sys-kernel/hardened-sources 6.0 branch initial support

author: Marcin Deranek <marcin.deranek@slonko.net> 2022-10-26 10:49:52 +0200
committer: Marcin Deranek <marcin.deranek@slonko.net> 2022-10-26 10:49:52 +0200
commit: 07f0d87bcd067766662b06d93b87d00613d0e016 (patch)
tree: d987b5f700a7d34aec2288939d256f4be262ea44
parent: ab78ca9e9586e05bf24259b1d0695181cb1c9f9d (diff)
download: portage-07f0d87bcd067766662b06d93b87d00613d0e016.tar.gz
portage-07f0d87bcd067766662b06d93b87d00613d0e016.tar.bz2
portage-07f0d87bcd067766662b06d93b87d00613d0e016.zip
4 files changed, 86 insertions, 0 deletions
diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest
index 7864b71..16d8f26 100644
--- a/sys-kernel/hardened-sources/Manifest
+++ b/sys-kernel/hardened-sources/Manifest
@@ -1,5 +1,6 @@
 AUX 9999_revert-conflicts-v1.patch 969 BLAKE2B 58eb5505076035e7f593b8abba38ca445ae1b630e8dbaa9d24e369681149a58a864814db50331a733c1b4e94dfc13ecc83bd46ad15c805eab974d0b9cdf8e330 SHA512 4ade1f7ba4884345de61433c7f4d6cf76ced2ccab795a9593ec4c3baad45043fe2b2452a21f321b959ae6cfedfd79dcd10c13440ddf80853bf473c5e8b8fc269
 AUX 9999_revert-conflicts-v2.patch 842 BLAKE2B 62c2b60599b1e4d6dfbcff090a1fea8226aa0aa422e3e6e4edb8e70d3eeb15dd8d0123431a91b36fac2857c17e3426db2a77e13b95ec0953597c9f670eaf9e3a SHA512 5f939ca33bb62499e1abfa21caa2df216ac8844df999c6a107ad4cc5814cb80f6e87e7171456349bca1ace5ecc45516b79d80ebcb09b6223f74db11e1ce1346e
+AUX 9999_revert-conflicts-v3.patch 452 BLAKE2B 8f521ba557db6da1c49bae169068f6f9585ce7809df6c3617a87b9ba6d8e26499e884a099a1b0520bd5c2d8955ff9279909402af3962d7762ee2d731671aeed1 SHA512 111c68ed34686e8f06e8db7491ffdf390ac2b1846c1d559177d201ef15297e143a00a9a08ef8f95a487703beec2d463b937174b7e8ef9c7d296aa5d3f841e415
 AUX linux-hardened-gentoo-v1.patch 434 BLAKE2B 97002272c4556335ee45e291a9561afd0a93efe2c7c3e6b2b05aa8a40c26cb61405e8fb5b65cb12c2afd2f67d740d93a9a9a38d9137f1ee92306e68db3100ae1 SHA512 6b8500c51c8757fd0c21cbff96eb70446a2ff692388d1a579492f36a7746217185d7e28a2ad7b218328c3a4afcdc3fb6856d0077cf216b9b33f8e09f48630b55
 AUX linux-hardened-gentoo-v2.patch 462 BLAKE2B 0c50678488df4befd6ffe42b3f54d226db56393f7de40dbcfe11ef8d1f867f61d82e4ef1364e51eaf74dc4de1f7431b14140ef8e03099371746b5ed8ca2273a1 SHA512 1b512c5d861be66273b8ea597c635bb733974069ac9dbd936c7193770d313af951f303cddd33b9cd96b8e26711260aa6017f459342ba0bc1db8f0ebd76a0786f
 DIST genpatches-5.10-158.base.tar.xz 4211444 BLAKE2B 0dc1d053275d080f7e61a280f8311c3da1a1497b929e6d1d4f24a15b7e6b5f4bebd4fdd49fe90137b7a01b5d1f4df60ed7c7bbe0089505a54632618d90b5fa63 SHA512 6630ede665881b848a768b0f959820be4370ea5ecc897e6fe819a186568d11d58373056266c62d858d004153fb894dbc64df48e03098bba4f68b560a5e273b70
@@ -17,19 +18,27 @@ DIST genpatches-5.19-19.extras.tar.xz 3804 BLAKE2B c73e8bb8be2845ada725f71045e69
 DIST genpatches-5.4-224.base.tar.xz 5119576 BLAKE2B 3f5fa9712da6376491d9903759334ca4981a6fc9b24919ba6acb5114ce805333a26052570df1a192dc8e062ee77667b45dac62c309d37b02190e4f8a07640aea SHA512 d433e356e47f0a6be0ba3b41172618f0b9cce634e4227924d62a8487cb74af3ea0c4d3245ee4fd2936d39ed5eb839d52985866b9d796f7e7a84415a6b60f9b50
 DIST genpatches-5.4-224.experimental.tar.xz 16900 BLAKE2B 4f49641399af48b9cfa88e6379a50716cef3c99d7571beda8d675a3d6b48e6a7761638e65685ca0ad8c69f2376442ebfc5ad2601d3d1a7d462caf8d5c91cac00 SHA512 ec203ba70fa1ac631e8a9b3923ad4f47de2ed91a57eb1f9eb18516881ab950be837b4391a5570e7105706cefbc9458730dcbb0db6cd2274e2946530599cd5dd1
 DIST genpatches-5.4-224.extras.tar.xz 1812 BLAKE2B d28183946e63eedcde3ccc19d84baad11b74349abbba19501c0763ae4597150f2ad7397c19396ce07627643cae526e6ef216dfa2166d217e8452719887e7f2bd SHA512 6505c71e0da13992e0abf5ffd31b414b4bcbde4be78abee6e9d402c14eb329e212e85cca77cb79591ba6d66b3f3b4ae2014e57cd8a88b39373a5dc2403f37d26
+DIST genpatches-6.0-4.base.tar.xz 272160 BLAKE2B 3758714884e31f3ddb414d2011752cdf7fd2da9d54b6dd455e9b9ec559c0201fd7753df98a1cba0618f209552419a56ef8747ac0283f794a41769dc41b3844ad SHA512 ef8292b96f10586cbc9a9ba820bed3b3f30ab1e4b90d3452d94b5e44dd4c333818c99bf6cee1272416e83cda424942be84a7aa6f270687192d94a583e8a836c0
+DIST genpatches-6.0-4.experimental.tar.xz 5404 BLAKE2B 103b72e840e612d03dba399397bc6570b630968b4d29ab3d0b17a546adbc22d1ef37f7b0bebd92142085948085b006e22d0647a27faa448018857d8ba8647aff SHA512 5489e40b0c8f2402f4998e19dbb1e864f03c088e603c83d66da86917df694827b1a6092cbc2233b03432f31efb6cd1439e1c6b78c22de37e96eebe9ebdc472ff
+DIST genpatches-6.0-4.extras.tar.xz 3808 BLAKE2B 42c2695cc364ed353e1ccfa945c6f69c2b3c81e32149de5134eeaf2a738b67a952ae33ace111122bf2c58083c81a4e056e8f666693d02c39f6631a7502c36038 SHA512 305cf01975f19237de99a40dfb2a395f0084809f00040296e5ec36ed949b4301cf7887dcd3f6e287945f8d92f3544e84f3ace2ba60d6720ae09458475159132c
 DIST linux-5.10.tar.xz 116606704 BLAKE2B b923d7b66309224f42f35f8a5fa219421b0a9362d2adacdadd8d96251f61f7230878ea297a269a7f3b3c56830f0b177e068691e1d7f88501a05653b0a13274d1 SHA512 95bc137d0cf9148da6a9d1f1a878698dc27b40f68e22c597544010a6c591ce1b256f083489d3ff45ff77753289b535135590194d88ef9f007d0ddab3d74de70e
 DIST linux-5.15.tar.xz 121913744 BLAKE2B 3921274b23f7938abdf3ed9334534b4581e13d7484303d3a5280eddb038999aaa8b836666a487472d9c4a219af0f06b9fecccaf348fb5510ab8762f4ef4b7e83 SHA512 d25ad40b5bcd6a4c6042fd0fd84e196e7a58024734c3e9a484fd0d5d54a0c1d87db8a3c784eff55e43b6f021709dc685eb0efa18d2aec327e4f88a79f405705a
 DIST linux-5.18.tar.xz 129790264 BLAKE2B e2745a69eb70169e90505a9318a3993046eab3020496eecde7d8352ecda0eb71a25b21becf7ce93fc593507dce7d1cd61b94ddcdf82b3094d79c0d3d48508eeb SHA512 dbbc9d1395898a498fa4947fceda1781344fa5d360240f753810daa4fa88e519833e2186c4e582a8f1836e6413e9e85f6563c7770523b704e8702d67622f98b5
 DIST linux-5.19.tar.xz 131581464 BLAKE2B 4db03a6830a3b3bbf0837e1912182a443d9a4aa8af20a12e6ec814ed708038452d3c0ccee1258cca671c464d76461536363a8adc56e9d098c9a44ae3484a297a SHA512 00313b2f9b82d2dc3fb8294007cf7d7599d254b717ed2de23c81fa7a1bbcbc2798ad286cb94e2f7f5bd54132d1d764facd90d30f79dbcc6616cc7f926adc2623
 DIST linux-5.4.tar.xz 109441440 BLAKE2B 193bc4a3147e147d5529956164ec4912fad5d5c6fb07f909ff1056e57235834173194afc686993ccd785c1ff15804de0961b625f3008cca0e27493efc8f27b13 SHA512 9f60f77e8ab972b9438ac648bed17551c8491d6585a5e85f694b2eaa4c623fbc61eb18419b2656b6795eac5deec0edaa04547fc6723fbda52256bd7f3486898f
+DIST linux-6.0.tar.xz 133886176 BLAKE2B c09a9c877ac0fac83dc31d2d04d96f0a3331d4ed78e3ad4edfd4dc077e1c11d0c49f419fdac4008b5c93d1b09c2b724e12ef0b38371ad0962908abf85dfa95fa SHA512 bac41a7aeb6e809616cee2f13dcd1c45e829dfd1ccf60aee1dc4c46b1e28532f4485c7d819a32940de84fdfbf89db80a4e919bce8a74b2948c5a01551771b714
 DIST linux-hardened-5.10.149-hardened1.patch 111171 BLAKE2B 54ff734b7a970b172b011cb50ee366bcf6d80957f1baeb71272e2615ed38caa0a886f2d99fd407108ba36c0300aa21517342a5f647b61eb6a7fbf8fe79ca873b SHA512 292f2b124fadea22cd0b3716b7588d192fede291989914163fe3cea4a905a2bae332f333b3479e2889b48c75360321bca614af2ab91045a3f27ad92e004929db
 DIST linux-hardened-5.15.74-hardened1.patch 107866 BLAKE2B 02116fb1991dd7cf2c32c8951eaab68a92679bbd27e8b6a3cc4ddea08418d95d2509ce39be4089be17f80824f47923f7d78dd3d6c0bd6451c419c767929e2175 SHA512 de4fc6e3b47f4992000e1ec86400c1679d858226cb0ec3078a7cce737a1d3da9be75cf79e8ac5af4c0e0ebdf95f5028e9a569d1b8562dd13f5f51bf902d40a99
 DIST linux-hardened-5.18.19-hardened1.patch 99792 BLAKE2B cd370bf3e517743ce4e8de1cf94246c45ee9195cd417bd42bfd72ae7b00e73db00d8a9f4274dbdee2067eba6b8d725d33c3c373d50db21fd9303a1180a4b5eca SHA512 695a743c1c5bf8316bcdb681f96908cb891d0f707f43e1a2e231daf9529b7ddbc8de52e79a3261f8caaafa6e9fee5300ef339136116167cd77506d3a21c70c47
 DIST linux-hardened-5.19.17-hardened1.patch 99829 BLAKE2B bfe4d8480d94d18e338b6e56c41d87e429cd98fcae1808300294f3680de1222025e52e5cd2d664778d1c3b88dc87d20fab680438148165021109b132d1951a99 SHA512 f558234ca2bb2fa1dc69e400e5ae3ad36ed0fe49100502677f596e5c766926d19607be9a1ebaed64ee73c38d02915ed2f6aa605d543a5a3045f29bb610b77e14
 DIST linux-hardened-5.4.219-hardened1.patch 108239 BLAKE2B 9db307e59fee99a34936a665d50dfb1afa7241b80dabcf60de01bdf32420b4114ebf86756f829d163987c2a96872477133b6b5fcc34e58e255440c875c0a1a23 SHA512 98cb121414107b53f6e8b4904cf975823bdc3d21068d916ee0a708c97ec75471f8f42feecfc85c0f6d2e3860ea62c1dc418d86daa18d08617d417970717f298c
+DIST linux-hardened-6.0.3-hardened1.patch 99892 BLAKE2B 7e8e2bdff3ebbb6169a9de2fc48662813e18f79f25769b59814d1ebe014918361e7389623daa14bb72b51d670c3999b5175e253d91b635fed4b59efd7e06b186 SHA512 5373841cf66c80bf2090a051e6eb8444e5053d9764dfcdb9bc58c348209b4012775cb8bcc78964cfe3e34408e0e306aa7b3707c94e83ab2702aa00fb156b0f38
+DIST linux-hardened-6.0.3-hardened2.patch 102575 BLAKE2B 46fde5e04ef8f697e1739dda43e29b0c312b6c2681147b5722c3cb1e35cba6179dfe461fa889f2d1d5961856b373327dc1af47ce2359f78f31715308f49d1e6d SHA512 7e89b6965f445199b904f24f67fd666c75defbc3cf8c5bea0f6c877583e6689b2e001e3e663b78955e2b6eafd875282d18a4ff9c18136e6c3f191add614b77bc
 EBUILD hardened-sources-5.10.149.ebuild 1151 BLAKE2B e30568b7781e5f073c009f656366dd7f362af623418824768588b2a56f748dc8f307f964fe09fac64b6097c8daf8e94a76fe503a6680d3449330e7ed89a7e0f0 SHA512 54ddeda1dbd45b767e55d237b40a40949068a37161377dd4cafdbb21ba3cc046d3b079fbf20cc4b3466de62e83bc8eea6f488131b66caccc5779f85ca355fe12
 EBUILD hardened-sources-5.15.74.ebuild 1150 BLAKE2B 5899d27afaece5d079b71b0cb51a16beb4eaeb52103ab6436dbcb477d05b8bdf189b2ad048e5390cbbedcfc7ed1c6234305fa0f6d410c8277fa0142404c4f47b SHA512 df6dc44b68995397a552b1bf78bb21ab9c722bf2c1b91a6d9653996a144c834665969440464deef3813e9e1363ad4de5ff6e56730cc70102101d810d1017372a
 EBUILD hardened-sources-5.18.19.ebuild 1152 BLAKE2B e2a6665949656f54b80a3caa47a387e0baa0e062d09c043ba206a8f3090b6f31ebf3a0593e3ea993efca3ab85d6bf8de74f77e4fa049ff2462f2fad192a89e8b SHA512 443a284d3fe6f5b0cc666c9218955fb44cce320edcfdb5561b5378434738b9c3acd241bfdbd2c56a9351c8f30d8b77ee257bea83534a95649ea24b77efb3a10e
 EBUILD hardened-sources-5.19.17.ebuild 1167 BLAKE2B 168195d56c2ec1d0c6fb778910c5b936ff7f14735939527116f2fda4df37037cd6cfb5f65737d366da7b6febb7a46eda843982572c3e95f9544ea936e1591399 SHA512 26216604b21b3b71a526430838b35f7560f6946e50c36601686e3bed92851b61b6ba9cb52fefc0419ec9413519b1ec986d0a2c912db564f5c0d67bd7e5d80f4b
 EBUILD hardened-sources-5.4.219.ebuild 1058 BLAKE2B 78fc75642c7de5020069c503d6e2cd5af2b92e6fbab5aa92efc466d170be124cc1af3c65c4effc04f775f172c0258afa958d642e0845d7103ea091e8e63711e4 SHA512 4703cf58a9c4e4489300d6d129e46d04420c7b55e3d9f1a70e46090c3b0d1e7e1903302b65fb2e2b60cd3568ad462c335289b400f7b58c38b330172eac6b7be2
+EBUILD hardened-sources-6.0.3-r1.ebuild 1108 BLAKE2B 5f67c5451fd0bfa66b7a2783dbdc0cde781871fb3b7dea8c257dfcaef8c08f1debfa9e16f0c1b9871011f089f810efb306120bb701b9423b98463160aa66fa9a SHA512 e4bc0658b970255cd8d26b435615f278581ee73433fe896892a6217e4bee02d2d020a45fa23c8c390b067f29290fe91c3a7f611cdd33f4f0576cd0778a6e38e7
+EBUILD hardened-sources-6.0.3.ebuild 1108 BLAKE2B 9a8eb0673e386fcbad32c51453a8fc2c43a7549b5d11c0b12ee6ec723972ee4d643b8e1b1ec48f8828e6475adcdf12e0d97df139ef5392417e04d327c0ede459 SHA512 a78bfef7a3b8e542bbd5d5a53084ccc61385af9653e8de6f4d9c565821e1489e18358d57f4fa12a3035e338a6d8bb99c3da0ef9bdda3b5d78ff2a4e3ebb4e1b8
 MISC metadata.xml 419 BLAKE2B 12e558e9aeff1016e8ad91fa0bc59fcd2ec5cc8a702a8f12e5c0c94bdb992088c817e6432bfd63e6149f78e8a1b4cb3825a345378575969e0ed8fe3a65b87e06 SHA512 54fb60680dbcacaf6dc21f5bca5083514385a32d680736c16ac1f6ec6ae4d4c33a04440a5b8de192eac96bce2fb288e90e2d0141a2bb92279bd6366396dd3fc7
diff --git a/sys-kernel/hardened-sources/files/9999_revert-conflicts-v3.patch b/sys-kernel/hardened-sources/files/9999_revert-conflicts-v3.patch
new file mode 100644
index 0000000..365adfe
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/9999_revert-conflicts-v3.patch
@@ -0,0 +1,13 @@
+Reverse conflicting patches
+
+--- a/mm/Kconfig
++++ b/mm/Kconfig
+@@ -321,8 +321,6 @@ config KSM
+ config DEFAULT_MMAP_MIN_ADDR
+ 	int "Low address space to protect from user allocation"
+ 	depends on MMU
+-	default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && GENTOO_KERNEL_SELF_PROTECTION
+-	default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION
+ 	default 4096
+ 	help
+ 	  This is the portion of low virtual memory which should be protected
diff --git a/sys-kernel/hardened-sources/hardened-sources-6.0.3-r1.ebuild b/sys-kernel/hardened-sources/hardened-sources-6.0.3-r1.ebuild
new file mode 100644
index 0000000..ce269db
--- /dev/null
+++ b/sys-kernel/hardened-sources/hardened-sources-6.0.3-r1.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+ETYPE="sources"
+K_WANT_GENPATCHES="base extras experimental"
+K_GENPATCHES_VER="4"
+
+inherit kernel-2
+detect_version
+detect_arch
+SUBREL="hardened2"
+HARDENED_URI="https://github.com/anthraxx/linux-hardened/releases/download/${PV}-${SUBREL}/linux-hardened-${PV}-${SUBREL}.patch"
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+HOMEPAGE="https://dev.gentoo.org/~mpagano/genpatches https://github.com/anthraxx/linux-hardened"
+IUSE="experimental"
+UNIPATCH_LIST="${FILESDIR}/9999_revert-conflicts-v3.patch ${DISTDIR}/linux-hardened-${PV}-${SUBREL}.patch"
+UNIPATCH_EXCLUDE="1510_fs-enable-link-security-restrictions-by-default.patch"
+
+DESCRIPTION="Minimal supplement to upstream Kernel Self Protection Project"
+SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${HARDENED_URI} ${ARCH_URI}"
+
+pkg_postinst() {
+	kernel-2_pkg_postinst
+	einfo "For more info on this patchset, and how to report problems, see:"
+	einfo "${HOMEPAGE}"
+}
+
+pkg_postrm() {
+	kernel-2_pkg_postrm
+}
diff --git a/sys-kernel/hardened-sources/hardened-sources-6.0.3.ebuild b/sys-kernel/hardened-sources/hardened-sources-6.0.3.ebuild
new file mode 100644
index 0000000..2d7d448
--- /dev/null
+++ b/sys-kernel/hardened-sources/hardened-sources-6.0.3.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+ETYPE="sources"
+K_WANT_GENPATCHES="base extras experimental"
+K_GENPATCHES_VER="4"
+
+inherit kernel-2
+detect_version
+detect_arch
+SUBREL="hardened1"
+HARDENED_URI="https://github.com/anthraxx/linux-hardened/releases/download/${PV}-${SUBREL}/linux-hardened-${PV}-${SUBREL}.patch"
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+HOMEPAGE="https://dev.gentoo.org/~mpagano/genpatches https://github.com/anthraxx/linux-hardened"
+IUSE="experimental"
+UNIPATCH_LIST="${FILESDIR}/9999_revert-conflicts-v3.patch ${DISTDIR}/linux-hardened-${PV}-${SUBREL}.patch"
+UNIPATCH_EXCLUDE="1510_fs-enable-link-security-restrictions-by-default.patch"
+
+DESCRIPTION="Minimal supplement to upstream Kernel Self Protection Project"
+SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${HARDENED_URI} ${ARCH_URI}"
+
+pkg_postinst() {
+	kernel-2_pkg_postinst
+	einfo "For more info on this patchset, and how to report problems, see:"
+	einfo "${HOMEPAGE}"
+}
+
+pkg_postrm() {
+	kernel-2_pkg_postrm
+}
author	Marcin Deranek <marcin.deranek@slonko.net>	2022-10-26 10:49:52 +0200
committer	Marcin Deranek <marcin.deranek@slonko.net>	2022-10-26 10:49:52 +0200
commit	07f0d87bcd067766662b06d93b87d00613d0e016 (patch)
tree	d987b5f700a7d34aec2288939d256f4be262ea44
parent	ab78ca9e9586e05bf24259b1d0695181cb1c9f9d (diff)
download	portage-07f0d87bcd067766662b06d93b87d00613d0e016.tar.gz portage-07f0d87bcd067766662b06d93b87d00613d0e016.tar.bz2 portage-07f0d87bcd067766662b06d93b87d00613d0e016.zip