Updated to 5.0.10.a

Added bdver2 greysky patch Minor formattting changes
author: jc_gargma <jc_gargma@iserlohn-fortress.net> 2019-05-01 18:40:06 -0700
committer: jc_gargma <jc_gargma@iserlohn-fortress.net> 2019-05-01 18:40:06 -0700
commit: ac8b66e1d690064828784a04da462386e0575dd2 (patch)
tree: 5ff1216168bd61df789d3ff5f2d4a0ea14ef29cd
parent: Typo (diff)
download: linux-hardened-ck-ac8b66e1d690064828784a04da462386e0575dd2.tar.xz
3 files changed, 44 insertions, 16 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 979e517..033f095 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@
 
 # # I maintain this because:
 # Arch version patch script does not apply consistently
-# Arch version lacks ath9k, greysky2, and raid6 patches
+# Arch version lacks ath9k, bdver2, greysky2, and raid6 patches
 # Arch version lacks ck patches
 # Arch version allows SEED, SM3, SM4, and Streebog
 # Arch version is 300 Hz
@@ -17,7 +17,7 @@
 
 pkgbase=linux-hardened-ck
 _majver=5.0
-_minver=7
+_minver=10
 _pkgver=${_majver}.${_minver}
 _hardenedver=a
 _ckpatchversion=1
@@ -33,30 +33,33 @@ license=('GPL2')
 makedepends=('xmlto' 'kmod' 'inetutils' 'bc' 'libelf')
 conflicts=('linux-libre-hardened-ck')
 options=('!strip')
-source=("https://www.kernel.org/pub/linux/kernel/v5.x/linux-$_pkgver.tar".{xz,sign}
+source=(
+        https://www.kernel.org/pub/linux/kernel/v5.x/linux-$_pkgver.tar.{xz,sign}
         https://github.com/anthraxx/linux-hardened/releases/download/${pkgver}/linux-hardened-${pkgver}.patch{,.sig}
         remove-excess-ck-extraversion.patch
         modify-ck-for-hardened.patch
         http://ck.kolivas.org/patches/5.0/${_majver}/${_majver}-ck${_ckpatchversion}/${_ckpatch}.xz
         enable_additional_cpu_optimizations-$_gcc_more_v.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/$_gcc_more_v.tar.gz
+        bdver2-fix-for-graysky.patch
         ath9k-regdom-hack.patch
         raid6-default-algo.patch
         config.x86_64  # the main kernel config files
         60-linux.hook  # pacman hook for depmod
         90-linux.hook  # pacman hook for initramfs regeneration
         linux.preset   # standard config files for mkinitcpio ramdisk
-)
-sha256sums=('16e177662b9fc7255bfc51018513979f6effcbe52e459c543aa83a5b15ef54ec'
+       )
+sha256sums=('ea1c1323c2c7e70bebf5463619b543f9bc353730b44ac62d9efadd4fe5625e76'
             'SKIP'
-            '250494afb2dce0c4805223b32a3abad2c146d628c7b972c361ae3e7fa3ea8ee6'
+            'da6aff1ea5e2c39987fea2fc5a67b7ef5419a6ba9ed728c94f89ce888b543a12'
             'SKIP'
             '2a551169f8cbb424900372fe698ae9003fbcad3614a46ca3f56b103f9c1ea763'
             'b6defd1ef672b73631ecfa79fc204d6219175f333b53d86af668c1e1a9b6288e'
             '661f64bbd8bf49afcc7c760c4148b2e2108511a1eadcae917cfe6056a83d8476'
             '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d'
+            'd35338c92d0dbf27ffedaf100bd852dd13fd9b5d49b12a10b91194a2ae654447'
             'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503'
             '0f81d6e4158b7beeb0eb514f1b9401f7e23699cb0f7b0d513e25dae1815daaeb'
-            'ac3205c67d310da26a03e84874012113fdd4c128ab79449bafd3d248f30365df'
+            '2cfaad4fccd60af062761bba0549f817d2d7efe0c603c529c9b5b2f8bbb9f011'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
@@ -77,7 +80,7 @@ prepare() {
 #  patch -Np1 < ../patch-${_majver}-${_pkgver}
 
   # Hotfixes
-#   msg2 "Applying hotfixes"
+  # msg2 "Applying hotfixes"
 
   # linux hardened patch
   msg2 "Applying hardened patch"
@@ -97,12 +100,16 @@ prepare() {
   msg2 "Applying graysky2 cpu patch"
   patch -p1 -i ../kernel_gcc_patch-${_gcc_more_v}/enable_additional_cpu_optimizations_for_gcc_v8.1+_kernel_v4.13+.patch
 
+  # Fix stack warnings and ldconfig segfaults on bdver2 with graysky2 gcc patch
+  msg2 "Applying bdver2 fix for graysky2 cpu patch"
+  patch -p1 -i ../bdver2-fix-for-graysky.patch
+
   # Ignore ath9k eeprom patch
   msg2 "Applying ath9k patch"
   patch -p1 -i ../ath9k-regdom-hack.patch
 
   # Set default raid6 algo patch
-  msg " Applying raid6 patch"
+  msg2 " Applying raid6 patch"
   patch -p1 -i ../raid6-default-algo.patch
 
 
diff --git a/bdver2-fix-for-graysky.patch b/bdver2-fix-for-graysky.patch
new file mode 100644
index 0000000..b7e5402
--- /dev/null
+++ b/bdver2-fix-for-graysky.patch
@@ -0,0 +1,11 @@
+--- a/arch/x86/Makefile
++++ b/arch/x86/Makefile
+@@ -492,7 +492,7 @@
+         cflags-$(CONFIG_MBOBCAT) += $(call cc-option,-march=btver1)
+         cflags-$(CONFIG_MJAGUAR) += $(call cc-option,-march=btver2)
+         cflags-$(CONFIG_MBULLDOZER) += $(call cc-option,-march=bdver1)
+-        cflags-$(CONFIG_MPILEDRIVER) += $(call cc-option,-march=bdver2)
++        cflags-$(CONFIG_MPILEDRIVER) += $(call cc-option,-march=bdver2) $(call cc-option,-mno-tbm)
+         cflags-$(CONFIG_MSTEAMROLLER) += $(call cc-option,-march=bdver3)
+         cflags-$(CONFIG_MEXCAVATOR) += $(call cc-option,-march=bdver4)
+         cflags-$(CONFIG_MZEN) += $(call cc-option,-march=znver1)
diff --git a/config.x86_64 b/config.x86_64
index ddae83b..34a4adc 100644
--- a/config.x86_64
+++ b/config.x86_64
@@ -1,13 +1,13 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.0.7 Kernel Configuration
+# Linux/x86 5.0.10 Kernel Configuration
 #
 
 #
-# Compiler: gcc (GCC) 8.2.1 20181127
+# Compiler: gcc (GCC) 8.3.0
 #
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=80201
+CONFIG_GCC_VERSION=80300
 CONFIG_CLANG_VERSION=0
 CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_IRQ_WORK=y
@@ -3016,7 +3016,7 @@ CONFIG_IXGBE=m
 CONFIG_IXGBE_HWMON=y
 CONFIG_IXGBE_DCA=y
 CONFIG_IXGBE_DCB=y
-CONFIG_IXGBE_IPSEC=y
+# CONFIG_IXGBE_IPSEC is not set
 CONFIG_IXGBEVF=m
 CONFIG_IXGBEVF_IPSEC=y
 CONFIG_I40E=m
@@ -4107,6 +4107,7 @@ CONFIG_N_HDLC=m
 CONFIG_N_GSM=m
 CONFIG_TRACE_ROUTER=m
 CONFIG_TRACE_SINK=m
+CONFIG_LDISC_AUTOLOAD=y
 # CONFIG_DEVMEM is not set
 # CONFIG_DEVKMEM is not set
 
@@ -4193,7 +4194,6 @@ CONFIG_HW_RANDOM_AMD=m
 CONFIG_HW_RANDOM_VIA=m
 CONFIG_HW_RANDOM_VIRTIO=m
 CONFIG_NVRAM=m
-CONFIG_R3964=m
 CONFIG_APPLICOM=m
 
 #
@@ -9255,8 +9255,16 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
 # CONFIG_SECURITY_SELINUX_DISABLE is not set
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
-# CONFIG_SECURITY_SMACK is not set
-# CONFIG_SECURITY_TOMOYO is not set
+CONFIG_SECURITY_SMACK=y
+CONFIG_SECURITY_SMACK_BRINGUP=y
+CONFIG_SECURITY_SMACK_NETFILTER=y
+CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y
+CONFIG_SECURITY_TOMOYO=y
+CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
+CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
+# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
+CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 CONFIG_SECURITY_APPARMOR_HASH=y
@@ -9270,6 +9278,8 @@ CONFIG_INTEGRITY_AUDIT=y
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
 # CONFIG_DEFAULT_SECURITY_SELINUX is not set
+# CONFIG_DEFAULT_SECURITY_SMACK is not set
+# CONFIG_DEFAULT_SECURITY_TOMOYO is not set
 # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
author	jc_gargma <jc_gargma@iserlohn-fortress.net>	2019-05-01 18:40:06 -0700
committer	jc_gargma <jc_gargma@iserlohn-fortress.net>	2019-05-01 18:40:06 -0700
commit	ac8b66e1d690064828784a04da462386e0575dd2 (patch)
tree	5ff1216168bd61df789d3ff5f2d4a0ea14ef29cd
parent	Typo (diff)
download	linux-hardened-ck-ac8b66e1d690064828784a04da462386e0575dd2.tar.xz