diff options
-rw-r--r-- | core/linux/PKGBUILD | 8 | ||||
-rw-r--r-- | core/linux/config.i486 | 43 | ||||
-rw-r--r-- | core/linux/config.i686 | 49 |
3 files changed, 83 insertions, 17 deletions
diff --git a/core/linux/PKGBUILD b/core/linux/PKGBUILD index f7b7b3fb..6254ac8e 100644 --- a/core/linux/PKGBUILD +++ b/core/linux/PKGBUILD @@ -1,12 +1,12 @@ -# upstream git revision: 2edc3f8d648d3f161a9593c0a41332dae246cdfd +# upstream git revision: 43d12d0306ae85803a356caabd0b384eb917c80e # fail if upstream's .config changes for ((i=0; i<${#sha256sums[@]}; i++)); do - if [ "${sha256sums[${i}]}" = '83d768f19193f6795b8159d81c6775b9f62f4994f2a0d8371ac243e7b0890db8' ]; then + if [ "${sha256sums[${i}]}" = '1fc23bd2613b821d8bdca1a33dc421e21de296221108ce047176d27d37ce397f' ]; then source_i686=('config.i686') - sha256sums_i686=('fac358ec445aaeafe13b3d5916c2c01304588578632f4d74186f8691acd0419b') + sha256sums_i686=('fc137a9706f7b1e2f9deb49f3a750834320fceee0944ce584e2c4341bb9ca2c6') source_i486=('config.i486') - sha256sums_i486=('8bb140f3f672d6e10bfb652a617d0c161b24980c750d2358cece2b82f8897dcb') + sha256sums_i486=('08f9a17d9237ddeea7b2612b72c4f86b1929532e9e3c9ba7d1fab86bc7b432e0') fi done diff --git a/core/linux/config.i486 b/core/linux/config.i486 index ef6ba599..fd520452 100644 --- a/core/linux/config.i486 +++ b/core/linux/config.i486 @@ -344,7 +344,6 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set CONFIG_MODULE_COMPRESS=y # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=y @@ -9115,7 +9114,6 @@ CONFIG_EARLY_PRINTK_EFI=y # CONFIG_EARLY_PRINTK_USB_XDBC is not set # CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_WX is not set CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y @@ -9164,10 +9162,8 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y -# CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m @@ -9266,7 +9262,6 @@ CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_SM3=m CONFIG_CRYPTO_TGR192=m @@ -9501,3 +9496,41 @@ CONFIG_ARCH_HAS_SG_CHAIN=y CONFIG_SBITMAP=y CONFIG_PARMAN=m # CONFIG_STRING_SELFTEST is not set +# Linux/x86 4.18.8-arch1 Kernel Configuration +# Compiler: gcc (GCC) 8.2.1 20180831 +CONFIG_GCC_VERSION=80201 +CONFIG_HAVE_RCU_TABLE_INVALIDATE=y +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" +CONFIG_X86_PTDUMP_CORE=y +CONFIG_DEBUG_WX=y +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 +CONFIG_SECURITY_APPARMOR=y +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_EVM is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set +CONFIG_CRYPTO_SHA512=y +# CONFIG_CRYPTO_SPECK is not set +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" diff --git a/core/linux/config.i686 b/core/linux/config.i686 index 5e61428f..1c811e9b 100644 --- a/core/linux/config.i686 +++ b/core/linux/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.18.7-arch1 Kernel Configuration +# Linux/x86 4.18.9-arch1 Kernel Configuration # # @@ -76,8 +76,11 @@ CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y CONFIG_CROSS_MEMORY_ATTACH=y # CONFIG_USELIB is not set -# CONFIG_AUDIT is not set +CONFIG_AUDIT=y CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y +CONFIG_AUDIT_WATCH=y +CONFIG_AUDIT_TREE=y # # IRQ subsystem @@ -351,7 +354,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=y @@ -1162,6 +1173,7 @@ CONFIG_NETFILTER_XT_SET=m # # Xtables targets # +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m @@ -9252,9 +9264,10 @@ CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set CONFIG_EARLY_PRINTK_EFI=y # CONFIG_EARLY_PRINTK_USB_XDBC is not set +CONFIG_X86_PTDUMP_CORE=y # CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_WX is not set +CONFIG_DEBUG_WX=y CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y @@ -9295,18 +9308,36 @@ CONFIG_SECURITY_INFINIBAND=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set +CONFIG_SECURITY_APPARMOR=y +CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y -# CONFIG_INTEGRITY is not set +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_EVM is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m @@ -9410,7 +9441,7 @@ CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_SM3=m CONFIG_CRYPTO_TGR192=m @@ -9440,7 +9471,7 @@ CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SERPENT_SSE2_586=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m +# CONFIG_CRYPTO_SPECK is not set CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m @@ -9505,6 +9536,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set @@ -9563,6 +9595,7 @@ CONFIG_CRC7=m CONFIG_LIBCRC32C=m CONFIG_CRC8=m CONFIG_XXHASH=m +CONFIG_AUDIT_GENERIC=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_842_COMPRESS=m CONFIG_842_DECOMPRESS=m |