Remove LTS kernel packages
They are horribly outdated and currently not updated. So remove them. We can think about reviving those later.
This commit is contained in:
parent
5fd564ce17
commit
ba6b04ef93
146
.github/workflows/arch_lts.yml
vendored
146
.github/workflows/arch_lts.yml
vendored
|
@ -1,146 +0,0 @@
|
||||||
on:
|
|
||||||
push:
|
|
||||||
tags:
|
|
||||||
- 'arch_lts-*'
|
|
||||||
|
|
||||||
name: Arch LTS
|
|
||||||
|
|
||||||
env:
|
|
||||||
GPG_KEY_ID: 56C464BAAC421453
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
name: Build Kernel
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
container: archlinux
|
|
||||||
steps:
|
|
||||||
- name: Checkout code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Install build dependencies
|
|
||||||
run: |
|
|
||||||
# Install makepkg deps
|
|
||||||
pacman -Syu --noconfirm
|
|
||||||
pacman -S --noconfirm sudo binutils fakeroot grep base-devel git sbsigntools libffi python
|
|
||||||
|
|
||||||
- name: Setup secureboot certificate
|
|
||||||
env:
|
|
||||||
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
|
|
||||||
run: |
|
|
||||||
cd pkg
|
|
||||||
|
|
||||||
# Install the surface secureboot certificate
|
|
||||||
echo "$SB_KEY" | base64 -d > arch/kernel-lts/MOK.key
|
|
||||||
cp keys/surface.crt arch/kernel-lts/MOK.crt
|
|
||||||
|
|
||||||
- name: Build
|
|
||||||
run: |
|
|
||||||
cd pkg/arch/kernel-lts
|
|
||||||
|
|
||||||
# Fix permissions (can't makepkg as root)
|
|
||||||
echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers
|
|
||||||
chown -R nobody .
|
|
||||||
|
|
||||||
# Package compression settings (Matches latest Arch)
|
|
||||||
export PKGEXT='.pkg.tar.zst'
|
|
||||||
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
|
|
||||||
export MAKEFLAGS="-j2"
|
|
||||||
|
|
||||||
# Build
|
|
||||||
su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm'
|
|
||||||
|
|
||||||
- name: Prepare release
|
|
||||||
run: |
|
|
||||||
mkdir release
|
|
||||||
mv pkg/arch/kernel-lts/*.pkg.tar.zst release
|
|
||||||
|
|
||||||
- name: Sign packages
|
|
||||||
env:
|
|
||||||
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
|
|
||||||
run: |
|
|
||||||
cd release
|
|
||||||
|
|
||||||
# import GPG key
|
|
||||||
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
||||||
export GPG_TTY=$(tty)
|
|
||||||
|
|
||||||
# sign packages
|
|
||||||
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $GPG_KEY_ID
|
|
||||||
|
|
||||||
- name: Upload artifacts
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: arch-latest
|
|
||||||
path: release
|
|
||||||
|
|
||||||
release:
|
|
||||||
name: Publish release
|
|
||||||
needs: [build]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Download artifacts
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
name: arch-latest
|
|
||||||
path: arch-latest
|
|
||||||
|
|
||||||
- name: Upload assets
|
|
||||||
uses: svenstaro/upload-release-action@v2
|
|
||||||
with:
|
|
||||||
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
||||||
file: ./*-latest/*
|
|
||||||
tag: ${{ github.ref }}
|
|
||||||
overwrite: true
|
|
||||||
file_glob: true
|
|
||||||
|
|
||||||
repo:
|
|
||||||
name: Update package repository
|
|
||||||
needs: [release]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
container: archlinux
|
|
||||||
steps:
|
|
||||||
- name: Install dependencies
|
|
||||||
run: |
|
|
||||||
pacman -Syu --noconfirm
|
|
||||||
pacman -S --noconfirm base-devel git
|
|
||||||
|
|
||||||
- name: Download artifacts
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
name: arch-latest
|
|
||||||
path: arch-latest
|
|
||||||
|
|
||||||
- name: Update repository
|
|
||||||
env:
|
|
||||||
SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
||||||
BRANCH_STAGING: u/staging
|
|
||||||
GIT_REF: ${{ github.ref }}
|
|
||||||
run: |
|
|
||||||
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
|
|
||||||
|
|
||||||
# clone package repository
|
|
||||||
git clone -b "${BRANCH_STAGING}" "${repo}" repo
|
|
||||||
|
|
||||||
# copy packages
|
|
||||||
cp arch-latest/* repo/arch/
|
|
||||||
cd repo/arch
|
|
||||||
|
|
||||||
# parse git tag from ref
|
|
||||||
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
|
|
||||||
|
|
||||||
# convert packages into references
|
|
||||||
for pkg in $(find . -name '*.pkg.tar.zst'); do
|
|
||||||
echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
|
|
||||||
rm $pkg
|
|
||||||
done
|
|
||||||
|
|
||||||
# set git identity
|
|
||||||
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
||||||
git config --global user.name "surfacebot"
|
|
||||||
|
|
||||||
# commit and push
|
|
||||||
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
|
||||||
git switch -c "${update_branch}"
|
|
||||||
git add .
|
|
||||||
git commit -m "Update Arch Linux LTS kernel"
|
|
||||||
git push --set-upstream origin "${update_branch}"
|
|
198
.github/workflows/debian_lts.yml
vendored
198
.github/workflows/debian_lts.yml
vendored
|
@ -1,198 +0,0 @@
|
||||||
on:
|
|
||||||
push:
|
|
||||||
tags:
|
|
||||||
- 'debian_lts-*'
|
|
||||||
|
|
||||||
name: Debian LTS
|
|
||||||
|
|
||||||
env:
|
|
||||||
GPG_KEY_ID: 56C464BAAC421453
|
|
||||||
KERNEL_VERSION: 4.19.206
|
|
||||||
KERNEL_REVISION: 1
|
|
||||||
LOCALVERSION: -surface-lts
|
|
||||||
MAINLINE_REPO: git://git.launchpad.net/~ubuntu-kernel-test/ubuntu/+source/linux/+git/mainline-crack
|
|
||||||
MAINLINE_BRANCH: cod/mainline
|
|
||||||
TZ: UTC
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
name: Build Kernel
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
container: ubuntu:20.04
|
|
||||||
steps:
|
|
||||||
- name: Checkout code
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Install build dependencies
|
|
||||||
run: |
|
|
||||||
sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
|
|
||||||
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime
|
|
||||||
echo $TZ > /etc/timezone
|
|
||||||
apt-get -y update
|
|
||||||
apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 \
|
|
||||||
sbsigntool debhelper dpkg-dev zstd
|
|
||||||
apt-get -y build-dep linux
|
|
||||||
|
|
||||||
- name: Prepare kernel source
|
|
||||||
run: |
|
|
||||||
cd pkg/debian/kernel-lts
|
|
||||||
|
|
||||||
# setup git
|
|
||||||
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
||||||
git config --global user.name "surfacebot"
|
|
||||||
|
|
||||||
# get ubuntu mainline source
|
|
||||||
# see https://kernel.ubuntu.com/~kernel-ppa/mainline
|
|
||||||
git clone "$MAINLINE_REPO" --branch "$MAINLINE_BRANCH/v$KERNEL_VERSION" --single-branch linux
|
|
||||||
|
|
||||||
cd linux
|
|
||||||
|
|
||||||
# apply surface build/packaging patches
|
|
||||||
for PATCH in ../*.patch; do
|
|
||||||
git am -3 ${PATCH}
|
|
||||||
done
|
|
||||||
|
|
||||||
git add .
|
|
||||||
git commit --allow-empty -m "Apply linux-surface packaging patches"
|
|
||||||
|
|
||||||
# apply surface patches
|
|
||||||
for PATCH in ../../../../patches/${KERNEL_VERSION%.*}/*.patch; do
|
|
||||||
git am -3 ${PATCH}
|
|
||||||
done
|
|
||||||
|
|
||||||
git add .
|
|
||||||
git commit --allow-empty -m "Apply linux-surface patches"
|
|
||||||
|
|
||||||
- name: Configure
|
|
||||||
run: |
|
|
||||||
cd pkg/debian/kernel-lts/linux
|
|
||||||
|
|
||||||
# merge configs
|
|
||||||
./scripts/kconfig/merge_config.sh \
|
|
||||||
debian.master/config/config.common.ubuntu \
|
|
||||||
debian.master/config/amd64/config.common.amd64 \
|
|
||||||
debian.master/config/amd64/config.flavour.generic \
|
|
||||||
../ubuntu.config \
|
|
||||||
../../../../configs/surface-${KERNEL_VERSION%.*}.config
|
|
||||||
|
|
||||||
# set revision
|
|
||||||
echo "$KERNEL_REVISION" > .version
|
|
||||||
|
|
||||||
- name: Setup secureboot certificate
|
|
||||||
env:
|
|
||||||
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
|
|
||||||
run: |
|
|
||||||
cd pkg
|
|
||||||
|
|
||||||
mkdir -p debian/kernel-lts/linux/keys
|
|
||||||
|
|
||||||
# unlock/copy key and certificate
|
|
||||||
echo "$SB_KEY" | base64 -d > debian/kernel-lts/linux/keys/MOK.key
|
|
||||||
cp keys/surface.crt debian/kernel-lts/linux/keys/MOK.crt
|
|
||||||
|
|
||||||
- name: Build kernel
|
|
||||||
run: |
|
|
||||||
cd pkg/debian/kernel-lts/linux
|
|
||||||
make bindeb-pkg -j2
|
|
||||||
|
|
||||||
- name: Build meta-package
|
|
||||||
run: |
|
|
||||||
cd pkg/debian/meta
|
|
||||||
./mkdebian.sh $(make -C ../kernel-lts/linux -s kernelrelease) ${KERNEL_REVISION} lts
|
|
||||||
dpkg-buildpackage -b
|
|
||||||
|
|
||||||
- name: Prepare release
|
|
||||||
run: |
|
|
||||||
mkdir release
|
|
||||||
rm pkg/debian/kernel-lts/linux-libc-dev*.deb
|
|
||||||
mv pkg/debian/kernel-lts/*.deb release
|
|
||||||
mv pkg/debian/*.deb release
|
|
||||||
|
|
||||||
- name: Sign packages
|
|
||||||
env:
|
|
||||||
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
|
|
||||||
run: |
|
|
||||||
# import GPG key
|
|
||||||
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
||||||
export GPG_TTY=$(tty)
|
|
||||||
|
|
||||||
# sign package
|
|
||||||
dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID release/*.deb
|
|
||||||
|
|
||||||
- name: Upload artifacts
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: debian-latest
|
|
||||||
path: release
|
|
||||||
|
|
||||||
release:
|
|
||||||
name: Publish release
|
|
||||||
needs: [build]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Download artifacts
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
name: debian-latest
|
|
||||||
path: debian-latest
|
|
||||||
|
|
||||||
- name: Upload assets
|
|
||||||
uses: svenstaro/upload-release-action@v2
|
|
||||||
with:
|
|
||||||
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
||||||
file: ./*-latest/*
|
|
||||||
tag: ${{ github.ref }}
|
|
||||||
overwrite: true
|
|
||||||
file_glob: true
|
|
||||||
|
|
||||||
repo:
|
|
||||||
name: Update package repository
|
|
||||||
needs: [release]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
container: debian:sid
|
|
||||||
steps:
|
|
||||||
- name: Install dependencies
|
|
||||||
run: |
|
|
||||||
apt-get update
|
|
||||||
apt-get install -y reprepro git
|
|
||||||
|
|
||||||
- name: Download artifacts
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
name: debian-latest
|
|
||||||
path: debian-latest
|
|
||||||
|
|
||||||
- name: Update repository
|
|
||||||
env:
|
|
||||||
SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
||||||
BRANCH_STAGING: u/staging
|
|
||||||
GIT_REF: ${{ github.ref }}
|
|
||||||
run: |
|
|
||||||
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
|
|
||||||
|
|
||||||
# clone package repository
|
|
||||||
git clone -b "${BRANCH_STAGING}" "${repo}" repo
|
|
||||||
|
|
||||||
# copy packages
|
|
||||||
cp debian-latest/* repo/debian/
|
|
||||||
cd repo/debian
|
|
||||||
|
|
||||||
# parse git tag from ref
|
|
||||||
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
|
|
||||||
|
|
||||||
# convert packages into references
|
|
||||||
for pkg in $(find . -name '*.deb'); do
|
|
||||||
echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
|
|
||||||
rm $pkg
|
|
||||||
done
|
|
||||||
|
|
||||||
# set git identity
|
|
||||||
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
||||||
git config --global user.name "surfacebot"
|
|
||||||
|
|
||||||
# commit and push
|
|
||||||
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
|
||||||
git switch -c "${update_branch}"
|
|
||||||
git add .
|
|
||||||
git commit -m "Update Debian LTS kernel"
|
|
||||||
git push --set-upstream origin "${update_branch}"
|
|
|
@ -1,132 +0,0 @@
|
||||||
From 6136ffb3d88e9f044260f8288d2d0a1edd64379e Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
|
|
||||||
Date: Mon, 16 Sep 2019 04:53:20 +0200
|
|
||||||
Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged
|
|
||||||
CLONE_NEWUSER
|
|
||||||
|
|
||||||
Our default behavior continues to match the vanilla kernel.
|
|
||||||
---
|
|
||||||
init/Kconfig | 16 ++++++++++++++++
|
|
||||||
kernel/fork.c | 15 +++++++++++++++
|
|
||||||
kernel/sysctl.c | 12 ++++++++++++
|
|
||||||
kernel/user_namespace.c | 7 +++++++
|
|
||||||
4 files changed, 50 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/init/Kconfig b/init/Kconfig
|
|
||||||
index bd7d650d4a99..658f9c052151 100644
|
|
||||||
--- a/init/Kconfig
|
|
||||||
+++ b/init/Kconfig
|
|
||||||
@@ -1091,6 +1091,22 @@ config USER_NS
|
|
||||||
|
|
||||||
If unsure, say N.
|
|
||||||
|
|
||||||
+config USER_NS_UNPRIVILEGED
|
|
||||||
+ bool "Allow unprivileged users to create namespaces"
|
|
||||||
+ default y
|
|
||||||
+ depends on USER_NS
|
|
||||||
+ help
|
|
||||||
+ When disabled, unprivileged users will not be able to create
|
|
||||||
+ new namespaces. Allowing users to create their own namespaces
|
|
||||||
+ has been part of several recent local privilege escalation
|
|
||||||
+ exploits, so if you need user namespaces but are
|
|
||||||
+ paranoid^Wsecurity-conscious you want to disable this.
|
|
||||||
+
|
|
||||||
+ This setting can be overridden at runtime via the
|
|
||||||
+ kernel.unprivileged_userns_clone sysctl.
|
|
||||||
+
|
|
||||||
+ If unsure, say Y.
|
|
||||||
+
|
|
||||||
config PID_NS
|
|
||||||
bool "PID Namespaces"
|
|
||||||
default y
|
|
||||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
|
||||||
index 541fd805fb88..ffd57c812153 100644
|
|
||||||
--- a/kernel/fork.c
|
|
||||||
+++ b/kernel/fork.c
|
|
||||||
@@ -106,6 +106,11 @@
|
|
||||||
|
|
||||||
#define CREATE_TRACE_POINTS
|
|
||||||
#include <trace/events/task.h>
|
|
||||||
+#ifdef CONFIG_USER_NS
|
|
||||||
+extern int unprivileged_userns_clone;
|
|
||||||
+#else
|
|
||||||
+#define unprivileged_userns_clone 0
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Minimum number of threads to boot the kernel
|
|
||||||
@@ -1788,6 +1793,10 @@ static __latent_entropy struct task_struct *copy_process(
|
|
||||||
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
|
|
||||||
return ERR_PTR(-EINVAL);
|
|
||||||
|
|
||||||
+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
|
|
||||||
+ if (!capable(CAP_SYS_ADMIN))
|
|
||||||
+ return ERR_PTR(-EPERM);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Thread groups must share signals as well, and detached threads
|
|
||||||
* can only be started up within the thread group.
|
|
||||||
@@ -2819,6 +2828,12 @@ int ksys_unshare(unsigned long unshare_flags)
|
|
||||||
if (unshare_flags & CLONE_NEWNS)
|
|
||||||
unshare_flags |= CLONE_FS;
|
|
||||||
|
|
||||||
+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
|
|
||||||
+ err = -EPERM;
|
|
||||||
+ if (!capable(CAP_SYS_ADMIN))
|
|
||||||
+ goto bad_unshare_out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
err = check_unshare_flags(unshare_flags);
|
|
||||||
if (err)
|
|
||||||
goto bad_unshare_out;
|
|
||||||
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
|
|
||||||
index 078950d9605b..baead3605bbe 100644
|
|
||||||
--- a/kernel/sysctl.c
|
|
||||||
+++ b/kernel/sysctl.c
|
|
||||||
@@ -110,6 +110,9 @@ extern int core_uses_pid;
|
|
||||||
extern char core_pattern[];
|
|
||||||
extern unsigned int core_pipe_limit;
|
|
||||||
#endif
|
|
||||||
+#ifdef CONFIG_USER_NS
|
|
||||||
+extern int unprivileged_userns_clone;
|
|
||||||
+#endif
|
|
||||||
extern int pid_max;
|
|
||||||
extern int pid_max_min, pid_max_max;
|
|
||||||
extern int percpu_pagelist_fraction;
|
|
||||||
@@ -545,6 +548,15 @@ static struct ctl_table kern_table[] = {
|
|
||||||
.proc_handler = proc_dointvec,
|
|
||||||
},
|
|
||||||
#endif
|
|
||||||
+#ifdef CONFIG_USER_NS
|
|
||||||
+ {
|
|
||||||
+ .procname = "unprivileged_userns_clone",
|
|
||||||
+ .data = &unprivileged_userns_clone,
|
|
||||||
+ .maxlen = sizeof(int),
|
|
||||||
+ .mode = 0644,
|
|
||||||
+ .proc_handler = proc_dointvec,
|
|
||||||
+ },
|
|
||||||
+#endif
|
|
||||||
#ifdef CONFIG_PROC_SYSCTL
|
|
||||||
{
|
|
||||||
.procname = "tainted",
|
|
||||||
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
|
|
||||||
index 8eadadc478f9..c36ecd19562c 100644
|
|
||||||
--- a/kernel/user_namespace.c
|
|
||||||
+++ b/kernel/user_namespace.c
|
|
||||||
@@ -21,6 +21,13 @@
|
|
||||||
#include <linux/bsearch.h>
|
|
||||||
#include <linux/sort.h>
|
|
||||||
|
|
||||||
+/* sysctl */
|
|
||||||
+#ifdef CONFIG_USER_NS_UNPRIVILEGED
|
|
||||||
+int unprivileged_userns_clone = 1;
|
|
||||||
+#else
|
|
||||||
+int unprivileged_userns_clone;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static struct kmem_cache *user_ns_cachep __read_mostly;
|
|
||||||
static DEFINE_MUTEX(userns_state_mutex);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0001-surface3-power.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0002-surface3-touchscreen-dma-fix.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0003-surface3-oemb.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0004-surface-buttons.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0005-suspend.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0006-ipts.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0007-wifi.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0008-surface-gpe.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0009-surface-sam-over-hid.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0010-surface-sam.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0011-surface-hotplug.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0012-surface-typecover.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0013-surface-go-touchscreen.patch
|
|
|
@ -1 +0,0 @@
|
||||||
../../../patches/4.19/0014-ath10k-firmware-override.patch
|
|
|
@ -1,230 +0,0 @@
|
||||||
# Maintainer: Maximilian Luz <luzmaximilian@gmail.com>
|
|
||||||
|
|
||||||
pkgbase=linux-surface-lts
|
|
||||||
pkgver=4.19.206
|
|
||||||
pkgrel=1
|
|
||||||
pkgdesc='LTS Linux'
|
|
||||||
url="https://www.kernel.org/"
|
|
||||||
arch=(x86_64)
|
|
||||||
license=(GPL2)
|
|
||||||
makedepends=(
|
|
||||||
bc kmod libelf cpio perl tar xz
|
|
||||||
python
|
|
||||||
xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
|
|
||||||
)
|
|
||||||
options=('!strip')
|
|
||||||
_srcname=linux-$pkgver
|
|
||||||
source=(
|
|
||||||
https://www.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
|
|
||||||
config # the main kernel config file
|
|
||||||
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
|
|
||||||
|
|
||||||
surface.config
|
|
||||||
|
|
||||||
0001-surface3-power.patch
|
|
||||||
0002-surface3-touchscreen-dma-fix.patch
|
|
||||||
0003-surface3-oemb.patch
|
|
||||||
0004-surface-buttons.patch
|
|
||||||
0005-suspend.patch
|
|
||||||
0006-ipts.patch
|
|
||||||
0007-wifi.patch
|
|
||||||
0008-surface-gpe.patch
|
|
||||||
0009-surface-sam-over-hid.patch
|
|
||||||
0010-surface-sam.patch
|
|
||||||
0011-surface-hotplug.patch
|
|
||||||
0012-surface-typecover.patch
|
|
||||||
0013-surface-go-touchscreen.patch
|
|
||||||
0014-ath10k-firmware-override.patch
|
|
||||||
)
|
|
||||||
validpgpkeys=(
|
|
||||||
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
|
||||||
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
|
|
||||||
)
|
|
||||||
# https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
|
|
||||||
sha256sums=('b7eb776f408b3ea71c97dde4888cc4549edf925a18cd158e7c9681d6ffa684c0'
|
|
||||||
'SKIP'
|
|
||||||
'4e68572e7cc4c5368f0236e0792660ae8498373988625dca46e509399a7eaea6'
|
|
||||||
'a13581d3c6dc595206e4fe7fcf6b542e7a1bdbe96101f0f010fc5be49f99baf2'
|
|
||||||
'c523d8ba9f02992c34b325cd7b07e27bfead33ecab29877e659a12b2d56b1118'
|
|
||||||
'd4e7c4d87a20baf839f339e3391344aa344ef382a45c0c551b978d79e910a4cb'
|
|
||||||
'e0ef74338db11e93d9165f51b18907ebd7701604b368f952198236af37f04489'
|
|
||||||
'cbbbed58e0cfae9599730961adeb8343fef13da5b04099698fca3fb24657004f'
|
|
||||||
'fc746b60a8dc3ce3f4e3a81bd35618c4e3c9a276f4171fe715c38925dbba4ce7'
|
|
||||||
'28941038350ec666a758259f603f99d193e5ef4c0175b768b5e1965586ce0406'
|
|
||||||
'ba98a58ca29b0ec7eacab609fac837f3c64f7345e38e896abf30f1474ce88336'
|
|
||||||
'8f64af578d07dc6195dfdff89ac4d41bd07e23515805e055cd6eb8b1143b274d'
|
|
||||||
'9f9fff2ac639a11ea26f343827f8945c51cc92887e0348a1b96a390efb827aff'
|
|
||||||
'fc45daf1316822f032cecc228e570fa1519cfb099e59cd5747805372a98de600'
|
|
||||||
'7e48c850d93f6aaec81690296dfbbdae8c43418d0747a9c5d22ec7fd432900d2'
|
|
||||||
'0e8210089d592c6c5e38e07c7c36e6b24788ee0858abad53452bea333d66bd87'
|
|
||||||
'14c354ab4d362d83eaa0083efc5e20d9edfb8fd3072ede30dbb33c66331ebb56'
|
|
||||||
'a965a5f4c3af59e75a7e763231dfbcaf8fe90a756b47846a8f1fee980db00831'
|
|
||||||
'32a772e764653dfc04f1b4861961f74a8ae70c932465bf036c08484be1273310')
|
|
||||||
|
|
||||||
export KBUILD_BUILD_HOST=archlinux
|
|
||||||
export KBUILD_BUILD_USER=$pkgbase
|
|
||||||
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
|
|
||||||
|
|
||||||
# optional certificate and key for secure boot signing
|
|
||||||
_mok_crt="$PWD/MOK.crt"
|
|
||||||
_mok_key="$PWD/MOK.key"
|
|
||||||
|
|
||||||
prepare() {
|
|
||||||
cd $_srcname
|
|
||||||
|
|
||||||
msg2 "Setting version..."
|
|
||||||
scripts/setlocalversion --save-scmversion
|
|
||||||
echo "-$pkgrel" > localversion.10-pkgrel
|
|
||||||
echo "${pkgbase#linux}" > localversion.20-pkgname
|
|
||||||
|
|
||||||
local src
|
|
||||||
for src in "${source[@]}"; do
|
|
||||||
src="${src%%::*}"
|
|
||||||
src="${src##*/}"
|
|
||||||
[[ $src = *.patch ]] || continue
|
|
||||||
msg2 "Applying patch $src..."
|
|
||||||
patch -Np1 < "../$src"
|
|
||||||
done
|
|
||||||
|
|
||||||
msg2 "Setting config..."
|
|
||||||
# cp ../config .config
|
|
||||||
# merge the two configs together
|
|
||||||
./scripts/kconfig/merge_config.sh -m ../config ../surface.config
|
|
||||||
make olddefconfig
|
|
||||||
|
|
||||||
make -s kernelrelease > version
|
|
||||||
msg2 "Prepared %s version %s" "$pkgbase" "$(<version)"
|
|
||||||
}
|
|
||||||
|
|
||||||
build() {
|
|
||||||
cd $_srcname
|
|
||||||
make bzImage modules
|
|
||||||
}
|
|
||||||
|
|
||||||
_package() {
|
|
||||||
pkgdesc="The $pkgdesc kernel and modules"
|
|
||||||
depends=(coreutils kmod initramfs)
|
|
||||||
optdepends=('crda: to set the correct wireless channels of your country'
|
|
||||||
'linux-firmware: firmware images needed for some devices')
|
|
||||||
provides=("linux=${pkgver}")
|
|
||||||
|
|
||||||
cd $_srcname
|
|
||||||
local kernver="$(<version)"
|
|
||||||
local modulesdir="$pkgdir/usr/lib/modules/$kernver"
|
|
||||||
local image_name="$(make -s image_name)"
|
|
||||||
|
|
||||||
# sign boot image if the prequisites are available
|
|
||||||
if [[ -f "$_mok_crt" ]] && [[ -f "$_mok_key" ]] && [[ -x "$(command -v sbsign)" ]]; then
|
|
||||||
msg2 "Signing boot image..."
|
|
||||||
sbsign --key "$_mok_key" --cert "$_mok_crt" --output "$image_name" "$image_name"
|
|
||||||
fi
|
|
||||||
|
|
||||||
msg2 "Installing boot image..."
|
|
||||||
# systemd expects to find the kernel here to allow hibernation
|
|
||||||
# https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
|
|
||||||
install -Dm644 "$image_name" "$modulesdir/vmlinuz"
|
|
||||||
|
|
||||||
# Used by mkinitcpio to name the kernel
|
|
||||||
echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
|
|
||||||
|
|
||||||
msg2 "Installing modules..."
|
|
||||||
make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
|
|
||||||
|
|
||||||
# remove build and source links
|
|
||||||
rm "$modulesdir"/{source,build}
|
|
||||||
|
|
||||||
msg2 "Fixing permissions..."
|
|
||||||
chmod -Rc u=rwX,go=rX "$pkgdir"
|
|
||||||
}
|
|
||||||
|
|
||||||
_package-headers() {
|
|
||||||
pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
|
|
||||||
provides=("linux-headers=${pkgver}")
|
|
||||||
|
|
||||||
cd $_srcname
|
|
||||||
local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
|
|
||||||
|
|
||||||
msg2 "Installing build files..."
|
|
||||||
install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
|
|
||||||
localversion.* version vmlinux
|
|
||||||
install -Dt "$builddir/kernel" -m644 kernel/Makefile
|
|
||||||
install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
|
|
||||||
cp -t "$builddir" -a scripts
|
|
||||||
|
|
||||||
# add objtool for external module building and enabled VALIDATION_STACK option
|
|
||||||
install -Dt "$builddir/tools/objtool" tools/objtool/objtool
|
|
||||||
|
|
||||||
# add xfs and shmem for aufs building
|
|
||||||
mkdir -p "$builddir"/{fs/xfs,mm}
|
|
||||||
|
|
||||||
# this is gone in v5.3
|
|
||||||
mkdir "$builddir/.tmp_versions"
|
|
||||||
|
|
||||||
msg2 "Installing headers..."
|
|
||||||
cp -t "$builddir" -a include
|
|
||||||
cp -t "$builddir/arch/x86" -a arch/x86/include
|
|
||||||
install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
|
|
||||||
|
|
||||||
install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
|
|
||||||
install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
|
|
||||||
|
|
||||||
# http://bugs.archlinux.org/task/13146
|
|
||||||
install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
|
|
||||||
|
|
||||||
# http://bugs.archlinux.org/task/20402
|
|
||||||
install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
|
|
||||||
install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
|
|
||||||
install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
|
|
||||||
|
|
||||||
msg2 "Installing KConfig files..."
|
|
||||||
find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
|
|
||||||
|
|
||||||
msg2 "Removing unneeded architectures..."
|
|
||||||
local arch
|
|
||||||
for arch in "$builddir"/arch/*/; do
|
|
||||||
[[ $arch = */x86/ ]] && continue
|
|
||||||
echo "Removing $(basename "$arch")"
|
|
||||||
rm -r "$arch"
|
|
||||||
done
|
|
||||||
|
|
||||||
msg2 "Removing documentation..."
|
|
||||||
rm -r "$builddir/Documentation"
|
|
||||||
|
|
||||||
msg2 "Removing broken symlinks..."
|
|
||||||
find -L "$builddir" -type l -printf 'Removing %P\n' -delete
|
|
||||||
|
|
||||||
msg2 "Removing loose objects..."
|
|
||||||
find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
|
|
||||||
|
|
||||||
msg2 "Stripping build tools..."
|
|
||||||
local file
|
|
||||||
while read -rd '' file; do
|
|
||||||
case "$(file -bi "$file")" in
|
|
||||||
application/x-sharedlib\;*) # Libraries (.so)
|
|
||||||
strip -v $STRIP_SHARED "$file" ;;
|
|
||||||
application/x-archive\;*) # Libraries (.a)
|
|
||||||
strip -v $STRIP_STATIC "$file" ;;
|
|
||||||
application/x-executable\;*) # Binaries
|
|
||||||
strip -v $STRIP_BINARIES "$file" ;;
|
|
||||||
application/x-pie-executable\;*) # Relocatable binaries
|
|
||||||
strip -v $STRIP_SHARED "$file" ;;
|
|
||||||
esac
|
|
||||||
done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
|
|
||||||
|
|
||||||
msg2 "Adding symlink..."
|
|
||||||
mkdir -p "$pkgdir/usr/src"
|
|
||||||
ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
|
|
||||||
|
|
||||||
msg2 "Fixing permissions..."
|
|
||||||
chmod -Rc u=rwX,go=rX "$pkgdir"
|
|
||||||
}
|
|
||||||
|
|
||||||
pkgname=("$pkgbase" "$pkgbase-headers")
|
|
||||||
for _p in "${pkgname[@]}"; do
|
|
||||||
eval "package_$_p() {
|
|
||||||
$(declare -f "_package${_p#$pkgbase}")
|
|
||||||
_package${_p#$pkgbase}
|
|
||||||
}"
|
|
||||||
done
|
|
||||||
|
|
||||||
# vim:set ts=8 sts=2 sw=2 et:
|
|
File diff suppressed because it is too large
Load diff
|
@ -1 +0,0 @@
|
||||||
../../../configs/surface-4.19.config
|
|
|
@ -1,87 +0,0 @@
|
||||||
From c1384dfce8f7a364a73b69c18238db635454ec6a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dorian Stoll <dorian.stoll@tmsp.io>
|
|
||||||
Date: Sun, 22 Sep 2019 22:44:16 +0200
|
|
||||||
Subject: [PATCH] Add secureboot pre-signing to the kernel
|
|
||||||
|
|
||||||
If it detects a secure boot certificate at `keys/MOK.key` and `keys/MOK.cer`,
|
|
||||||
the kernel Makefile will automatically sign the vmlinux / bzImage file that
|
|
||||||
gets generated, and that is then used in packaging.
|
|
||||||
|
|
||||||
By integrating it into the kernel build system directly, it is fully integrated
|
|
||||||
with targets like `make deb-pkg` (opposed to `make all`, sign, `make bindeb-pkg`)
|
|
||||||
and it gets added to every tree by the same mechanism that is used to apply the
|
|
||||||
other surface patches anyways.
|
|
||||||
|
|
||||||
Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
|
|
||||||
---
|
|
||||||
.gitignore | 3 +++
|
|
||||||
arch/x86/Makefile | 1 +
|
|
||||||
scripts/sign_kernel.sh | 30 ++++++++++++++++++++++++++++++
|
|
||||||
3 files changed, 34 insertions(+)
|
|
||||||
create mode 100755 scripts/sign_kernel.sh
|
|
||||||
|
|
||||||
diff --git a/.gitignore b/.gitignore
|
|
||||||
index 97ba6b79834c..490f0526ed66 100644
|
|
||||||
--- a/.gitignore
|
|
||||||
+++ b/.gitignore
|
|
||||||
@@ -127,6 +127,9 @@ signing_key.priv
|
|
||||||
signing_key.x509
|
|
||||||
x509.genkey
|
|
||||||
|
|
||||||
+# Secureboot certificate
|
|
||||||
+/keys/
|
|
||||||
+
|
|
||||||
# Kconfig presets
|
|
||||||
all.config
|
|
||||||
|
|
||||||
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
|
|
||||||
index 65a8722e784c..68ddcd308384 100644
|
|
||||||
--- a/arch/x86/Makefile
|
|
||||||
+++ b/arch/x86/Makefile
|
|
||||||
@@ -296,6 +296,7 @@ endif
|
|
||||||
$(Q)$(MAKE) $(build)=$(boot) $(KBUILD_IMAGE)
|
|
||||||
$(Q)mkdir -p $(objtree)/arch/$(UTS_MACHINE)/boot
|
|
||||||
$(Q)ln -fsn ../../x86/boot/bzImage $(objtree)/arch/$(UTS_MACHINE)/boot/$@
|
|
||||||
+ $(Q)$(srctree)/scripts/sign_kernel.sh $(objtree)/arch/$(UTS_MACHINE)/boot/$@
|
|
||||||
|
|
||||||
$(BOOT_TARGETS): vmlinux
|
|
||||||
$(Q)$(MAKE) $(build)=$(boot) $@
|
|
||||||
diff --git a/scripts/sign_kernel.sh b/scripts/sign_kernel.sh
|
|
||||||
new file mode 100755
|
|
||||||
index 000000000000..d2526a279254
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/scripts/sign_kernel.sh
|
|
||||||
@@ -0,0 +1,30 @@
|
|
||||||
+#!/bin/sh
|
|
||||||
+# SPDX-License-Identifier: GPL-2.0
|
|
||||||
+
|
|
||||||
+# The path to the compiled kernel image is passed as the first argument
|
|
||||||
+BUILDDIR=$(dirname $(dirname $0))
|
|
||||||
+VMLINUX=$1
|
|
||||||
+
|
|
||||||
+# Keys are stored in a toplevel directory called keys
|
|
||||||
+# The following files need to be there:
|
|
||||||
+# * MOK.priv (private key)
|
|
||||||
+# * MOK.pem (public key)
|
|
||||||
+#
|
|
||||||
+# If the files don't exist, this script will do nothing.
|
|
||||||
+if [ ! -f "$BUILDDIR/keys/MOK.key" ]; then
|
|
||||||
+ exit 0
|
|
||||||
+fi
|
|
||||||
+if [ ! -f "$BUILDDIR/keys/MOK.crt" ]; then
|
|
||||||
+ exit 0
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
+# Both required certificates were found. Check if sbsign is installed.
|
|
||||||
+echo "Keys for automatic secureboot signing found."
|
|
||||||
+if [ ! -x "$(command -v sbsign)" ]; then
|
|
||||||
+ echo "ERROR: sbsign not found!"
|
|
||||||
+ exit -2
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
+# Sign the kernel
|
|
||||||
+sbsign --key $BUILDDIR/keys/MOK.key --cert $BUILDDIR/keys/MOK.crt \
|
|
||||||
+ --output $VMLINUX $VMLINUX
|
|
||||||
--
|
|
||||||
2.32.0
|
|
||||||
|
|
|
@ -1,174 +0,0 @@
|
||||||
From 816b7fe4a492f9f49978e39a779a89992d8d4d32 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Date: Tue, 26 Jun 2018 16:59:01 +0100
|
|
||||||
Subject: [PATCH 1/2] Export symbols needed by Android drivers
|
|
||||||
|
|
||||||
We want to enable use of the Android ashmem and binder drivers to
|
|
||||||
support Anbox, but they should not be built-in as that would waste
|
|
||||||
resources and increase security attack surface on systems that don't
|
|
||||||
need them.
|
|
||||||
|
|
||||||
Export the currently un-exported symbols they depend on.
|
|
||||||
---
|
|
||||||
fs/file.c | 4 ++++
|
|
||||||
kernel/fork.c | 1 +
|
|
||||||
kernel/sched/core.c | 1 +
|
|
||||||
kernel/signal.c | 1 +
|
|
||||||
mm/memory.c | 1 +
|
|
||||||
mm/shmem.c | 1 +
|
|
||||||
mm/vmalloc.c | 2 ++
|
|
||||||
security/security.c | 4 ++++
|
|
||||||
8 files changed, 15 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/fs/file.c b/fs/file.c
|
|
||||||
index 3762a3f136fd..3e10be834458 100644
|
|
||||||
--- a/fs/file.c
|
|
||||||
+++ b/fs/file.c
|
|
||||||
@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(struct task_struct *task)
|
|
||||||
|
|
||||||
return files;
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(get_files_struct);
|
|
||||||
|
|
||||||
void put_files_struct(struct files_struct *files)
|
|
||||||
{
|
|
||||||
@@ -421,6 +422,7 @@ void put_files_struct(struct files_struct *files)
|
|
||||||
kmem_cache_free(files_cachep, files);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(put_files_struct);
|
|
||||||
|
|
||||||
void reset_files_struct(struct files_struct *files)
|
|
||||||
{
|
|
||||||
@@ -534,6 +536,7 @@ int __alloc_fd(struct files_struct *files,
|
|
||||||
spin_unlock(&files->file_lock);
|
|
||||||
return error;
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(__alloc_fd);
|
|
||||||
|
|
||||||
static int alloc_fd(unsigned start, unsigned flags)
|
|
||||||
{
|
|
||||||
@@ -607,6 +610,7 @@ void __fd_install(struct files_struct *files, unsigned int fd,
|
|
||||||
rcu_assign_pointer(fdt->fd[fd], file);
|
|
||||||
rcu_read_unlock_sched();
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(__fd_install);
|
|
||||||
|
|
||||||
void fd_install(unsigned int fd, struct file *file)
|
|
||||||
{
|
|
||||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
|
||||||
index cf535b9d5db7..08f3ff948b2d 100644
|
|
||||||
--- a/kernel/fork.c
|
|
||||||
+++ b/kernel/fork.c
|
|
||||||
@@ -1053,6 +1053,7 @@ void mmput_async(struct mm_struct *mm)
|
|
||||||
schedule_work(&mm->async_put_work);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(mmput_async);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/**
|
|
||||||
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
|
|
||||||
index 013b1c6cb4ed..962eef6a146c 100644
|
|
||||||
--- a/kernel/sched/core.c
|
|
||||||
+++ b/kernel/sched/core.c
|
|
||||||
@@ -3976,6 +3976,7 @@ int can_nice(const struct task_struct *p, const int nice)
|
|
||||||
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
|
|
||||||
capable(CAP_SYS_NICE));
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(can_nice);
|
|
||||||
|
|
||||||
#ifdef __ARCH_WANT_SYS_NICE
|
|
||||||
|
|
||||||
diff --git a/kernel/signal.c b/kernel/signal.c
|
|
||||||
index a02a25acf205..ab8c2d4d0e6d 100644
|
|
||||||
--- a/kernel/signal.c
|
|
||||||
+++ b/kernel/signal.c
|
|
||||||
@@ -1368,6 +1368,7 @@ struct sighand_struct *__lock_task_sighand(struct task_struct *tsk,
|
|
||||||
|
|
||||||
return sighand;
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(__lock_task_sighand);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* send signal info to all the members of a group
|
|
||||||
diff --git a/mm/memory.c b/mm/memory.c
|
|
||||||
index 49b546cdce0d..753bb3a3df81 100644
|
|
||||||
--- a/mm/memory.c
|
|
||||||
+++ b/mm/memory.c
|
|
||||||
@@ -1634,6 +1634,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start,
|
|
||||||
mmu_notifier_invalidate_range_end(mm, start, end);
|
|
||||||
tlb_finish_mmu(&tlb, start, end);
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(zap_page_range);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* zap_page_range_single - remove user pages in a given range
|
|
||||||
diff --git a/mm/shmem.c b/mm/shmem.c
|
|
||||||
index 9fd0e72757cf..4440c837318d 100644
|
|
||||||
--- a/mm/shmem.c
|
|
||||||
+++ b/mm/shmem.c
|
|
||||||
@@ -4053,6 +4053,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(shmem_zero_setup);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
|
|
||||||
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
|
|
||||||
index 1817871b0239..809d14e0b06e 100644
|
|
||||||
--- a/mm/vmalloc.c
|
|
||||||
+++ b/mm/vmalloc.c
|
|
||||||
@@ -1300,6 +1300,7 @@ int map_kernel_range_noflush(unsigned long addr, unsigned long size,
|
|
||||||
{
|
|
||||||
return vmap_page_range_noflush(addr, addr + size, prot, pages);
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(map_kernel_range_noflush);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* unmap_kernel_range_noflush - unmap kernel VM area
|
|
||||||
@@ -1440,6 +1441,7 @@ struct vm_struct *get_vm_area(unsigned long size, unsigned long flags)
|
|
||||||
NUMA_NO_NODE, GFP_KERNEL,
|
|
||||||
__builtin_return_address(0));
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(get_vm_area);
|
|
||||||
|
|
||||||
struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
|
|
||||||
const void *caller)
|
|
||||||
diff --git a/security/security.c b/security/security.c
|
|
||||||
index 9478444bf93f..9b06982fa2d4 100644
|
|
||||||
--- a/security/security.c
|
|
||||||
+++ b/security/security.c
|
|
||||||
@@ -236,24 +236,28 @@ int security_binder_set_context_mgr(struct task_struct *mgr)
|
|
||||||
{
|
|
||||||
return call_int_hook(binder_set_context_mgr, 0, mgr);
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
|
|
||||||
|
|
||||||
int security_binder_transaction(struct task_struct *from,
|
|
||||||
struct task_struct *to)
|
|
||||||
{
|
|
||||||
return call_int_hook(binder_transaction, 0, from, to);
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_transaction);
|
|
||||||
|
|
||||||
int security_binder_transfer_binder(struct task_struct *from,
|
|
||||||
struct task_struct *to)
|
|
||||||
{
|
|
||||||
return call_int_hook(binder_transfer_binder, 0, from, to);
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
|
|
||||||
|
|
||||||
int security_binder_transfer_file(struct task_struct *from,
|
|
||||||
struct task_struct *to, struct file *file)
|
|
||||||
{
|
|
||||||
return call_int_hook(binder_transfer_file, 0, from, to, file);
|
|
||||||
}
|
|
||||||
+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
|
|
||||||
|
|
||||||
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
2.32.0
|
|
||||||
|
|
|
@ -1,107 +0,0 @@
|
||||||
From ea5f38dafdd4a0c5482e4b4dbce0aef647411c13 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Date: Fri, 22 Jun 2018 17:27:00 +0100
|
|
||||||
Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
|
|
||||||
|
|
||||||
We want to enable use of the Android ashmem and binder drivers to
|
|
||||||
support Anbox, but they should not be built-in as that would waste
|
|
||||||
resources and increase security attack surface on systems that don't
|
|
||||||
need them.
|
|
||||||
|
|
||||||
- Add a MODULE_LICENSE declaration to ashmem
|
|
||||||
- Change the Makefiles to build each driver as an object with the
|
|
||||||
"_linux" suffix (which is what Anbox expects)
|
|
||||||
- Change config symbol types to tristate
|
|
||||||
---
|
|
||||||
drivers/android/Kconfig | 2 +-
|
|
||||||
drivers/android/Makefile | 5 +++--
|
|
||||||
drivers/android/binder_alloc.c | 2 +-
|
|
||||||
drivers/staging/android/Kconfig | 2 +-
|
|
||||||
drivers/staging/android/Makefile | 3 ++-
|
|
||||||
drivers/staging/android/ashmem.c | 3 +++
|
|
||||||
6 files changed, 11 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
|
|
||||||
index 432e9ad77070..5f054abd6a10 100644
|
|
||||||
--- a/drivers/android/Kconfig
|
|
||||||
+++ b/drivers/android/Kconfig
|
|
||||||
@@ -9,7 +9,7 @@ config ANDROID
|
|
||||||
if ANDROID
|
|
||||||
|
|
||||||
config ANDROID_BINDER_IPC
|
|
||||||
- bool "Android Binder IPC Driver"
|
|
||||||
+ tristate "Android Binder IPC Driver"
|
|
||||||
depends on MMU
|
|
||||||
default n
|
|
||||||
---help---
|
|
||||||
diff --git a/drivers/android/Makefile b/drivers/android/Makefile
|
|
||||||
index a01254c43ee3..e42257997ba8 100644
|
|
||||||
--- a/drivers/android/Makefile
|
|
||||||
+++ b/drivers/android/Makefile
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
ccflags-y += -I$(src) # needed for trace events
|
|
||||||
|
|
||||||
-obj-$(CONFIG_ANDROID_BINDER_IPC) += binder.o binder_alloc.o
|
|
||||||
-obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
|
|
||||||
+obj-$(CONFIG_ANDROID_BINDER_IPC) += binder_linux.o
|
|
||||||
+binder_linux-y := binder.o binder_alloc.o
|
|
||||||
+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
|
|
||||||
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
|
|
||||||
index 3371b986e3b4..b51dd2aaba90 100644
|
|
||||||
--- a/drivers/android/binder_alloc.c
|
|
||||||
+++ b/drivers/android/binder_alloc.c
|
|
||||||
@@ -44,7 +44,7 @@ enum {
|
|
||||||
};
|
|
||||||
static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR;
|
|
||||||
|
|
||||||
-module_param_named(debug_mask, binder_alloc_debug_mask,
|
|
||||||
+module_param_named(alloc_debug_mask, binder_alloc_debug_mask,
|
|
||||||
uint, 0644);
|
|
||||||
|
|
||||||
#define binder_alloc_debug(mask, x...) \
|
|
||||||
diff --git a/drivers/staging/android/Kconfig b/drivers/staging/android/Kconfig
|
|
||||||
index 17c5587805f5..c46669f32bfa 100644
|
|
||||||
--- a/drivers/staging/android/Kconfig
|
|
||||||
+++ b/drivers/staging/android/Kconfig
|
|
||||||
@@ -3,7 +3,7 @@ menu "Android"
|
|
||||||
if ANDROID
|
|
||||||
|
|
||||||
config ASHMEM
|
|
||||||
- bool "Enable the Anonymous Shared Memory Subsystem"
|
|
||||||
+ tristate "Enable the Anonymous Shared Memory Subsystem"
|
|
||||||
default n
|
|
||||||
depends on SHMEM
|
|
||||||
help
|
|
||||||
diff --git a/drivers/staging/android/Makefile b/drivers/staging/android/Makefile
|
|
||||||
index 90e6154f11a4..8202002bd72c 100644
|
|
||||||
--- a/drivers/staging/android/Makefile
|
|
||||||
+++ b/drivers/staging/android/Makefile
|
|
||||||
@@ -2,5 +2,6 @@ ccflags-y += -I$(src) # needed for trace events
|
|
||||||
|
|
||||||
obj-y += ion/
|
|
||||||
|
|
||||||
-obj-$(CONFIG_ASHMEM) += ashmem.o
|
|
||||||
+obj-$(CONFIG_ASHMEM) += ashmem_linux.o
|
|
||||||
+ashmem_linux-y += ashmem.o
|
|
||||||
obj-$(CONFIG_ANDROID_VSOC) += vsoc.o
|
|
||||||
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
|
|
||||||
index a97bbd89fae2..1f1f16c39b58 100644
|
|
||||||
--- a/drivers/staging/android/ashmem.c
|
|
||||||
+++ b/drivers/staging/android/ashmem.c
|
|
||||||
@@ -24,6 +24,7 @@
|
|
||||||
#include <linux/bitops.h>
|
|
||||||
#include <linux/mutex.h>
|
|
||||||
#include <linux/shmem_fs.h>
|
|
||||||
+#include <linux/module.h>
|
|
||||||
#include "ashmem.h"
|
|
||||||
|
|
||||||
#define ASHMEM_NAME_PREFIX "dev/ashmem/"
|
|
||||||
@@ -964,3 +965,5 @@ static int __init ashmem_init(void)
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
device_initcall(ashmem_init);
|
|
||||||
+
|
|
||||||
+MODULE_LICENSE("GPL v2");
|
|
||||||
--
|
|
||||||
2.32.0
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
../kernel/ubuntu.config
|
|
Loading…
Reference in a new issue