Use Arch config by default + state when config_hardened is used (#305)
* prepare: fix config_hardened + make arch config default for all distros Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com> * prepare: pring message about using hardnened config file Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com> * README: update about the change with the default config file Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com> * install.sh: additional dependencies Signed-off-by: Adel KARA SLIMANE <adel.ks@zegrapher.com>
This commit is contained in:
Adel Kara Slimane
committed by
GitHub
GitHub
parent
c686050832
commit
05f874d877
@@ -86,8 +86,7 @@ cd linux-tkg
|
||||
# Optional: edit the "customization.cfg" file
|
||||
makepkg -si
|
||||
```
|
||||
The script will use a slightly modified Arch config from the `linux-tkg-config` folder. The options selected at build-time are installed to `/usr/share/doc/$pkgbase/customization.cfg`, where `$pkgbase` is the package name.
|
||||
|
||||
The script will use a slightly modified Arch config from the `linux-tkg-config` folder, it can be changed through the `_configfile` variable in `customization.cfg`. The options selected at build-time are installed to `/usr/share/doc/$pkgbase/customization.cfg`, where `$pkgbase` is the package name.
|
||||
|
||||
#### DEB (Debian, Ubuntu and derivatives) and RPM (Fedora, SUSE and derivatives) based distributions
|
||||
The interactive `install.sh` script will create, depending on the selected distro, `.deb` or `.rpm` packages, move them in the the subfolder `DEBS` or `RPMS` then prompts to install them with the distro's package manager.
|
||||
@@ -103,7 +102,7 @@ manually. `install.sh` can can help out with some useful information:
|
||||
cd path/to/linux-tkg
|
||||
./install.sh uninstall-help
|
||||
```
|
||||
The script will use your current kernel's `.config` file, which will be searched for either at ``/boot/config-`uname -r`.config`` or ``/proc/config.gz`` otherwise it defaults the the "vanilla" upstream `.config` file. It's recommended to run the script booted on your distro-provided kernel.
|
||||
The script will use a slightly modified Arch config from the `linux-tkg-config` folder, it can be changed through the `_configfile` variable in `customization.cfg`.
|
||||
|
||||
#### Void Linux
|
||||
```shell
|
||||
@@ -136,10 +135,10 @@ sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
- If you only want the script to patch the sources in `linux-src-git`, you can use `./install.sh config`
|
||||
- `${kernel_flavor}` is a default naming scheme but can be customized with the variable `_kernel_localversion` in `customization.cfg`.
|
||||
- `_dracut_options` is a variable that can be changed in `customization.cfg`.
|
||||
- The script uses a base `.config` file. Its path can be provided through `_configfile` in `customization.cfg`. Otherwise ``/boot/config-`uname -r`.config``, ``/proc/config.gz`` or a "vanilla" upstream `.config` file are used, in that order, by default.
|
||||
- The script uses Arch's `.config` file as a base. A custom one can be provided through `_configfile` in `customization.cfg`.
|
||||
- The installed files will not be tracked by your package manager and uninstalling requires manual intervention. `./install.sh uninstall-help` can help with useful information if your install procedure follows the `Generic` approach.
|
||||
#### Gentoo
|
||||
The interactive `install.sh` script supports Gentoo by following the same procedure as `Generic`. Then it offers to conveniently do an `emerge @module-rebuild` after symlinking the sources folder in `/usr/src/` to `/usr/src/linux`.
|
||||
The interactive `install.sh` script supports Gentoo by following the same procedure as `Generic`, symlinks the sources folder in `/usr/src/` to `/usr/src/linux`, then offers to do an `emerge @module-rebuild` for convenience
|
||||
```shell
|
||||
git clone https://github.com/Frogging-Family/linux-tkg.git
|
||||
cd linux-tkg
|
||||
|
||||
@@ -71,13 +71,12 @@ _dracut_options="--lz4"
|
||||
#### KERNEL OPTIONS ####
|
||||
|
||||
# Name of the default config file to use for the kernel
|
||||
# Default (empty):
|
||||
# - Archlinux (PKGBUILD): "config.x86_64" from the linux-tkg-config/5.y folder.
|
||||
# - install.sh: Picks the .config file from the currently running kernel.
|
||||
# Default (empty) : "config.x86_64" from the linux-tkg-config/5.y folder.
|
||||
# "running-kernel" : Picks the .config file from the currently running kernel.
|
||||
# It is recommended to be running an official kernel before running this script, to pick off a correct .config file
|
||||
# User provided:
|
||||
# - Archlinux : use "config_hardened.x86_64" to get a hardened kernel. To get a complete hardened setup, you have to use "cfs" as _cpusched.
|
||||
# - Any : custom user provided file, the given path should be relative to the PKGBUILD file. This enables for example to use a user stripped down .config file.
|
||||
# "config_hardened.x86_64" : config file for a hardened kernel, available for kernel version "5.13", "5.10" and "5.4" .
|
||||
# To get a complete hardened setup, you have to use "cfs" as _cpusched.
|
||||
# User provided value : custom user provided file, the given path should be relative to the PKGBUILD file. This enables for example to use a user stripped down .config file.
|
||||
# If the .config file isn't up to date with the chosen kernel version, any extra CONFIG_XXXX is set to its default value.
|
||||
# Note: the script copies the resulting .config file as "kernelconfig.new" next to the PKGBUILD as a convenience for an eventual re-use. It gets overwritten at each run.
|
||||
# One can use "kernelconfig.new" here to always use the latest edited .config file. modprobed-db needs to be used only once for its changes to be picked up.
|
||||
|
||||
@@ -39,13 +39,13 @@ _install_dependencies() {
|
||||
fi
|
||||
if [ "$_distro" = "Debian" -o "$_distro" = "Ubuntu" ]; then
|
||||
msg2 "Installing dependencies"
|
||||
sudo apt install git wget build-essential fakeroot libncurses5-dev libssl-dev ccache bison flex qtbase5-dev bc rsync kmod cpio libelf-dev ${clang_deps} -y
|
||||
sudo apt install git wget build-essential fakeroot libncurses5-dev libssl-dev ccache bison flex qtbase5-dev bc rsync kmod cpio libelf-dev lz4 zstd ${clang_deps} -y
|
||||
elif [ "$_distro" = "Fedora" ]; then
|
||||
msg2 "Installing dependencies"
|
||||
if [ $(rpm -E %fedora) = "32" ]; then
|
||||
sudo dnf install fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby qt5-devel libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel openssl-devel dwarves rpm-build ${clang_deps} -y
|
||||
sudo dnf install fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby qt5-devel libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel openssl-devel dwarves rpm-build lz4 zstd ${clang_deps} -y
|
||||
else
|
||||
sudo dnf install qt5-qtbase-devel fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel elfutils-devel openssl openssl-devel dwarves rpm-build perl-devel perl-generators python3-devel make -y ${clang_deps} -y
|
||||
sudo dnf install qt5-qtbase-devel fedpkg fedora-packager rpmdevtools ncurses-devel pesign grubby libXi-devel gcc-c++ git ccache flex bison elfutils-libelf-devel elfutils-devel openssl openssl-devel dwarves rpm-build perl-devel perl-generators python3-devel make lz4 zstd -y ${clang_deps} -y
|
||||
fi
|
||||
elif [ "$_distro" = "Suse" ]; then
|
||||
msg2 "Installing dependencies"
|
||||
|
||||
@@ -362,8 +362,9 @@ _tkg_srcprep() {
|
||||
tkgpatch="$srcdir/patch-${pkgver}"
|
||||
_msg="Patching from $_basekernel to $pkgver" && _tkg_patcher
|
||||
fi
|
||||
fi
|
||||
|
||||
# ARCH Patches
|
||||
# Hardened Patches
|
||||
if [ "${_configfile}" = "config_hardened.x86_64" ] && [ "${_cpusched}" = "cfs" ]; then
|
||||
tkgpatch="$srcdir/0012-linux-hardened.patch"
|
||||
_msg="Using linux hardened patchset" && _tkg_patcher
|
||||
@@ -371,7 +372,6 @@ _tkg_srcprep() {
|
||||
tkgpatch="$srcdir/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch"
|
||||
_msg="Using Arch patches" && _tkg_patcher
|
||||
fi
|
||||
fi
|
||||
|
||||
# Void
|
||||
if [ "$_distro" = "Void" ] && [[ "$_sub" = rc* ]]; then
|
||||
@@ -527,9 +527,12 @@ _tkg_srcprep() {
|
||||
|
||||
|
||||
if [ -z "${_configfile}" ]; then
|
||||
if [ "${_distro}" = "Arch" ] || [ "$_distro" = "Void" ]; then
|
||||
msg2 "Using archlinux's default config file for kernel ${_basekernel}"
|
||||
cat "${srcdir}"/config.x86_64 > ./.config
|
||||
else
|
||||
elif [ "${_configfile}" = "config_hardened.x86_64" ]; then
|
||||
msg2 "Using archlinux's hardened config file for kernel ${_basekernel}"
|
||||
cat "${srcdir}"/config_hardened.x86_64 > ./.config
|
||||
elif [ "${_configfile}" = "running-kernel" ]; then
|
||||
if [ -f /boot/config-`uname -r` ];then
|
||||
msg2 "Using /boot/config-`uname -r` as config file"
|
||||
cp /boot/config-`uname -r` .config
|
||||
@@ -537,8 +540,8 @@ _tkg_srcprep() {
|
||||
msg2 "Using /proc/config.gz as config file"
|
||||
zcat --verbose /proc/config.gz > .config
|
||||
else
|
||||
msg2 "Current kernel config not found! Falling back to default..."
|
||||
fi
|
||||
warning "Cannot get config file of running kernel"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
msg2 "Using user-provided config file in ${_where}/${_configfile}"
|
||||
|
||||
Reference in New Issue
Block a user