
+
+MY_P=linux-${PV%.*}
+GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 7 ))
+CONFIG_VER=6.6.12-gentoo
+GENTOO_CONFIG_VER=g13
+HARDENED_PATCH_VER="${PV}-hardened1"
+GENPATCHES_EXCLUDE="1500_XATTR_USER_PREFIX.patch
+	1510_fs-enable-link-security-restrictions-by-default.patch
+	2900_dev-root-proc-mount-fix.patch
+	4200_fbcondecor.patch
+	4400_alpha-sysctl-uac.patch"
+
+DESCRIPTION="Linux kernel built with Gentoo patches"
+HOMEPAGE="
+	https://wiki.gentoo.org/wiki/Project:Distribution_Kernel
+	https://www.kernel.org/
+"
+SRC_URI+="
+	https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
+	https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz
+	https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz
+	https://github.com/anthraxx/linux-hardened/releases/download/v${HARDENED_PATCH_VER}/linux-hardened-v${HARDENED_PATCH_VER}.patch
+	https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
+		-> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
+	amd64? (
+		https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config
+			-> kernel-x86_64-fedora.config.${CONFIG_VER}
+	)
+	arm64? (
+		https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-aarch64-fedora.config
+			-> kernel-aarch64-fedora.config.${CONFIG_VER}
+	)
+	ppc64? (
+		https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-ppc64le-fedora.config
+			-> kernel-ppc64le-fedora.config.${CONFIG_VER}
+	)
+	x86? (
+		https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-i686-fedora.config
+			-> kernel-i686-fedora.config.${CONFIG_VER}
+	)
+"
+S=${WORKDIR}/${MY_P}
+
+KEYWORDS="amd64 ~arm arm64 ~hppa ~loong ~ppc ppc64 ~riscv ~sparc x86"
+IUSE="debug"
+REQUIRED_USE="
+	arm? ( savedconfig )
+	hppa? ( savedconfig )
+	riscv? ( savedconfig )
+	sparc? ( savedconfig )
+"
+
+RDEPEND="
+	!sys-kernel/gentoo-kernel-bin:${SLOT}
+"
+BDEPEND="
+	debug? ( dev-util/pahole )
+"
+PDEPEND="
+	>=virtual/dist-kernel-${PV}
+"
+
+QA_FLAGS_IGNORED="
+	usr/src/linux-.*/scripts/gcc-plugins/.*.so
+	usr/src/linux-.*/vmlinux
+	usr/src/linux-.*/arch/powerpc/kernel/vdso.*/vdso.*.so.dbg
+"
+
+src_prepare() {
+	# remove some genpatches causes conflicts with linux-hardened patch
+	for patch in ${GENPATCHES_EXCLUDE}; do
+		rm -f ${WORKDIR}/${patch}
+	done
+	# Remove already exists changes in linux-hardened patch
+	sed -i '322,337d' "${WORKDIR}/4567_distro-Gentoo-Kconfig.patch"
+	# include linux-hardened patch with priority
+	cp ${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch ${WORKDIR}/1199_linux-hardened-${HARDENED_PATCH_VER}.patch
+	# copy Clear Linux patches
+	if [ -d "${FILESDIR}"/${MY_P} ]; then
+		cp "${FILESDIR}"/${MY_P}/*.patch ${WORKDIR}/
+	fi
+
+	local PATCHES=(
+		# meh, genpatches have no directory
+		"${WORKDIR}"/*.patch
+	)
+	default
+
+	local biendian=false
+
+	# prepare the default config
+	case ${ARCH} in
+		amd64)
+			cp "${FILESDIR}/linux-6.6.amd64.config" .config || die
+			;;
+		*)
+			die "Unsupported arch ${ARCH}"
+			;;
+	esac
+
+	local myversion="-hardened"
+	echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die
+	local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"
+
+	local merge_configs=(
+		"${T}"/version.config
+	)
+	use debug || merge_configs+=(
+		"${dist_conf_path}"/no-debug.config
+	)
+
+	merge_configs+=( "${dist_conf_path}"/hardened-base.config )
+
+	tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config )
+
+	if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then
+		merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" )
+	fi
+
+	# this covers ppc64 and aarch64_be only for now
+	if [[ ${biendian} == true && $(tc-endian) == big ]]; then
+		merge_configs+=( "${dist_conf_path}/big-endian.config" )
+	fi
+
+	use secureboot && merge_configs+=( "${dist_conf_path}/secureboot.config" )
+
+	kernel-build_merge_configs "${merge_configs[@]}"
+}