From 24446ce299943efe3dfded6c9dd0cf9421d8da04 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 17 Jul 2019 09:09:15 +0200 Subject: gnu: linux-libre: Restrict ‘dmesg’ to privileged users. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/linux.scm (%default-extra-linux-options): Set CONFIG_SECURITY_DMESG_RESTRICT. --- gnu/packages/linux.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 52883282e8..4689c61a58 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -561,7 +561,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m) -- cgit v1.2.3 From d0aff873373ae4ad40d007ac6ebf5500ef40b6d1 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Jul 2019 17:02:43 -0400 Subject: gnu: linux-libre: Verbosely pack the deblobbed linux-libre tarball. This works around timeouts that sometimes occur after 1 hour of silence while packing the linux-libre source tarball on slower machines. * gnu/packages/linux.scm (make-linux-libre-source): Pass 'v' to 'tar' when packing the result tarball. --- gnu/packages/linux.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 4689c61a58..6119622d2d 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -312,7 +312,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (format #t "~%Packing new Linux-libre tarball...~%") (force-output) - (invoke "tar" "cfa" #$output + (invoke "tar" "cvfa" #$output ;; Avoid non-determinism in the archive. "--mtime=@0" "--owner=root:0" -- cgit v1.2.3 From e78c2b50df016323aa7abebcfa95fec2c2a07e22 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Jul 2019 16:53:40 -0400 Subject: gnu: linux-libre: Update deblobbing scripts. * gnu/packages/linux.scm (deblob-scripts-5.2, deblob-scripts-4.19): Update to versions 5.2.3 and 4.19.61 respectively, and update the hashes. (deblob-scripts-4.14, deblob-scripts-4.9, deblob-scripts-4.4): Update to versions 4.14.134, 4.9.186, and 4.4.186 respectively, although the scripts themselves are unchanged. --- gnu/packages/linux.scm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 6119622d2d..3f9103a350 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -182,31 +182,31 @@ defconfig. Return the appropriate make target if applicable, otherwise return (define deblob-scripts-5.2 (linux-libre-deblob-scripts - "5.2.1" + "5.2.3" (base32 "076fwxlm6jq6z4vg1xq3kr474zz7qk71r90sf9dnfia3rw2pb4fa") - (base32 "030cccchli7vnzvxcw261spyzsgnq0m113bjsz8y4vglf6gaz4n9"))) + (base32 "0d3pp1bqchqc7vnxr1a56km5r0hzjiiipzz2xc3wgjwfi51k9kxc"))) (define deblob-scripts-4.19 (linux-libre-deblob-scripts - "4.19.59" + "4.19.61" (base32 "02zs405awaxydbapka4nz8h6lmnc0dahgczqsrs5s2bmzjyyqkcy") - (base32 "07z1bsyny8lldncfh27lb16mgx9r38nswx4vmd24c7n4xva12k2s"))) + (base32 "1fyacg28aym6virxyn7wk99qil2fjbks3iwm7p3hxy51pccn34za"))) (define deblob-scripts-4.14 (linux-libre-deblob-scripts - "4.14.133" + "4.14.134" (base32 "091jk9jkn9jf39bxpc7395bhcb7p96nkg3a8047380ki06lnfxh6") (base32 "0x9nd3hnyrm753cbgdqmy92mbnyw86w64g4hvyibnkpq5n7s3z9n"))) (define deblob-scripts-4.9 (linux-libre-deblob-scripts - "4.9.185" + "4.9.186" (base32 "1wvldzlv7q2xdbadas87dh593nxr4a8p5n0f8zpm72lja6w18hmg") (base32 "1gmjn5cwxydg6qb47wcmahwkv37npsjx4papynzkkdxyidmrccya"))) (define deblob-scripts-4.4 (linux-libre-deblob-scripts - "4.4.185" + "4.4.186" (base32 "0x2j1i88am54ih2mk7gyl79g25l9zz4r08xhl482l3fvjj2irwbw") (base32 "1x40lbiaizksy8z38ax7wpqr9ldgq7qvkxbb0ca98vd1axpklb10"))) -- cgit v1.2.3 From d83514baf274f34d658544848ea6a9eecb1a6975 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Jul 2019 16:57:44 -0400 Subject: gnu: linux-libre@4.19: Update to 4.19.61. * gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.61. (linux-libre-4.19-pristine-source)[hash]: Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 3f9103a350..385dcce12c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -358,10 +358,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-5.2))) -(define-public linux-libre-4.19-version "4.19.60") +(define-public linux-libre-4.19-version "4.19.61") (define-public linux-libre-4.19-pristine-source (let ((version linux-libre-4.19-version) - (hash (base32 "0ibayrvrnw2lw7si78vdqnr20mm1d3z0g6a0ykndvgn5vdax5x9a"))) + (hash (base32 "1scwb6ynr93k4a1vzpw2x1hzafhfs06ckf9v6fk1zvkh8jw1rc5c"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-4.19))) -- cgit v1.2.3 From 76b96720e20f109138c7fca027c9f0deb2b40d26 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Jul 2019 16:58:51 -0400 Subject: gnu: linux-libre: Update to 5.2.3. * gnu/packages/linux.scm (linux-libre-5.2-version): Update to 5.2.3. (linux-libre-5.2-pristine-source)[hash]: Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 385dcce12c..c638c6aa10 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -350,10 +350,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." "linux-" version ".tar.xz")) (sha256 hash))) -(define-public linux-libre-5.2-version "5.2.2") +(define-public linux-libre-5.2-version "5.2.3") (define-public linux-libre-5.2-pristine-source (let ((version linux-libre-5.2-version) - (hash (base32 "173da67d51qcjwrczqsfd6g9phzazqzr11xfxwlf54ckd6117ng5"))) + (hash (base32 "018fiz8bycglh5b031b710zllv2s5w017ylq0j30923p744n0g3m"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-5.2))) -- cgit v1.2.3 From b64b66b890188aff9e7f23c6e85e715d7101f68e Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 28 Jul 2019 18:58:44 -0400 Subject: gnu: linux-libre@4.19: Update to 4.19.62. * gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.62. (linux-libre-4.19-pristine-source)[hash]: Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index c638c6aa10..2f8ec219b4 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -358,10 +358,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-5.2))) -(define-public linux-libre-4.19-version "4.19.61") +(define-public linux-libre-4.19-version "4.19.62") (define-public linux-libre-4.19-pristine-source (let ((version linux-libre-4.19-version) - (hash (base32 "1scwb6ynr93k4a1vzpw2x1hzafhfs06ckf9v6fk1zvkh8jw1rc5c"))) + (hash (base32 "1p6s1ksrsq3za7644j0qf9brf6brwq39jxpfln5ypmyfi5qn9gh7"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-4.19))) -- cgit v1.2.3 From ab20b3ed9152c7c95d0d2c6b2d65e29983ab57ce Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 28 Jul 2019 19:00:12 -0400 Subject: gnu: linux-libre: Update to 5.2.4. * gnu/packages/linux.scm (linux-libre-5.2-version): Update to 5.2.4. (linux-libre-5.2-pristine-source)[hash]: Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 2f8ec219b4..fc3c31e224 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -350,10 +350,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." "linux-" version ".tar.xz")) (sha256 hash))) -(define-public linux-libre-5.2-version "5.2.3") +(define-public linux-libre-5.2-version "5.2.4") (define-public linux-libre-5.2-pristine-source (let ((version linux-libre-5.2-version) - (hash (base32 "018fiz8bycglh5b031b710zllv2s5w017ylq0j30923p744n0g3m"))) + (hash (base32 "0hzfayq79bksng09ngw3k3h3zkd6ndfn059rvwpznypy1fg8pkdi"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-5.2))) -- cgit v1.2.3 From 767a0a18d88479c713f1b9b034bd06eedfe71a80 Mon Sep 17 00:00:00 2001 From: Rutger Helling Date: Mon, 29 Jul 2019 13:53:44 +0200 Subject: gnu: btrfs-progs: Update to 5.2.1. * gnu/packages/linux.scm (btrfs-progs): Update to 5.2.1. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index fc3c31e224..354337909d 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3822,7 +3822,7 @@ and copy/paste text in the console and in xterm.") (define-public btrfs-progs (package (name "btrfs-progs") - (version "5.1.1") + (version "5.2.1") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/kernel/" @@ -3830,7 +3830,7 @@ and copy/paste text in the console and in xterm.") "btrfs-progs-v" version ".tar.xz")) (sha256 (base32 - "06xybs7rglxjqkbzl2409acb3rgmnc5zc0xhyaxsc2p1x5yipfcw")))) + "0crjv3i20nyj2dagfw6q7byshscpn6j7wlqch3apkzzzk00lmb1n")))) (build-system gnu-build-system) (outputs '("out" "static")) ; static versions of the binaries in "out" -- cgit v1.2.3