diff options
author | Michał Górny <mgorny@gentoo.org> | 2023-05-11 06:56:07 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2023-05-11 09:55:43 +0200 |
commit | f1ae1d391a96cf461a26ee7ff102b84f726dabb0 (patch) | |
tree | 294692b9b3167cc673aafb8774c8a7ef9779f5af /sys-kernel/gentoo-kernel/gentoo-kernel-6.3.1-r1.ebuild | |
parent | dev-python/cvxopt: Add missing dep on dev-python/sphinx-rtd-theme (diff) | |
download | gentoo-f1ae1d391a96cf461a26ee7ff102b84f726dabb0.tar.gz gentoo-f1ae1d391a96cf461a26ee7ff102b84f726dabb0.tar.bz2 gentoo-f1ae1d391a96cf461a26ee7ff102b84f726dabb0.zip |
sys-kernel/gentoo-kernel: Backport CVE-2023-32233 fix to 6.3.1-r1
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'sys-kernel/gentoo-kernel/gentoo-kernel-6.3.1-r1.ebuild')
-rw-r--r-- | sys-kernel/gentoo-kernel/gentoo-kernel-6.3.1-r1.ebuild | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/sys-kernel/gentoo-kernel/gentoo-kernel-6.3.1-r1.ebuild b/sys-kernel/gentoo-kernel/gentoo-kernel-6.3.1-r1.ebuild new file mode 100644 index 000000000000..7832a0fc4616 --- /dev/null +++ b/sys-kernel/gentoo-kernel/gentoo-kernel-6.3.1-r1.ebuild @@ -0,0 +1,140 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit kernel-build toolchain-funcs + +MY_P=linux-${PV%.*} +GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 2 )) +# https://koji.fedoraproject.org/koji/packageinfo?packageID=8 +# forked to https://github.com/projg2/fedora-kernel-config-for-gentoo +CONFIG_VER=6.3.1-gentoo +GENTOO_CONFIG_VER=g7 + +DESCRIPTION="Linux kernel built with Gentoo patches" +HOMEPAGE=" + https://wiki.gentoo.org/wiki/Project:Distribution_Kernel + https://www.kernel.org/ +" +SRC_URI+=" + https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz + https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz + https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz + https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz + -> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz + amd64? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config + -> kernel-x86_64-fedora.config.${CONFIG_VER} + ) + arm64? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-aarch64-fedora.config + -> kernel-aarch64-fedora.config.${CONFIG_VER} + ) + ppc64? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-ppc64le-fedora.config + -> kernel-ppc64le-fedora.config.${CONFIG_VER} + ) + x86? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-i686-fedora.config + -> kernel-i686-fedora.config.${CONFIG_VER} + ) +" +S=${WORKDIR}/${MY_P} + +LICENSE="GPL-2" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~x86" +IUSE="debug hardened" +REQUIRED_USE="arm? ( savedconfig ) + hppa? ( savedconfig ) + riscv? ( savedconfig )" + +RDEPEND=" + !sys-kernel/gentoo-kernel-bin:${SLOT} +" +BDEPEND=" + debug? ( dev-util/pahole ) +" +PDEPEND=" + >=virtual/dist-kernel-${PV} +" + +QA_FLAGS_IGNORED=" + usr/src/linux-.*/scripts/gcc-plugins/.*.so + usr/src/linux-.*/vmlinux + usr/src/linux-.*/arch/powerpc/kernel/vdso.*/vdso.*.so.dbg +" + +src_prepare() { + local PATCHES=( + # meh, genpatches have no directory + "${WORKDIR}"/*.patch + ) + default + + local biendian=false + + # prepare the default config + case ${ARCH} in + amd64) + cp "${DISTDIR}/kernel-x86_64-fedora.config.${CONFIG_VER}" .config || die + ;; + arm) + return + ;; + arm64) + cp "${DISTDIR}/kernel-aarch64-fedora.config.${CONFIG_VER}" .config || die + biendian=true + ;; + hppa) + return + ;; + ppc) + # assume powermac/powerbook defconfig + # we still package.use.force savedconfig + cp "${WORKDIR}/${MY_P}/arch/powerpc/configs/pmac32_defconfig" .config || die + ;; + ppc64) + cp "${DISTDIR}/kernel-ppc64le-fedora.config.${CONFIG_VER}" .config || die + biendian=true + ;; + riscv) + return + ;; + x86) + cp "${DISTDIR}/kernel-i686-fedora.config.${CONFIG_VER}" .config || die + ;; + *) + die "Unsupported arch ${ARCH}" + ;; + esac + + local myversion="-gentoo-dist" + use hardened && myversion+="-hardened" + echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die + local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}" + + local merge_configs=( + "${T}"/version.config + "${dist_conf_path}"/base.config + ) + use debug || merge_configs+=( + "${dist_conf_path}"/no-debug.config + ) + if use hardened; then + merge_configs+=( "${dist_conf_path}"/hardened-base.config ) + + tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config ) + + if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then + merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" ) + fi + fi + + # this covers ppc64 and aarch64_be only for now + if [[ ${biendian} == true && $(tc-endian) == big ]]; then + merge_configs+=( "${dist_conf_path}/big-endian.config" ) + fi + + kernel-build_merge_configs "${merge_configs[@]}" +} |