sravan/linux-tkg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use Arch config by default + state when config_hardened is used (#305)

Browse Source 
* prepare: fix config_hardened + make arch config default for all distros

Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com>

* prepare: pring message about using hardnened config file

Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com>

* README: update about the change with the default config file

Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com>

* install.sh: additional dependencies

Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com>
This commit is contained in:
Adel Kara Slimane
2021-09-21 12:20:35 +02:00
committed by GitHub
parent c686050832
commit 05f874d877
4 changed files with 35 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -86,8 +86,7 @@ cd linux-tkg
# Optional: edit the "customization.cfg" file # Optional: edit the "customization.cfg" file
makepkg -si makepkg -si
``` ```
The script will use a slightly modified Arch config from the `linux-tkg-config` folder. The options selected at build-time are installed to `/usr/share/doc/$pkgbase/customization.cfg`, where `$pkgbase` is the package name. The script will use a slightly modified Arch config from the `linux-tkg-config` folder, it can be changed through the `_configfile` variable in `customization.cfg`. The options selected at build-time are installed to `/usr/share/doc/$pkgbase/customization.cfg`, where `$pkgbase` is the package name.
#### DEB (Debian, Ubuntu and derivatives) and RPM (Fedora, SUSE and derivatives) based distributions #### DEB (Debian, Ubuntu and derivatives) and RPM (Fedora, SUSE and derivatives) based distributions
The interactive `install.sh` script will create, depending on the selected distro, `.deb` or `.rpm` packages, move them in the the subfolder `DEBS` or `RPMS` then prompts to install them with the distro's package manager. The interactive `install.sh` script will create, depending on the selected distro, `.deb` or `.rpm` packages, move them in the the subfolder `DEBS` or `RPMS` then prompts to install them with the distro's package manager.
@@ -103,7 +102,7 @@ manually. `install.sh` can can help out with some useful information:
cd path/to/linux-tkg cd path/to/linux-tkg
./install.sh uninstall-help ./install.sh uninstall-help
``` ```
The script will use your current kernel's `.config` file, which will be searched for either at ``/boot/config-`uname -r`.config`` or ``/proc/config.gz`` otherwise it defaults the the "vanilla" upstream `.config` file. It's recommended to run the script booted on your distro-provided kernel. The script will use a slightly modified Arch config from the `linux-tkg-config` folder, it can be changed through the `_configfile` variable in `customization.cfg`.
#### Void Linux #### Void Linux
```shell ```shell
@@ -136,10 +135,10 @@ sudo grub-mkconfig -o /boot/grub/grub.cfg
- If you only want the script to patch the sources in `linux-src-git`, you can use `./install.sh config` - If you only want the script to patch the sources in `linux-src-git`, you can use `./install.sh config`
- `${kernel_flavor}` is a default naming scheme but can be customized with the variable `_kernel_localversion` in `customization.cfg`. - `${kernel_flavor}` is a default naming scheme but can be customized with the variable `_kernel_localversion` in `customization.cfg`.
- `_dracut_options` is a variable that can be changed in `customization.cfg`. - `_dracut_options` is a variable that can be changed in `customization.cfg`.
- The script uses a base `.config` file. Its path can be provided through `_configfile` in `customization.cfg`. Otherwise ``/boot/config-`uname -r`.config``, ``/proc/config.gz`` or a "vanilla" upstream `.config` file are used, in that order, by default. - The script uses Arch's `.config` file as a base. A custom one can be provided through `_configfile` in `customization.cfg`.
- The installed files will not be tracked by your package manager and uninstalling requires manual intervention. `./install.sh uninstall-help` can help with useful information if your install procedure follows the `Generic` approach. - The installed files will not be tracked by your package manager and uninstalling requires manual intervention. `./install.sh uninstall-help` can help with useful information if your install procedure follows the `Generic` approach.
#### Gentoo #### Gentoo
The interactive `install.sh` script supports Gentoo by following the same procedure as `Generic`. Then it offers to conveniently do an `emerge @module-rebuild` after symlinking the sources folder in `/usr/src/` to `/usr/src/linux`. The interactive `install.sh` script supports Gentoo by following the same procedure as `Generic`, symlinks the sources folder in `/usr/src/` to `/usr/src/linux`, then offers to do an `emerge @module-rebuild` for convenience
```shell ```shell
git clone https://github.com/Frogging-Family/linux-tkg.git git clone https://github.com/Frogging-Family/linux-tkg.git
cd linux-tkg cd linux-tkg

11
customization.cfg
View File

@@ -71,13 +71,12 @@ _dracut_options="--lz4"
#### KERNEL OPTIONS #### #### KERNEL OPTIONS ####
# Name of the default config file to use for the kernel # Name of the default config file to use for the kernel
# Default (empty): # Default (empty) : "config.x86_64" from the linux-tkg-config/5.y folder.
# - Archlinux (PKGBUILD): "config.x86_64" from the linux-tkg-config/5.y folder. # "running-kernel" : Picks the .config file from the currently running kernel.
# - install.sh: Picks the .config file from the currently running kernel.
# It is recommended to be running an official kernel before running this script, to pick off a correct .config file # It is recommended to be running an official kernel before running this script, to pick off a correct .config file
# User provided: # "config_hardened.x86_64" : config file for a hardened kernel, available for kernel version "5.13", "5.10" and "5.4" .
# - Archlinux : use "config_hardened.x86_64" to get a hardened kernel. To get a complete hardened setup, you have to use "cfs" as _cpusched. # To get a complete hardened setup, you have to use "cfs" as _cpusched.
# - Any : custom user provided file, the given path should be relative to the PKGBUILD file. This enables for example to use a user stripped down .config file. # User provided value : custom user provided file, the given path should be relative to the PKGBUILD file. This enables for example to use a user stripped down .config file.
# If the .config file isn't up to date with the chosen kernel version, any extra CONFIG_XXXX is set to its default value. # If the .config file isn't up to date with the chosen kernel version, any extra CONFIG_XXXX is set to its default value.
# Note: the script copies the resulting .config file as "kernelconfig.new" next to the PKGBUILD as a convenience for an eventual re-use. It gets overwritten at each run. # Note: the script copies the resulting .config file as "kernelconfig.new" next to the PKGBUILD as a convenience for an eventual re-use. It gets overwritten at each run.
# One can use "kernelconfig.new" here to always use the latest edited .config file. modprobed-db needs to be used only once for its changes to be picked up. # One can use "kernelconfig.new" here to always use the latest edited .config file. modprobed-db needs to be used only once for its changes to be picked up.

6
install.sh
View File

@@ -39,13 +39,13 @@ _install_dependencies() {
fi fi
if [ "$_distro" = "Debian" -o "$_distro" = "Ubuntu" ]; then if [ "$_distro" = "Debian" -o "$_distro" = "Ubuntu" ]; then
msg2 "Installing dependencies" msg2 "Installing dependencies"
sudo apt install git wget build-essential fakeroot libncurses5-dev libssl-dev ccache bison flex qtbase5-dev bc rsync kmod cpio libelf-dev ${clang_deps} -y sudo apt install git wget build-essential fakeroot libncurses5-dev libssl-dev ccache bison flex qtbase5-dev bc rsync kmod cpio libelf-dev lz4 zstd ${clang_deps} -y
elif [ "$_distro" = "Fedora" ]; then elif [ "$_distro" = "Fedora" ]; then
msg2 "Installing dependencies" msg2 "Installing dependencies"
if [ $(rpm -E %fedora) = "32" ]; then if [ $(rpm -E %fedora) = "32" ]; then
sudo dnf install fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby qt5-devel libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel openssl-devel dwarves rpm-build ${clang_deps} -y sudo dnf install fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby qt5-devel libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel openssl-devel dwarves rpm-build lz4 zstd ${clang_deps} -y
else else
sudo dnf install qt5-qtbase-devel fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel elfutils-devel openssl openssl-devel dwarves rpm-build perl-devel perl-generators python3-devel make -y ${clang_deps} -y sudo dnf install qt5-qtbase-devel fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel elfutils-devel openssl openssl-devel dwarves rpm-build perl-devel perl-generators python3-devel make lz4 zstd -y ${clang_deps} -y
fi fi
elif [ "$_distro" = "Suse" ]; then elif [ "$_distro" = "Suse" ]; then
msg2 "Installing dependencies" msg2 "Installing dependencies"

15
linux-tkg-config/prepare
View File

@@ -362,8 +362,9 @@ _tkg_srcprep() {
tkgpatch="$srcdir/patch-${pkgver}" tkgpatch="$srcdir/patch-${pkgver}"
_msg="Patching from $_basekernel to $pkgver" && _tkg_patcher _msg="Patching from $_basekernel to $pkgver" && _tkg_patcher
fi fi
fi
# ARCH Patches # Hardened Patches
if [ "${_configfile}" = "config_hardened.x86_64" ] && [ "${_cpusched}" = "cfs" ]; then if [ "${_configfile}" = "config_hardened.x86_64" ] && [ "${_cpusched}" = "cfs" ]; then
tkgpatch="$srcdir/0012-linux-hardened.patch" tkgpatch="$srcdir/0012-linux-hardened.patch"
_msg="Using linux hardened patchset" && _tkg_patcher _msg="Using linux hardened patchset" && _tkg_patcher
@@ -371,7 +372,6 @@ _tkg_srcprep() {
tkgpatch="$srcdir/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch" tkgpatch="$srcdir/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch"
_msg="Using Arch patches" && _tkg_patcher _msg="Using Arch patches" && _tkg_patcher
fi fi
fi
# Void # Void
if [ "$_distro" = "Void" ] && [[ "$_sub" = rc* ]]; then if [ "$_distro" = "Void" ] && [[ "$_sub" = rc* ]]; then
@@ -527,9 +527,12 @@ _tkg_srcprep() {
if [ -z "${_configfile}" ]; then if [ -z "${_configfile}" ]; then
if [ "${_distro}" = "Arch" ] || [ "$_distro" = "Void" ]; then msg2 "Using archlinux's default config file for kernel ${_basekernel}"
cat "${srcdir}"/config.x86_64 > ./.config cat "${srcdir}"/config.x86_64 > ./.config
else elif [ "${_configfile}" = "config_hardened.x86_64" ]; then
msg2 "Using archlinux's hardened config file for kernel ${_basekernel}"
cat "${srcdir}"/config_hardened.x86_64 > ./.config
elif [ "${_configfile}" = "running-kernel" ]; then
if [ -f /boot/config-`uname -r` ];then if [ -f /boot/config-`uname -r` ];then
msg2 "Using /boot/config-`uname -r` as config file" msg2 "Using /boot/config-`uname -r` as config file"
cp /boot/config-`uname -r` .config cp /boot/config-`uname -r` .config
@@ -537,8 +540,8 @@ _tkg_srcprep() {
msg2 "Using /proc/config.gz as config file" msg2 "Using /proc/config.gz as config file"
zcat --verbose /proc/config.gz > .config zcat --verbose /proc/config.gz > .config
else else
msg2 "Current kernel config not found! Falling back to default..." warning "Cannot get config file of running kernel"
fi exit 1
fi fi
else else
msg2 "Using user-provided config file in ${_where}/${_configfile}" msg2 "Using user-provided config file in ${_where}/${_configfile}"