Compare commits

...

2 Commits

4 changed files with 1011 additions and 507 deletions

View File

@ -1,19 +1,25 @@
AUX linux-6.1.amd64.config 174782 BLAKE2B 0e4a6382a52a14dc8f7fcb7d0912b9509cba70119a4d9818cf30af0a2b1c1d8a47fda164b5190c0916c90d7aaf106c82dcd79b8de9aaf9cb50c97501bd43b5a9 SHA512 dcb15715c26a4790782594c53a4c7614a85b141a5c2bca790189012a115be5bfcdc3119854ced8fa7b6668c4f32d2472b60af975fba262c355181bd6dab5c590 AUX linux-6.10.amd64.config 186636 BLAKE2B 6863435292024559b924e3a887e3a88720abfc5f84d405fc84541cc61d0959ffa276a793a0933c2e6ae74d17160849101231a45eb9ba95eb3dad1537789a5c54 SHA512 a83fc45b41e54347467ae9c9a22ebf249b2fa9f06d71c396095382003851d70a2c1bd7156781553261b7142bd832432e31312b09250cdb99d36a50ddba6fd0d4
AUX linux-6.6.amd64.config 183290 BLAKE2B 3da242321cba8173f61a9946df4a27276193e2fe7c029ff8ae9e883aeb326efa4d4b65173d4c940b17c1f4c801752871f7737e65862e686e516f8bc85e028f28 SHA512 a949c6875184e005395b527dd58c06ea10e0efd7c1a36eea8139ee61ae7b6c218b54625cc469ae377b5518d87e2ab710f9ecfb9463538d8eae3ed8256fb94227 AUX linux-6.6.amd64.config 183290 BLAKE2B 3da242321cba8173f61a9946df4a27276193e2fe7c029ff8ae9e883aeb326efa4d4b65173d4c940b17c1f4c801752871f7737e65862e686e516f8bc85e028f28 SHA512 a949c6875184e005395b527dd58c06ea10e0efd7c1a36eea8139ee61ae7b6c218b54625cc469ae377b5518d87e2ab710f9ecfb9463538d8eae3ed8256fb94227
DIST genpatches-6.1-77.base.tar.xz 4198960 BLAKE2B 9c6921ca87ec2c3338107a994d6e094c6bf4ca5a705f21b3efa2803454327782ccf2cefa78b2a1bfa59413402d5d89b757a5522b86943c8c8c5d97592138758a SHA512 34daab45df35b30a5bc155aa82b074f6516bb1af7b2976590f88d88e25f6e8ae369fd1299f7e2f645c045b29d6b805dd07291ab45c212a9aa27df566dd6aca96 DIST 6.10.12-1467.tar.gz 1651884 BLAKE2B b4fc2ff81071ca8078bcc4d093cdf19cd3f6ac1debeca809ee0b7ab9e984a825925aebfe0b60c40ba9c5a333ad350eaf943d6603cd134c13cf5a0a4391ab67db SHA512 38b703eb075d8c24215c7ce4f32981854b0628110bf10ba293d74531b2a489f35522f2bd17e1688febf1adfb0eb629bb41d5d91f8572d0f5f35df726d42a5e82
DIST genpatches-6.1-77.extras.tar.xz 3816 BLAKE2B 2129b36991f127c4bb4783a535a2d58bbe8ba9f4f139f7b70bf41a1c54bc2ac9026cdf3e3662f47c28118844ff40b6ad1c8da1c5fa8f1f4edc768fa69cae2083 SHA512 1de0ce45d9a0a1555faa92842f884cbaed8f5e727e4e59cbafc31326c9a183acc4954b2cdba1bec2019466545870ead8b5300f419533e30386aa2a36f6606a9a DIST genpatches-6.10-15.base.tar.xz 774884 BLAKE2B e5363896fadb615a40b43b90c4146f93aee696c0aeff3ceee6a8d60882112f90b8bb1df838a827353d290cfb37aada5b53b673cc21dc611e774a4b7376fd12ad SHA512 dc45ee28cad09a1ea2005e6eed656b4fbe7e9d291571583eaa57388b0b3d08f769bf10752aeb7a519dfd1bad679bf277114fafe49c8243f78b9bd7548935a21f
DIST genpatches-6.10-15.experimental.tar.xz 81216 BLAKE2B c10dab94e0600f2befd04e8d0864cf35adfbdd913fcd7f0606f4e5a34fe6f4cc91136d6380611c358720dfb9d183eab507bccd14a990f7361215ebb8124328c2 SHA512 5d5611d5c46c0b2e341eb65233591bb0540e11225efd77034d20b500cb86dec595e41bd656605c1413f98d2630769544508db717c1198424743ea6ba0a79d7ce
DIST genpatches-6.10-15.extras.tar.xz 4056 BLAKE2B c80ea0b763a9c37e6f3aa5192b712c0acc7849be3dab66c911b175af94a8e8b22afc7cb56a10f7fcd91a34e0ff5d295abebfbfd5de260f86c800e3227a3c651b SHA512 7e50e426d10736a8d3fb51180d58e434097b70b9675bc23b89539834a09ed343772764945925a2e556b1140af8561fa7231622513f185fdaacb81d7763dd6d02
DIST genpatches-6.6-60.base.tar.xz 3204668 BLAKE2B 4076b1d74984ff1777a6d41d6c71a1a67139571314da88597e88ac0bd0067ce49ba7954b26690f8bb21009708e99be5e29abbb6871d8ab7c39740c243efc74d4 SHA512 91d0d2bef786151f9bb94370e26e8cc488a57e8307de018e068c3d4f07ff20cdb59516de1ab6718943286323812b999bf2b43ab63c9a79d70bdc7dd2ece68ee3 DIST genpatches-6.6-60.base.tar.xz 3204668 BLAKE2B 4076b1d74984ff1777a6d41d6c71a1a67139571314da88597e88ac0bd0067ce49ba7954b26690f8bb21009708e99be5e29abbb6871d8ab7c39740c243efc74d4 SHA512 91d0d2bef786151f9bb94370e26e8cc488a57e8307de018e068c3d4f07ff20cdb59516de1ab6718943286323812b999bf2b43ab63c9a79d70bdc7dd2ece68ee3
DIST genpatches-6.6-60.experimental.tar.xz 5760 BLAKE2B e22cfd19c15a752e2a350d6aa80f340020abf778b847f8a93de5502288221d9759205cf5fc6cb174aa732547a06b5029fc3e62326ae53347c15552b604576da1 SHA512 b46d756e1289a5f701fae0c20c5b8892ac031313947a9439e406f175b4ceb195a249b6aa539994b769fe7ca89aa3ef7a5786c08eb516c78becd15e95e792a9c5 DIST genpatches-6.6-60.experimental.tar.xz 5760 BLAKE2B e22cfd19c15a752e2a350d6aa80f340020abf778b847f8a93de5502288221d9759205cf5fc6cb174aa732547a06b5029fc3e62326ae53347c15552b604576da1 SHA512 b46d756e1289a5f701fae0c20c5b8892ac031313947a9439e406f175b4ceb195a249b6aa539994b769fe7ca89aa3ef7a5786c08eb516c78becd15e95e792a9c5
DIST genpatches-6.6-60.extras.tar.xz 4056 BLAKE2B 605705101398b9b0954b1b1050c7a35ca0cf9db76cb8b83a8686e4d895e96cdb5852b82fb47808a811eec73dbdb730550b4bdc09a9ce12c9a6f08f1c5fbcd2fa SHA512 6809450ccae6d26a77195a10997fc1c28408d8b1dd64cbe9985b1364d29ba520f4d1035e55fab34e6f169c92357a30fa95c2a9197da35366b09a5c634b9950a5 DIST genpatches-6.6-60.extras.tar.xz 4056 BLAKE2B 605705101398b9b0954b1b1050c7a35ca0cf9db76cb8b83a8686e4d895e96cdb5852b82fb47808a811eec73dbdb730550b4bdc09a9ce12c9a6f08f1c5fbcd2fa SHA512 6809450ccae6d26a77195a10997fc1c28408d8b1dd64cbe9985b1364d29ba520f4d1035e55fab34e6f169c92357a30fa95c2a9197da35366b09a5c634b9950a5
DIST gentoo-kernel-config-g13.tar.gz 5759 BLAKE2B 831f89078e539c8b4ce244528dfd847c12a45b52d540eb10d85ec0d9deb1c14288d8de12456865c92d16e3523ec3595676787a8f3b79545d76870b0fb68deb5d SHA512 2a7230cce57a67e3333f9a88a311afe4a928e27ce76036747451cb77d3186569ad11d7a5b827748ad53290a17ad63637a8362ca896516f85ff0944a8d68265a6 DIST gentoo-kernel-config-g13.tar.gz 5759 BLAKE2B 831f89078e539c8b4ce244528dfd847c12a45b52d540eb10d85ec0d9deb1c14288d8de12456865c92d16e3523ec3595676787a8f3b79545d76870b0fb68deb5d SHA512 2a7230cce57a67e3333f9a88a311afe4a928e27ce76036747451cb77d3186569ad11d7a5b827748ad53290a17ad63637a8362ca896516f85ff0944a8d68265a6
DIST kernel-aarch64-fedora.config.6.10.1-gentoo 281641 BLAKE2B f4157148dda5fe453b055fea66756e380fbaaf0378b9d1f74044af4ccb5b3da9bc7448e8ec553d30632be1bfe83e961f5751458cc4018d1e8df531251d32e3d8 SHA512 0f5a492318891b295a226f70d5579095ce34d9b547410a1873131c455356ab576b5093b8d1d32a166a01e033802b083e72a7c0f1236495d36ab0d6cd367eebbf
DIST kernel-aarch64-fedora.config.6.6.12-gentoo 271041 BLAKE2B 5af7c2f57cd6cd9230d9ab1a539a4b12b02cfdd777f5921b2d69329b171060a8085909a60eed9916aea504e8d9c9d1e907a61f0c6681ac75d5c64864052f821e SHA512 f744444f2840020dce2dc8473e3e562fa53ac1c34a641a9f322c2c7efd8fc4d9b3677479d3a31e705fa60beff0b1beca79ab78ad7dd4b6633d4499bebbfc76bd DIST kernel-aarch64-fedora.config.6.6.12-gentoo 271041 BLAKE2B 5af7c2f57cd6cd9230d9ab1a539a4b12b02cfdd777f5921b2d69329b171060a8085909a60eed9916aea504e8d9c9d1e907a61f0c6681ac75d5c64864052f821e SHA512 f744444f2840020dce2dc8473e3e562fa53ac1c34a641a9f322c2c7efd8fc4d9b3677479d3a31e705fa60beff0b1beca79ab78ad7dd4b6633d4499bebbfc76bd
DIST kernel-i686-fedora.config.6.10.1-gentoo 250040 BLAKE2B 0cbc4d4a0ae82cb44be5aaad35f1d8beaa30eb829d31edf1a7296acff65ae2773dfa8b7da3cc0c02a08db1f355c7fd4fa080daf97b5d66c9b69c6c1f2e421ede SHA512 eee7747b6160e9caf6429e67d3471c4dd7f0f72a0613c0e19944c86b4e0a8025b737de41b6b072cc88f40331a2b2a780ae60c426957db36ff2015850a6d7bc39
DIST kernel-i686-fedora.config.6.6.12-gentoo 242515 BLAKE2B dbb4df93a5c8ee34d687262cced152a07f412a89ef2e8122429477633424fdac80809ed57a5a6de72de05313ec91f266d37c3494426099621d047c0561ccb57e SHA512 a65fe3299b6d8f89373937d2a782aa1469ebf18954b00bbf2798cee952b9946d7fead795388c079cb508f6d431e49b2812fb6d845c8a0e3861a4a3bd11e81968 DIST kernel-i686-fedora.config.6.6.12-gentoo 242515 BLAKE2B dbb4df93a5c8ee34d687262cced152a07f412a89ef2e8122429477633424fdac80809ed57a5a6de72de05313ec91f266d37c3494426099621d047c0561ccb57e SHA512 a65fe3299b6d8f89373937d2a782aa1469ebf18954b00bbf2798cee952b9946d7fead795388c079cb508f6d431e49b2812fb6d845c8a0e3861a4a3bd11e81968
DIST kernel-ppc64le-fedora.config.6.10.1-gentoo 237077 BLAKE2B a1d816e8015e1c2548c9323e5c595b18ebee2e5d79a9269a3aadc3daee658a2c54fcce97f7182901610fd51dc667c24699345be9e1b28d736d4acf3c41b6b2a5 SHA512 945a529c5dfe3ef92ccb3699d00e28aa1620c4de52fcd611a5c09971bed16a40594c888fa360270fc74b6cf2ea7a973cfa230d35fec4972dcb224d58ec695106
DIST kernel-ppc64le-fedora.config.6.6.12-gentoo 232147 BLAKE2B d67c2ab2d089ecdde3879129d2b1f85a592adae811ed053d00d4ff120e6bb44546bb41d74817be558adb1d669d06f3dd50e6ea542c8a9c2f13672f77f4e4eed5 SHA512 b130b4c57959c0f7be983334b08354640d5e2946bfdd956d6c5b895f816f6177d5fa4bb1c4382cca5c4dd4723aac42e9e89a002b71d86f4eb30f755008f8f9af DIST kernel-ppc64le-fedora.config.6.6.12-gentoo 232147 BLAKE2B d67c2ab2d089ecdde3879129d2b1f85a592adae811ed053d00d4ff120e6bb44546bb41d74817be558adb1d669d06f3dd50e6ea542c8a9c2f13672f77f4e4eed5 SHA512 b130b4c57959c0f7be983334b08354640d5e2946bfdd956d6c5b895f816f6177d5fa4bb1c4382cca5c4dd4723aac42e9e89a002b71d86f4eb30f755008f8f9af
DIST kernel-x86_64-fedora.config.6.10.1-gentoo 251109 BLAKE2B 511862bd42123b8e8072be0d3a2693187713eebc73d8938770b862ffa25e7a6f69225971aa6bbcc1adc0e8d43863514e9f2ed1dc1035f044d9b402e122a6144b SHA512 af5e3c7eb64535f875883e61bbcb018dd1aa25f661d7e4fc985da3165be074037045f97cc2d6b1882edc9d07aa83c78358867c6742babdf19d9515108c74c44c
DIST kernel-x86_64-fedora.config.6.6.12-gentoo 243607 BLAKE2B 7e670d37c6471e50aa0ba395570cd0173af0210afe63faa48d7a147327110652e3aab5c339cf10ed22a6a20e81e505aee84311beb21fda3eb577e06ea55ecac8 SHA512 c484403a60670dd006ecbe65240cb00d97e8b3fe22d1169c5b6ccb92bcdbddb3ecd474d2b57880b30baf6a38bcef11fc8d56b8b0b02fcddd859833c3640cdc9c DIST kernel-x86_64-fedora.config.6.6.12-gentoo 243607 BLAKE2B 7e670d37c6471e50aa0ba395570cd0173af0210afe63faa48d7a147327110652e3aab5c339cf10ed22a6a20e81e505aee84311beb21fda3eb577e06ea55ecac8 SHA512 c484403a60670dd006ecbe65240cb00d97e8b3fe22d1169c5b6ccb92bcdbddb3ecd474d2b57880b30baf6a38bcef11fc8d56b8b0b02fcddd859833c3640cdc9c
DIST linux-6.1.tar.xz 134728520 BLAKE2B ae60257860b2bd1bd708d183f0443afc60ebbd2b3d535c45e44c2e541bd0928530a3b62de6385dd4e4726ebbedcc0a871d4f3ffb4105b9f1f6d8ed7467f5688e SHA512 6ed2a73c2699d0810e54753715635736fc370288ad5ce95c594f2379959b0e418665cd71bc512a0273fe226fe90074d8b10d14c209080a6466498417a4fdda68 DIST linux-6.10.tar.xz 145142812 BLAKE2B bb243ea7493b9d63aa2df2050a3f1ae2b89ee84a20015239cf157e3f4f51c7ac5efedc8a51132b2d7482f9276ac418de6624831c8a3b806130d9c2d2124c539b SHA512 baa2487954044f991d2ae254d77d14a1f0185dd62c9f0fcaff69f586c9f906823017b8db1c4588f27b076dfa3ebb606929fec859f60ea419e7974330b9289cc2
DIST linux-6.6.tar.xz 140064536 BLAKE2B 5f02fd8696d42f7ec8c5fbadec8e7270bdcfcb1f9844a6c4db3e1fd461c93ce1ccda650ca72dceb4890ebcbbf768ba8fba0bce91efc49fbd2c307b04e95665f2 SHA512 458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 DIST linux-6.6.tar.xz 140064536 BLAKE2B 5f02fd8696d42f7ec8c5fbadec8e7270bdcfcb1f9844a6c4db3e1fd461c93ce1ccda650ca72dceb4890ebcbbf768ba8fba0bce91efc49fbd2c307b04e95665f2 SHA512 458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35
DIST linux-hardened-6.1.69-hardened1.patch 100238 BLAKE2B 4f5165e261273e040bf4a12e6759ce817e30560562ae129ed2fa76fc20ffc510f8380a1221c743c59b0d1e4c811fa704941bc1a6c02b243857eaaba1ecaebce5 SHA512 17813e6b55a2f6e614a2ec80ceac3cb14fd3beb807cd594dcb47df5456f6b8a5d6396b131cbdabb0582e47b0a7771b0444e97f77d5e57fd899e60550a2c32b01 DIST linux-hardened-v6.10.12-hardened1.patch 94944 BLAKE2B 0b3cd388f968c271424465fcc7662b4671149f16a373fb9d9d253c3933d0a0c98326b1714ab47463c275942b79b92bb43312dbcd7adc5a4171be350f40f4f0b7 SHA512 92a301621bdf2e405821e288ea700523e538106807c42379ff753c6d1e71f5aa937174fa3b963f9abb502fade11883520569060c8be82a3b17fec9535bee4a80
DIST linux-hardened-v6.6.53-hardened1.patch 98239 BLAKE2B f06c47bc88a9c0b1bf15ee9f6cfef16c4d2a40b167dc005b9233a632c8aebe62fd532d0798bfd3cf9d5df2479f6c66be03d4f26e3ecc13b72b0d5a12d9f7c9d8 SHA512 bc1fd920ff763d725bf188ded906e0524da0eb0ef1358f51b9d93e008b6f305b48376b98d564ae8d667294625d54d9671968af20fc3fd5cf5214ff2a3cab4e26 DIST linux-hardened-v6.6.53-hardened1.patch 98239 BLAKE2B f06c47bc88a9c0b1bf15ee9f6cfef16c4d2a40b167dc005b9233a632c8aebe62fd532d0798bfd3cf9d5df2479f6c66be03d4f26e3ecc13b72b0d5a12d9f7c9d8 SHA512 bc1fd920ff763d725bf188ded906e0524da0eb0ef1358f51b9d93e008b6f305b48376b98d564ae8d667294625d54d9671968af20fc3fd5cf5214ff2a3cab4e26
EBUILD hardened-kernel-6.1.69.ebuild 2978 BLAKE2B 70f353bd642de513cfd448c763aafa8a98deb0bfbd652d4ca63cff103af370bf851eded7d7a1597de08ae177b72932f5832be0f0c1d02aaac3794b2ed99f7ad1 SHA512 f0df36ced965c4b4ff077f87705f76e18912f302edfff7eeabf52f7905e75432957e68925a6d0b393d6347139c5fd9494bcdbef4d1e9a06af00c49f3c9f9e997 EBUILD hardened-kernel-6.10.12.ebuild 5118 BLAKE2B 58141ad153e14ef81a6225efbcee9eca1db1cb150653c1c38ad42cf7cae80fc64ba664604a450b7102bb023afb5d315dae5647ef03be75907749185f6cc0931f SHA512 b8027bfb4639ef5ff0778ea53f63394755bb05be481573bca3bc3dd70d60bf9cf211d6c56c622dcfd39a0ed1f1d944a1b9387b50a339fbac117209167b6bcc3f
EBUILD hardened-kernel-6.6.53.ebuild 4327 BLAKE2B 9f9e97a711087eebf8b12782f5ec5beda1b0754727929f61874e41a404b4d183044d710e3ba857fc0d22249a255826ed95e2591539385bf869604aad364711f2 SHA512 5d4afefcea6fcfe84d2eb23af9cda50a6cd8080cc94df8003f1075752bcef7a3d7f29f8e6065cb0665b464ca6aebd69311a51839ea383a523322e29a5dd249d2 EBUILD hardened-kernel-6.6.53.ebuild 4327 BLAKE2B 9f9e97a711087eebf8b12782f5ec5beda1b0754727929f61874e41a404b4d183044d710e3ba857fc0d22249a255826ed95e2591539385bf869604aad364711f2 SHA512 5d4afefcea6fcfe84d2eb23af9cda50a6cd8080cc94df8003f1075752bcef7a3d7f29f8e6065cb0665b464ca6aebd69311a51839ea383a523322e29a5dd249d2
MISC metadata.xml 345 BLAKE2B 4003222d76459210cbeba27d68bcef9b42f500dd3dafe53505dae42004c5224eeae395fb30d7582de614654d2fde19d118c8c31fbc35e5335c9150d93f42efc9 SHA512 994d288cd16858bad3177d383a279f0f549ddf40ef87c62683815540b331bd48d4afa4d0c6af947e409c58f8abb5e1da045bb98dc00a422ea724cdf0610d6619 MISC metadata.xml 345 BLAKE2B 4003222d76459210cbeba27d68bcef9b42f500dd3dafe53505dae42004c5224eeae395fb30d7582de614654d2fde19d118c8c31fbc35e5335c9150d93f42efc9 SHA512 994d288cd16858bad3177d383a279f0f549ddf40ef87c62683815540b331bd48d4afa4d0c6af947e409c58f8abb5e1da045bb98dc00a422ea724cdf0610d6619

View File

@ -1,100 +0,0 @@
# Copyright 2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit kernel-build
MY_P=linux-${PV%.*}
GENPATCHES_P=genpatches-${PV%.*}-$((${PV##*.}+8))
HARDENED_PATCH_VER="${PV}-hardened1"
GENPATCHES_EXCLUDE="1500_XATTR_USER_PREFIX.patch
1510_fs-enable-link-security-restrictions-by-default.patch
2900_dev-root-proc-mount-fix.patch
4200_fbcondecor.patch
4400_alpha-sysctl-uac.patch
4567_distro-Gentoo-Kconfig.patch"
DESCRIPTION="Linux kernel built with Gentoo patches"
HOMEPAGE="https://www.kernel.org/"
SRC_URI+=" https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz
https://github.com/anthraxx/linux-hardened/releases/download/${HARDENED_PATCH_VER}/linux-hardened-${HARDENED_PATCH_VER}.patch"
S=${WORKDIR}/${MY_P}
LICENSE="GPL-2"
KEYWORDS="~amd64"
IUSE="debug extra-hardened"
REQUIRED_USE="extra-hardened? ( !debug )"
BDEPEND="sys-firmware/intel-microcode
debug? ( dev-util/dwarves )"
RDEPEND="
!sys-kernel/gentoo-kernel:${SLOT}
!sys-kernel/gentoo-kernel-bin:${SLOT}
!sys-kernel/vanilla-kernel:${SLOT}
!sys-kernel/vanilla-kernel-bin:${SLOT}"
RESTRICT="strip"
src_prepare() {
# remove some genpatches causes conflicts with linux-hardened patch
for patch in ${GENPATCHES_EXCLUDE}; do
rm -f ${WORKDIR}/${patch}
done
# include linux-hardened patch with priority
cp ${DISTDIR}/linux-hardened-${HARDENED_PATCH_VER}.patch ${WORKDIR}/1199_linux-hardened-${HARDENED_PATCH_VER}.patch
# copy Clear Linux patches
if [ -d "${FILESDIR}"/${MY_P} ]; then
cp "${FILESDIR}"/${MY_P}/*.patch ${WORKDIR}/
fi
local PATCHES=(
# meh, genpatches have no directory
"${WORKDIR}"/*.patch
)
default
# prepare the default config
case ${ARCH} in
amd64)
cp "${FILESDIR}"/${MY_P}.amd64.config .config || die
;;
*)
die "Unsupported arch ${ARCH}"
;;
esac
local config_tweaks=(
# shove arch under the carpet!
-e 's:^CONFIG_DEFAULT_HOSTNAME=:&"gentoo":'
# disable compression to allow stripping
-e '/CONFIG_MODULE_COMPRESS/d'
)
use debug || config_tweaks+=(
-e '/CONFIG_DEBUG_INFO/d'
)
use extra-hardened || config_tweaks+=(
# disable signatures
-e '/CONFIG_MODULE_SIG/d'
-e '/CONFIG_SECURITY_LOCKDOWN/d'
# Reqired to be disabled for out of tree kernel modules
-e '/CONFIG_TRIM_UNUSED_KSYMS/d'
)
sed -i "${config_tweaks[@]}" .config || die
sed -i "s@\-hardened1@@g" Makefile || die
}
src_install() {
kernel-build_src_install
if [[ -n "${UEFI_SB_KEY}" && -n "${UEFI_SB_CRT}" ]] ;then
sbsign --key ${UEFI_SB_KEY} --cert ${UEFI_SB_CRT} --output ${D}/usr/src/linux-${PV}/arch/x86/boot/bzImage.signed \
${D}/usr/src/linux-${PV}/arch/x86/boot/bzImage && \
mv ${D}/usr/src/linux-${PV}/arch/x86/boot/bzImage.signed ${D}/usr/src/linux-${PV}/arch/x86/boot/bzImage
fi
}

View File

@ -0,0 +1,159 @@
# Copyright 2020-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
KERNEL_IUSE_GENERIC_UKI=1
KERNEL_IUSE_MODULES_SIGN=1
inherit kernel-build toolchain-funcs
MY_P=linux-${PV%.*}
GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 3 ))
CONFIG_VER=6.10.1-gentoo
GENTOO_CONFIG_VER=g13
HARDENED_PATCH_VER="${PV}-hardened1"
CLEARLINUX_PATCH_VER=${PV}-1467
GENPATCHES_EXCLUDE="1500_XATTR_USER_PREFIX.patch
1510_fs-enable-link-security-restrictions-by-default.patch
2900_dev-root-proc-mount-fix.patch
4200_fbcondecor.patch
4400_alpha-sysctl-uac.patch"
CLEARLINUXPATCHES_EXCLUDE="0109-initialize-ata-before-graphics.patch
0118-add-scheduler-turbo3-patch.patch
0132-prezero-20220308.patch
kdf-boottime.patch
0001-mm-memcontrol-add-some-branch-hints-based-on-gcov-an.patch
0117-xattr-allow-setting-user.-attributes-on-symlinks-by-.patch
0133-novector.patch"
DESCRIPTION="Linux kernel built with Gentoo patches"
HOMEPAGE="
https://wiki.gentoo.org/wiki/Project:Distribution_Kernel
https://www.kernel.org/
"
SRC_URI+="
https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz
experimental? (
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.experimental.tar.xz
)
https://github.com/anthraxx/linux-hardened/releases/download/v${HARDENED_PATCH_VER}/linux-hardened-v${HARDENED_PATCH_VER}.patch
https://github.com/clearlinux-pkgs/linux/archive/refs/tags/${CLEARLINUX_PATCH_VER}.tar.gz
https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
-> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
amd64? (
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config
-> kernel-x86_64-fedora.config.${CONFIG_VER}
)
arm64? (
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-aarch64-fedora.config
-> kernel-aarch64-fedora.config.${CONFIG_VER}
)
ppc64? (
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-ppc64le-fedora.config
-> kernel-ppc64le-fedora.config.${CONFIG_VER}
)
x86? (
https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-i686-fedora.config
-> kernel-i686-fedora.config.${CONFIG_VER}
)
"
S=${WORKDIR}/${MY_P}
KEYWORDS="amd64 ~arm arm64 ~hppa ~loong ~ppc ppc64 ~riscv ~sparc x86"
IUSE="debug +experimental"
REQUIRED_USE="
arm? ( savedconfig )
hppa? ( savedconfig )
riscv? ( savedconfig )
sparc? ( savedconfig )
"
RDEPEND="
!sys-kernel/gentoo-kernel-bin:${SLOT}
"
BDEPEND="
debug? ( dev-util/pahole )
"
PDEPEND="
>=virtual/dist-kernel-${PV}
"
QA_FLAGS_IGNORED="
usr/src/linux-.*/scripts/gcc-plugins/.*.so
usr/src/linux-.*/vmlinux
usr/src/linux-.*/arch/powerpc/kernel/vdso.*/vdso.*.so.dbg
"
src_prepare() {
# remove some genpatches causes conflicts with linux-hardened patch
for patch in ${GENPATCHES_EXCLUDE}; do
rm -f ${WORKDIR}/${patch}
done
# Remove already exists changes in linux-hardened patch
sed -i '322,337d' "${WORKDIR}/4567_distro-Gentoo-Kconfig.patch"
# include linux-hardened patch with priority
cp ${DISTDIR}/linux-hardened-v${HARDENED_PATCH_VER}.patch ${WORKDIR}/1199_linux-hardened-${HARDENED_PATCH_VER}.patch
# remove some ClearLinux patches causes conflicts
for patch in ${CLEARLINUXPATCHES_EXCLUDE}; do
rm -f "${WORKDIR}/linux-${CLEARLINUX_PATCH_VER}/${patch}"
sed -i "/${patch}/Id" "${WORKDIR}"/linux-"${CLEARLINUX_PATCH_VER}"/linux.spec
done
local CLP=$(grep "^Patch" "${WORKDIR}"/linux-"${CLEARLINUX_PATCH_VER}"/linux.spec|cut -f2 -d ' '|sed "s@^@"${WORKDIR}"/linux-"${CLEARLINUX_PATCH_VER}"/@g")
local PATCHES=(
# meh, genpatches have no directory
"${WORKDIR}"/*.patch
)
# Add ClearLinux patches list
PATCHES+=(
${CLP}
)
default
sed -i "s@\-hardened1@@g" Makefile || die
local biendian=false
# prepare the default config
case ${ARCH} in
amd64)
cp "${FILESDIR}/${MY_P}.amd64.config" .config || die
;;
*)
die "Unsupported arch ${ARCH}"
;;
esac
local myversion="-hardened"
echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die
local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"
local merge_configs=(
"${T}"/version.config
)
use debug || merge_configs+=(
"${dist_conf_path}"/no-debug.config
)
merge_configs+=( "${dist_conf_path}"/hardened-base.config )
tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config )
if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then
merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" )
fi
# this covers ppc64 and aarch64_be only for now
if [[ ${biendian} == true && $(tc-endian) == big ]]; then
merge_configs+=( "${dist_conf_path}/big-endian.config" )
fi
use secureboot && merge_configs+=( "${dist_conf_path}/secureboot.config" )
kernel-build_merge_configs "${merge_configs[@]}"
}