From b6848a76dde6adbf9605a709e520205a5809625c Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 8 Jul 2022 14:34:33 +0200 Subject: core/linux: new version => new config => new checksum --- core/linux/PKGBUILD | 10 +++++----- core/linux/config.i486 | 35 ++++++++++++++++++++++++----------- core/linux/config.i686 | 35 ++++++++++++++++++++++++----------- core/linux/config.pentium4 | 35 ++++++++++++++++++++++++----------- 4 files changed, 77 insertions(+), 38 deletions(-) diff --git a/core/linux/PKGBUILD b/core/linux/PKGBUILD index c2737777..be4c5e4c 100644 --- a/core/linux/PKGBUILD +++ b/core/linux/PKGBUILD @@ -1,14 +1,14 @@ -# upstream git revision: b4a6fe53e9b1e3bb10ac76b6c5f12eb410569df8 +# upstream git revision: 6aa5a8cbca3e38cb94f0fe3eec4286c62dc8f2c0 source_pentium4=('config.pentium4') source_i686=('config.i686') source_i486=('config.i486') # fail if upstream's .config changes for ((i=0; i<${#sha256sums[@]}; i++)); do - if [ "${sha256sums[${i}]}" = '9f4fda38f1c59f7a20a76eff48a0cb302cb0e8e55bda53ec0f1807e10dcdad3a' ]; then - sha256sums_pentium4=('b5223b02d30a8f52e3f5f8a828534a4df3c2fe0bc7ed3b002c2e2398e7ad7cc3') - sha256sums_i686=('fab7cf50f772d90c270cbcdf624f40e959a4cbca12934f865b97f024510ca1d1') - sha256sums_i486=('a1cf1cdefdeeeb705377d23b4d761b4da30a8d20da8871dff4f03502bc804296') + if [ "${sha256sums[${i}]}" = '382aa201a6a6939210dd8668ab052724547b4bd489b38e97502bbd0848061b35' ]; then + sha256sums_pentium4=('011673966442c745c7a8274a82643e1266802fa57e48637e05a917556deb7432') + sha256sums_i686=('53c146b8c627f3320668499e2658899bde87d03ee08d61ca46923f3667bf4141') + sha256sums_i486=('d604acf74ef20808fa47bbeefec7af37e26ce1f245d69c597d8888c0fa1d24d1') fi done diff --git a/core/linux/config.i486 b/core/linux/config.i486 index 15c3399e..e21ab5ee 100644 --- a/core/linux/config.i486 +++ b/core/linux/config.i486 @@ -1,16 +1,18 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.18.3-arch1 Kernel Configuration +# Linux/x86 5.18.9-arch1 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=120100 +CONFIG_GCC_VERSION=110200 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23800 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=23800 CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y @@ -185,6 +187,7 @@ CONFIG_UCLAMP_BUCKETS_COUNT=5 CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC12_NO_ARRAY_BOUNDS=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y CONFIG_MEMCG=y @@ -331,7 +334,6 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set CONFIG_RETPOLINE=y -CONFIG_CC_HAS_SLS=y CONFIG_X86_CPU_RESCTRL=y CONFIG_X86_BIGSMP=y # CONFIG_X86_EXTENDED_PLATFORM is not set @@ -10409,14 +10411,24 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set CONFIG_SECURITY_LANDLOCK=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="landlock,lockdown,yama,bpf" +CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" # # Kernel hardening options @@ -10425,11 +10437,10 @@ CONFIG_LSM="landlock,lockdown,yama,bpf" # # Memory initialization # -CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y -CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y -# CONFIG_INIT_STACK_NONE is not set -# CONFIG_INIT_STACK_ALL_PATTERN is not set -CONFIG_INIT_STACK_ALL_ZERO=y +CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set @@ -10700,6 +10711,7 @@ CONFIG_CRYPTO_LIB_SM3=m CONFIG_CRYPTO_LIB_SM4=m # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=m CONFIG_CRC_T10DIF=y @@ -10792,6 +10804,7 @@ CONFIG_LRU_CACHE=m CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_SIGNATURE=y CONFIG_DIMLIB=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y diff --git a/core/linux/config.i686 b/core/linux/config.i686 index fe53db64..d0db3598 100644 --- a/core/linux/config.i686 +++ b/core/linux/config.i686 @@ -1,16 +1,18 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.18.3-arch1 Kernel Configuration +# Linux/x86 5.18.9-arch1 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=120100 +CONFIG_GCC_VERSION=110200 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23800 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=23800 CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y @@ -185,6 +187,7 @@ CONFIG_UCLAMP_BUCKETS_COUNT=5 CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC12_NO_ARRAY_BOUNDS=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y CONFIG_MEMCG=y @@ -331,7 +334,6 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set CONFIG_RETPOLINE=y -CONFIG_CC_HAS_SLS=y CONFIG_X86_CPU_RESCTRL=y CONFIG_X86_BIGSMP=y # CONFIG_X86_EXTENDED_PLATFORM is not set @@ -10476,14 +10478,24 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set CONFIG_SECURITY_LANDLOCK=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="landlock,lockdown,yama,bpf" +CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" # # Kernel hardening options @@ -10492,11 +10504,10 @@ CONFIG_LSM="landlock,lockdown,yama,bpf" # # Memory initialization # -CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y -CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y -# CONFIG_INIT_STACK_NONE is not set -# CONFIG_INIT_STACK_ALL_PATTERN is not set -CONFIG_INIT_STACK_ALL_ZERO=y +CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set @@ -10767,6 +10778,7 @@ CONFIG_CRYPTO_LIB_SM3=m CONFIG_CRYPTO_LIB_SM4=m # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=m CONFIG_CRC_T10DIF=y @@ -10859,6 +10871,7 @@ CONFIG_LRU_CACHE=m CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_SIGNATURE=y CONFIG_DIMLIB=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y diff --git a/core/linux/config.pentium4 b/core/linux/config.pentium4 index 88af0d16..21e992ef 100644 --- a/core/linux/config.pentium4 +++ b/core/linux/config.pentium4 @@ -1,16 +1,18 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.18.3-arch1 Kernel Configuration +# Linux/x86 5.18.9-arch1 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.1.0" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=120100 +CONFIG_GCC_VERSION=110200 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23800 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=23800 CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y @@ -185,6 +187,7 @@ CONFIG_UCLAMP_BUCKETS_COUNT=5 CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC12_NO_ARRAY_BOUNDS=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y CONFIG_MEMCG=y @@ -331,7 +334,6 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set CONFIG_RETPOLINE=y -CONFIG_CC_HAS_SLS=y CONFIG_X86_CPU_RESCTRL=y CONFIG_X86_BIGSMP=y # CONFIG_X86_EXTENDED_PLATFORM is not set @@ -10476,14 +10478,24 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y # CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set # CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set CONFIG_SECURITY_LANDLOCK=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +CONFIG_INTEGRITY_SIGNATURE=y +CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +CONFIG_INTEGRITY_TRUSTED_KEYRING=y +CONFIG_INTEGRITY_PLATFORM_KEYRING=y +CONFIG_INTEGRITY_MACHINE_KEYRING=y +CONFIG_LOAD_UEFI_KEYS=y +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set # CONFIG_DEFAULT_SECURITY_SMACK is not set # CONFIG_DEFAULT_SECURITY_TOMOYO is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="landlock,lockdown,yama,bpf" +CONFIG_LSM="landlock,lockdown,yama,integrity,bpf" # # Kernel hardening options @@ -10492,11 +10504,10 @@ CONFIG_LSM="landlock,lockdown,yama,bpf" # # Memory initialization # -CONFIG_CC_HAS_AUTO_VAR_INIT_PATTERN=y -CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO=y -# CONFIG_INIT_STACK_NONE is not set -# CONFIG_INIT_STACK_ALL_PATTERN is not set -CONFIG_INIT_STACK_ALL_ZERO=y +CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set @@ -10767,6 +10778,7 @@ CONFIG_CRYPTO_LIB_SM3=m CONFIG_CRYPTO_LIB_SM4=m # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=m CONFIG_CRC_T10DIF=y @@ -10859,6 +10871,7 @@ CONFIG_LRU_CACHE=m CONFIG_CLZ_TAB=y CONFIG_IRQ_POLL=y CONFIG_MPILIB=y +CONFIG_SIGNATURE=y CONFIG_DIMLIB=y CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y -- cgit v1.2.3-70-g09d2