Djam/kernel-6.6
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-6.6.git synced 2025-02-26 12:22:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
598 commits 5 branches 18 tags 12 MiB
Commit graph

598 commits

This branch
This branch
All branches
Author SHA1 Message Date
Evgenii Shatokhin
34e76862b9 Updated configs and AUFS patch for kernel 5.4.3 
AUFS patch was rediffed manually due to missing upstream version for kernel 5.4
 2019-12-16 16:09:18 +03:00
Mikhail Novosyolov
f439835bb0 Upd to 5.4 series (v5.4.2), rediffed patches, disabled AUFS for now 2019-12-12 15:30:51 +03:00
Mikhail Novosyolov
eb0db6c1dd allow unsigned modules 2019-12-09 19:50:34 +03:00
Mikhail Novosyolov
12362ac8e3 Use GOST for signing kernel modules 2019-12-09 19:50:15 +03:00
Mikhail Novosyolov
efe34d83a7 upd: 5.3.11 -> 5.3.15 2019-12-07 20:39:47 +03:00
Mikhail Novosyolov
cd6077c83d test libressl, step 1 2019-12-01 02:03:15 +03:00
Mikhail Novosyolov
c9df52aa4c Allow to rebuild allowing unsigned modules (needed for testing custom modules from rosa-test-suite e.g.) 2019-11-21 21:17:42 +03:00
Mikhail Novosyolov
a71dd0a80d Use relative path to certs directory, use "" 
Fixes reading PEM with trusted keys (for some reason...)
 2019-11-19 22:30:42 +03:00
Mikhail Novosyolov
32ae7451b8 debug: print public certificates to log 2019-11-19 00:24:49 +03:00
Mikhail Novosyolov
a7f7bf8598 Explicitly enable CONFIG_SYSTEM_EXTRA_CERTIFICATE (is enabled in Kconfig by default) 2019-11-18 21:25:13 +03:00
Mikhail Novosyolov
aa3a5337f4 Use CONFIG_SYSTEM_TRUSTED_KEYS for propper configuration of trusted keys (currently no keys were trusted) 2019-11-18 18:57:48 +03:00
Evgenii Shatokhin
81f0f6a4db Updated to version 5.3.11 2019-11-18 00:16:32 +03:00
Mikhail Novosyolov
722ec1fea5 Reenable CONFIG_MODULE_SIG_ALL=y 2019-11-18 00:12:28 +03:00
Mikhail Novosyolov
e185c46feb Fix key valid till date, it was valid only for 30 days 
$ openssl x509 -enddate -noout -in full_key0.pem
notAfter=Sep  6 16:04:17 2319 GMT
 2019-11-17 19:12:14 +03:00
Mikhail Novosyolov
1d8979272b Add additional public keys to the list of trusted keys for kernel modules 2019-11-17 17:21:25 +03:00
Mikhail Novosyolov
3d57d87ee7 Improve x509 config based on kernel's certs/Makefile 2019-11-17 16:09:47 +03:00
Mikhail Novosyolov
179d4d367c Provide kernel-hardended if with enhanced_security 
This may be useful e.g. if we attach an additional sysctl by a hardening patch like ebcecf9f12 and then enable that sysctl from another package. That package should require kernel-hardened.
 2019-11-17 15:18:28 +03:00
Mikhail Novosyolov
eea783a594 Fix more copy-paste junk from desktop flavour 
Extends commit 95c7ee5355
 2019-11-17 15:12:03 +03:00
Mikhail Novosyolov
236b8ce3a6 Avoid tricky shell construction 
It sometimes failed:

environment: line 4: 1
7+1: syntax error in expression (error token is "7+1")
 2019-11-14 08:52:35 +03:00
Mikhail Novosyolov
3eca49b16a Enable wiping objects in RAM with enhanced_security 2019-11-14 08:52:35 +03:00
Mikhail Novosyolov
95c7ee5355 Fix copy-paste typo (fix filelist of debuginfo package) 2019-11-14 00:20:41 +03:00
Mikhail Novosyolov
b46067ee17 Manually sign modules after stripping 2019-11-13 18:18:59 +03:00
Evgenii Shatokhin
2076e438cd Added more filters to kernel.rpmlintrc 
* "E: unstripped-binary-or-object" - debuginfo package has such files
* "W: non-executable-script", "W: script-without-shebang" - kernel
packages have many special scripts which are not expected to be called
directly.
 2019-11-12 16:40:21 +03:00
Mikhail Novosyolov
6e1e792676 enhanced_security logically conflicts with dkms 2019-11-12 16:16:27 +03:00
Mikhail Novosyolov
9674247130 Enable debug what will also strip kernel modules 2019-11-12 16:07:05 +03:00
Alexander Stefanov
26660b3500 strip kernel modules 2019-11-12 15:41:56 +03:00
Mikhail Novosyolov
300bd5e2db Improve regexp for email 
Previous regexp assumed that first level domain is <=4 symbols,
but modern domain zones are longer, e.g. email foo@foo.forex
was incorrectly considered invalid by the old regexp

Move this stuff from macro expansion to the script itself:
the new regexp does not work inside RPM-invoked shell due to
further subshells being invoked by '()' in the regexp
(I don't know how to deal with it, `shopt -u expand_aliases` does not help)

[ Regexp is from logist/wl.cgi ]
 2019-11-12 04:10:17 +03:00
Mikhail Novosyolov
cc3afd8669 Fix parsing hexdump output 
hexdump output on i586 contained odd symbol '|' in the line where the word 'Modules' began,
it broke previously used awk command.
 2019-11-12 01:32:36 +03:00
Mikhail Novosyolov
4dc2157aaa upd: 5.3.7 -> 5.3.10 2019-11-12 01:07:30 +03:00
Mikhail Novosyolov
f76f4d007e Off unneeded logging to decrease build log size 2019-11-11 23:48:27 +03:00
Mikhail Novosyolov
9a76adb348 Better removal of private keys 2019-11-11 23:04:21 +03:00
Mikhail Novosyolov
f8e79286b3 Rename from nrj-desktop to nickel if built with hardening 
Nickel may be not the best name but I don't have better ideas.
 2019-11-11 22:56:06 +03:00
Mikhail Novosyolov
f05348d4fa Verify that modules are signed (multithreaded) 2019-11-11 22:55:51 +03:00
Mikhail Novosyolov
3a8564ce81 Implement signing kernel modules 2019-11-11 20:40:40 +03:00
Mikhail Novosyolov
95836da65c Merge branch 'master' of abf.io:kernels_stable/kernel-5.3 
eshatokhin@: CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE is not used since
mainline commit be6ec88f41ba "selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE",
so it is not set here.
 2019-11-11 15:27:16 +03:00
Evgenii Shatokhin
5b69a49e46 Updated to version 5.3.7 2019-10-18 13:57:15 +03:00
Mikhail Novosyolov
d43e01981e Fix kernel opts for booting in enforcing selinux mode 
1f5dcdbf22

eshatokhin@: CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE is not used since
mainline commit be6ec88f41ba "selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE",
so it is not set here.
 2019-10-07 11:18:31 +03:00
Mikhail Novosyolov
1f5dcdbf22 Fix kernel opts for booting in enforcing selinux mode 2019-10-07 01:35:53 +03:00
Evgenii Shatokhin
7a64052e96 Updated to version 5.3.4 2019-10-06 17:17:55 +03:00
Evgenii Shatokhin
6e76e58193 Revisited the list of files for the devel package 2019-09-24 18:37:26 +03:00
Evgenii Shatokhin
a89c2e9bda Removed sanitize-memory.patch 
Starting from the mainline kernel 5.3, it is no longer needed. See

  commit 6471384af2a6530696fc0203bafe4de41a23c9ef
  Author: Alexander Potapenko <glider@google.com>
  Date:   Thu Jul 11 20:59:19 2019 -0700

      mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
 2019-09-24 18:36:02 +03:00
Evgenii Shatokhin
4ca3b2aeb5 Updated to version 5.3.1 2019-09-24 18:31:28 +03:00
Evgenii Shatokhin
17e88f1815 Updated to version 5.2.14 2019-09-11 15:49:01 +03:00
Evgenii Shatokhin
ea6f6b95f9 Updated to version 5.2.7 2019-08-07 15:59:12 +03:00
Evgenii Shatokhin
55fa1145d5 Re-diffed fs-aufs.patch for the kernel 5.2.5+ 2019-08-05 11:48:36 +03:00
Evgenii Shatokhin
bbfcc7091f Updated to version 5.2.6 2019-08-05 11:35:18 +03:00
Evgenii Shatokhin
9d21195523 Updated to version 5.2.5 2019-07-31 16:56:44 +03:00
Evgenii Shatokhin
d0260ef581 Updated to version 5.2.2 2019-07-22 13:30:14 +03:00
Evgenii Shatokhin
7b533a4517 Stable-based kernels have no Ubuntu-specific files 2019-07-22 10:55:21 +03:00
Evgenii Shatokhin
668c472445 Fixed the name of the list file 2019-07-21 23:50:25 +03:00