summaryrefslogtreecommitdiff
path: root/core
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-01-21 09:49:32 +0100
committerErich Eckner <git@eckner.net>2019-01-21 09:49:32 +0100
commit190caffff9a5355a9a31872b800d75bab0fa31ea (patch)
treefa8b0d2d75d7a0bd4e75edac2c5fb2675811364e /core
parentd96f0a09ff22495dba2f19cb05d463d4671fd64d (diff)
parent0653374c47a5c1679d86cfbe251d258151fa018f (diff)
downloadpackages-190caffff9a5355a9a31872b800d75bab0fa31ea.tar.xz
Merge branch 'master' into i486
Diffstat (limited to 'core')
-rw-r--r--core/btrfs-progs/FS#58237.patch16
-rw-r--r--core/btrfs-progs/PKGBUILD0
-rw-r--r--core/kbd/PKGBUILD3
-rw-r--r--core/krb5/PKGBUILD3
-rw-r--r--core/linux/PKGBUILD67
-rw-r--r--core/linux/config.i48643
-rw-r--r--core/linux/config.i68649
-rw-r--r--core/systemd/PKGBUILD9
-rw-r--r--core/systemd/meson-rename-Ddebug-to-Ddebug-extra.patch26
9 files changed, 177 insertions, 39 deletions
diff --git a/core/btrfs-progs/FS#58237.patch b/core/btrfs-progs/FS#58237.patch
deleted file mode 100644
index 21a11fc3..00000000
--- a/core/btrfs-progs/FS#58237.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/utils.c b/utils.c
-index e9cb3a82f..f867e5a7f 100644
---- a/utils.c
-+++ b/utils.c
-@@ -2484,11 +2484,6 @@ const char *subvol_strip_mountpoint(const char *mnt, const char *full_path)
- if (!len)
- return full_path;
-
-- if ((strncmp(mnt, full_path, len) != 0) || (full_path[len] != '/')) {
-- error("not on mount point: %s", mnt);
-- exit(1);
-- }
--
- if (mnt[len - 1] != '/')
- len += 1;
-
diff --git a/core/btrfs-progs/PKGBUILD b/core/btrfs-progs/PKGBUILD
deleted file mode 100644
index e69de29b..00000000
--- a/core/btrfs-progs/PKGBUILD
+++ /dev/null
diff --git a/core/kbd/PKGBUILD b/core/kbd/PKGBUILD
deleted file mode 100644
index 07c900a8..00000000
--- a/core/kbd/PKGBUILD
+++ /dev/null
@@ -1,3 +0,0 @@
-# we still get the FTP links, though trunk uses the proper URLs?!
-source[0]=https://www.kernel.org/pub/linux/utils/${pkgname}/${pkgname}-${pkgver}.tar.gz
-source[1]=https://www.kernel.org/pub/linux/utils/kbd/${pkgname}-${pkgver}.tar.sign
diff --git a/core/krb5/PKGBUILD b/core/krb5/PKGBUILD
deleted file mode 100644
index 66407452..00000000
--- a/core/krb5/PKGBUILD
+++ /dev/null
@@ -1,3 +0,0 @@
-# reported as FS#59284
-source[0]="https://kerberos.org/dist/krb5/1.16/${pkgname}-${pkgver}.tar.gz"
-source[1]="https://kerberos.org/dist/krb5/1.16/${pkgname}-${pkgver}.tar.gz.asc"
diff --git a/core/linux/PKGBUILD b/core/linux/PKGBUILD
index f7b7b3fb..3c60539e 100644
--- a/core/linux/PKGBUILD
+++ b/core/linux/PKGBUILD
@@ -1,12 +1,12 @@
-# upstream git revision: 2edc3f8d648d3f161a9593c0a41332dae246cdfd
+# upstream git revision: 43d12d0306ae85803a356caabd0b384eb917c80e
# fail if upstream's .config changes
for ((i=0; i<${#sha256sums[@]}; i++)); do
- if [ "${sha256sums[${i}]}" = '83d768f19193f6795b8159d81c6775b9f62f4994f2a0d8371ac243e7b0890db8' ]; then
+ if [ "${sha256sums[${i}]}" = '1fc23bd2613b821d8bdca1a33dc421e21de296221108ce047176d27d37ce397f' ]; then
source_i686=('config.i686')
- sha256sums_i686=('fac358ec445aaeafe13b3d5916c2c01304588578632f4d74186f8691acd0419b')
+ sha256sums_i686=('60e271f357e05ced3767c39cd5e49ad3b1cfdae6162846455ea375d224a6e764')
source_i486=('config.i486')
- sha256sums_i486=('8bb140f3f672d6e10bfb652a617d0c161b24980c750d2358cece2b82f8897dcb')
+ sha256sums_i486=('08f9a17d9237ddeea7b2612b72c4f86b1929532e9e3c9ba7d1fab86bc7b432e0')
fi
done
@@ -24,3 +24,62 @@ eval "$(
}
'
)"
+
+# use our tarballer instead of cloning from git
+for ((i=0; i<${#source[@]}; i++)); do
+ infos=$(
+ printf '%s\n' "${source[${i}]}" | \
+ sed -n '
+ s@^\(\([^:]\+\)::\)\?\(git\|hg\)+\([^#?]\+\)\(?signed\)\?#\(\(tag\|commit\)=\S\+\)$@\3 \2 \4 \5 \6@
+ T
+ p
+ '
+ )
+ if [ -n "${infos}" ]; then
+ source[${i}]=$(
+ type="${infos%% *}"
+ infos="${infos#* }"
+ if [ -n "${infos%% *}" ]; then
+ prefix="${infos%% *}"
+ else
+ prefix=''
+ fi
+ infos="${infos#* }"
+ repo="${infos%% *}"
+ repo64=$(
+ printf '%s' "${repo}" | \
+ base64 -w0 | \
+ sed 's/=/%3D/g'
+ )
+ infos="${infos#* }"
+ if [ "${infos%% *}" = '?signed' ]; then
+ key_check=$(
+ printf '&valid_keys='
+ printf '%s,' "${validpgpkeys[@]}" | \
+ sed 's/,$//'
+ )
+ else
+ key_check=''
+ fi
+ infos="${infos#* }"
+ if [ -z "${prefix}" ]; then
+ prefix="${repo%.git}"
+ prefix="${prefix##*/}"
+ fi
+ prefix_64=$(
+ printf '%s/' "${prefix}" | \
+ base64 -w0 | \
+ sed 's/=/%3D/g'
+ )
+
+ printf '%s-%s.tar.gz::https://archive-server.archlinux32.org/?t=%s&p=%s&r=%s%s&%s\n' \
+ "${prefix}" \
+ "${pkgver}" \
+ "${type}" \
+ "${prefix_64}" \
+ "${repo64}" \
+ "${key_check}" \
+ "${infos}"
+ )
+ fi
+done
diff --git a/core/linux/config.i486 b/core/linux/config.i486
index ef6ba599..fd520452 100644
--- a/core/linux/config.i486
+++ b/core/linux/config.i486
@@ -344,7 +344,6 @@ CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -9115,7 +9114,6 @@ CONFIG_EARLY_PRINTK_EFI=y
# CONFIG_EARLY_PRINTK_USB_XDBC is not set
# CONFIG_X86_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
-# CONFIG_DEBUG_WX is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
@@ -9164,10 +9162,8 @@ CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
-# CONFIG_INTEGRITY is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
@@ -9266,7 +9262,6 @@ CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_SM3=m
CONFIG_CRYPTO_TGR192=m
@@ -9501,3 +9496,41 @@ CONFIG_ARCH_HAS_SG_CHAIN=y
CONFIG_SBITMAP=y
CONFIG_PARMAN=m
# CONFIG_STRING_SELFTEST is not set
+# Linux/x86 4.18.8-arch1 Kernel Configuration
+# Compiler: gcc (GCC) 8.2.1 20180831
+CONFIG_GCC_VERSION=80201
+CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
+CONFIG_MODULE_SIG=y
+# CONFIG_MODULE_SIG_FORCE is not set
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
+CONFIG_X86_PTDUMP_CORE=y
+CONFIG_DEBUG_WX=y
+CONFIG_LSM_MMAP_MIN_ADDR=65536
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+# CONFIG_SECURITY_APPARMOR_DEBUG is not set
+CONFIG_INTEGRITY=y
+# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_IMA is not set
+# CONFIG_EVM is not set
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
+CONFIG_CRYPTO_SHA512=y
+# CONFIG_CRYPTO_SPECK is not set
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
diff --git a/core/linux/config.i686 b/core/linux/config.i686
index 5e61428f..f2938cd9 100644
--- a/core/linux/config.i686
+++ b/core/linux/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.18.7-arch1 Kernel Configuration
+# Linux/x86 4.18.10-arch1 Kernel Configuration
#
#
@@ -76,8 +76,11 @@ CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y
# CONFIG_USELIB is not set
-# CONFIG_AUDIT is not set
+CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
#
# IRQ subsystem
@@ -351,7 +354,15 @@ CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+# CONFIG_MODULE_SIG_FORCE is not set
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -1162,6 +1173,7 @@ CONFIG_NETFILTER_XT_SET=m
#
# Xtables targets
#
+# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
@@ -9252,9 +9264,10 @@ CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
CONFIG_EARLY_PRINTK_EFI=y
# CONFIG_EARLY_PRINTK_USB_XDBC is not set
+CONFIG_X86_PTDUMP_CORE=y
# CONFIG_X86_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
-# CONFIG_DEBUG_WX is not set
+CONFIG_DEBUG_WX=y
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
@@ -9295,18 +9308,36 @@ CONFIG_SECURITY_INFINIBAND=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_PATH=y
# CONFIG_INTEL_TXT is not set
+CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
+CONFIG_SECURITY_APPARMOR=y
+CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
+CONFIG_SECURITY_APPARMOR_HASH=y
+CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
+# CONFIG_SECURITY_APPARMOR_DEBUG is not set
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
-# CONFIG_INTEGRITY is not set
+CONFIG_INTEGRITY=y
+# CONFIG_INTEGRITY_SIGNATURE is not set
+CONFIG_INTEGRITY_AUDIT=y
+# CONFIG_IMA is not set
+# CONFIG_EVM is not set
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
@@ -9410,7 +9441,7 @@ CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_SM3=m
CONFIG_CRYPTO_TGR192=m
@@ -9440,7 +9471,7 @@ CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SERPENT_SSE2_586=m
CONFIG_CRYPTO_SM4=m
-CONFIG_CRYPTO_SPECK=m
+# CONFIG_CRYPTO_SPECK is not set
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_TWOFISH_COMMON=m
@@ -9505,6 +9536,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS=""
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
@@ -9563,6 +9595,7 @@ CONFIG_CRC7=m
CONFIG_LIBCRC32C=m
CONFIG_CRC8=m
CONFIG_XXHASH=m
+CONFIG_AUDIT_GENERIC=y
# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_842_COMPRESS=m
CONFIG_842_DECOMPRESS=m
diff --git a/core/systemd/PKGBUILD b/core/systemd/PKGBUILD
new file mode 100644
index 00000000..02cee487
--- /dev/null
+++ b/core/systemd/PKGBUILD
@@ -0,0 +1,9 @@
+source+=('meson-rename-Ddebug-to-Ddebug-extra.patch')
+sha512sums+=('d310e7ea099bd371eb12fb4f474f1518ddc1013612d6a53c3f5777e6a3509eb58c4b5989d31bb04784be70db5d8ca39bff47414456c3fe322194cd7b341ae70c')
+
+eval "$(
+ declare -f prepare | \
+ sed '
+ /patch.*0001.*/a patch -Np1 -i ../meson-rename-Ddebug-to-Ddebug-extra.patch
+ '
+)"
diff --git a/core/systemd/meson-rename-Ddebug-to-Ddebug-extra.patch b/core/systemd/meson-rename-Ddebug-to-Ddebug-extra.patch
new file mode 100644
index 00000000..12607f2a
--- /dev/null
+++ b/core/systemd/meson-rename-Ddebug-to-Ddebug-extra.patch
@@ -0,0 +1,26 @@
+diff --git a/meson.build b/meson.build
+index 88a470a..1d864e3 100644
+--- a/meson.build
++++ b/meson.build
+@@ -765,7 +765,7 @@ substs.set('DEBUGTTY', get_option('debug-tty'))
+
+ enable_debug_hashmap = false
+ enable_debug_mmap_cache = false
+-foreach name : get_option('debug')
++foreach name : get_option('debug-extra')
+ if name == 'hashmap'
+ enable_debug_hashmap = true
+ elif name == 'mmap-cache'
+diff --git a/meson_options.txt b/meson_options.txt
+index 16c1f2b..dc7951b 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -46,7 +46,7 @@ option('debug-shell', type : 'string', value : '/bin/sh',
+ description : 'path to debug shell binary')
+ option('debug-tty', type : 'string', value : '/dev/tty9',
+ description : 'specify the tty device for debug shell')
+-option('debug', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
++option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache'], value : [],
+ description : 'enable extra debugging')
+ option('memory-accounting-default', type : 'boolean',
+ description : 'enable MemoryAccounting= by default')