index : packages | |
Archlinux32 package modifications | gitolite user |
summaryrefslogtreecommitdiff |
author | Andreas Baumann <mail@andreasbaumann.cc> | 2022-09-16 15:26:50 +0200 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2022-09-16 15:26:50 +0200 |
commit | 19221c0b7f56050d5fafe927b523a842697a3322 (patch) | |
tree | ff7016ec960b74d1cb361c3178a08990253d1e3f /core | |
parent | 04360e1bece3b2980bf95ed6b07350243b8875e5 (diff) | |
parent | 11719c85c724e7a64b0a63c530c78e1b70fe986e (diff) |
-rw-r--r-- | core/linux-lts/PKGBUILD | 6 | ||||
-rw-r--r-- | core/linux-lts/config | 47 | ||||
-rw-r--r-- | core/linux/PKGBUILD | 9 |
diff --git a/core/linux-lts/PKGBUILD b/core/linux-lts/PKGBUILD index 197add57..50e5c7c5 100644 --- a/core/linux-lts/PKGBUILD +++ b/core/linux-lts/PKGBUILD @@ -1,9 +1,9 @@ -# upstream git revision: 6aa5a8cbca3e38cb94f0fe3eec4286c62dc8f2c0 +# upstream git revision: 2bace7269d365b0e593042c6743abe56d25c8742 # fail if upstream's .config changes for ((i=0; i<${#sha256sums[@]}; i++)); do - if [ "${sha256sums[${i}]}" = '522a85c0853ecb070f58d969ea1c65982f945d5a7d7748702116a551573aa6d9' ]; then - sha256sums[${i}]='7871536874148ec97e110c4836790d933b51c1099234369a66e0ecf495cf88f3' + if [ "${sha256sums[${i}]}" = '2609c913efdfb43a4f3f8094f08595fc708e8e66c0260964b73433d6d3d4a54a' ]; then + sha256sums[${i}]='0881239c86e2bebe6e61b474b40e871179d5833b28fc9a9b3646133806c363e2' fi done diff --git a/core/linux-lts/config b/core/linux-lts/config index bbaca0a5..a564a73e 100644 --- a/core/linux-lts/config +++ b/core/linux-lts/config @@ -1,10 +1,10 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.52 Kernel Configuration +# Linux/x86 5.15.64 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=110200 +CONFIG_GCC_VERSION=120100 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23800 @@ -115,7 +115,7 @@ CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y # CONFIG_BPF_PRELOAD is not set CONFIG_BPF_LSM=y # end of BPF subsystem @@ -123,7 +123,7 @@ CONFIG_BPF_LSM=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set -# CONFIG_SCHED_CORE is not set +CONFIG_SCHED_CORE=y # # CPU/Task time and stats accounting @@ -329,7 +329,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y CONFIG_X86_CPU_RESCTRL=y # CONFIG_X86_BIGSMP is not set # CONFIG_X86_EXTENDED_PLATFORM is not set @@ -486,6 +485,11 @@ CONFIG_HOTPLUG_CPU=y CONFIG_MODIFY_LDT_SYSCALL=y # end of Processor type and features +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y # @@ -727,6 +731,7 @@ CONFIG_HAVE_KPROBES_ON_FTRACE=y CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y CONFIG_HAVE_NMI=y CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y CONFIG_HAVE_ARCH_TRACEHOOK=y CONFIG_HAVE_DMA_CONTIGUOUS=y CONFIG_GENERIC_SMP_IDLE_THREAD=y @@ -1010,7 +1015,9 @@ CONFIG_SECRETMEM=y # # Data Access Monitoring # -# CONFIG_DAMON is not set +CONFIG_DAMON=y +CONFIG_DAMON_VADDR=y +CONFIG_DAMON_DBGFS=y # end of Data Access Monitoring # end of Memory Management options @@ -10220,28 +10227,39 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set CONFIG_SECURITY_LANDLOCK=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="landlock,lockdown,yama,bpf" +CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" # # Kernel hardening options # -CONFIG_GCC_PLUGIN_STRUCTLEAK=y # # Memory initialization # +CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y +CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y # CONFIG_INIT_STACK_NONE is not set # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set -CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y -# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_INIT_STACK_ALL_PATTERN is not set +CONFIG_INIT_STACK_ALL_ZERO=y # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set @@ -10348,7 +10366,6 @@ CONFIG_CRYPTO_CRC32=m CONFIG_CRYPTO_CRC32_PCLMUL=m CONFIG_CRYPTO_XXHASH=m CONFIG_CRYPTO_BLAKE2B=m -CONFIG_CRYPTO_BLAKE2S=m CONFIG_CRYPTO_CRCT10DIF=y CONFIG_CRYPTO_GHASH=m CONFIG_CRYPTO_POLY1305=m @@ -10602,6 +10619,7 @@ CONFIG_LRU_CACHE=m CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_SIGNATURE=y CONFIG_DIMLIB=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y @@ -10899,7 +10917,6 @@ CONFIG_IO_STRICT_DEVMEM=y # # x86 Debugging # -CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y CONFIG_EARLY_PRINTK_USB=y # CONFIG_X86_VERBOSE_BOOTUP is not set CONFIG_EARLY_PRINTK=y @@ -10977,7 +10994,7 @@ CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_FPU is not set # CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set CONFIG_ARCH_USE_MEMTEST=y -# CONFIG_MEMTEST is not set +CONFIG_MEMTEST=y # CONFIG_HYPERV_TESTING is not set # end of Kernel Testing and Coverage # end of Kernel hacking diff --git a/core/linux/PKGBUILD b/core/linux/PKGBUILD index 0921f075..6131c7cc 100644 --- a/core/linux/PKGBUILD +++ b/core/linux/PKGBUILD @@ -29,9 +29,18 @@ eval "$( a \ install -t "${builddir}/arch/x86" -m644 arch/x86/Makefile_32.cpu } + /}/ i depends+=(gcc-libs=$(get_gcc_version_from_config)) ' )" +get_gcc_version_from_config() { + sed ' + s/^CONFIG_CC_VERSION_TEXT="gcc (GCC) \([0-9.]\+\)"$/\1/ + t + d + ' "$_srcname/.config" +} + # use our tarballer instead of cloning from git for ((i=0; i<${#source[@]}; i++)); do infos=$( |