rosenthal: linux-xanmod: Add linux-hardened patch.

* rosenthal/packages/patches/linux-hardened-xanmod-adaption.patch: New file. * rosenthal/packages/linux.scm (%hardened-revision) (linux-hardened-patch-for-xanmod): New variables. (linux-xanmod-source)[patches]: Add linux-hardened-patch-for-xanmod.
2 years ago · 5469ef7ff2
parent e30e13349f
commit 5469ef7ff2
2 changed files with 41 additions and 3 deletions
--- a/rosenthal/packages/linux.scm
+++ b/rosenthal/packages/linux.scm
@ -66,6 +66,7 @@
 (define %xanmod-version "6.0.10")
 (define %xanmod-revision "xanmod1")
 (define %hardened-revision "hardened1")
 (define (extract-xanmod-patch version hash)
  (let ((patch (string-append "linux-" version ".patch"))
@ -74,7 +75,7 @@
                  (uri (string-append "https://github.com/xanmod/linux"
                                      "/releases/download/" version
                                      "/patch-" version ".xz"))
-                  (sha256 (base32 hash)))))
+                  (sha256 hash))))
    (origin
      (method computed-origin-method)
      (file-name patch)
@ -97,7 +98,16 @@
 (define linux-xanmod-patch
  (extract-xanmod-patch
   (string-append %xanmod-version "-" %xanmod-revision)
-   "0ypvr7lp9bhlja3zp97vmfxa80144z1kplsrzqdj301xwrmiki37"))
+   (base32 "0ypvr7lp9bhlja3zp97vmfxa80144z1kplsrzqdj301xwrmiki37")))
 (define linux-hardened-patch-for-xanmod
  (origin
    (method url-fetch)
    (uri (string-append "https://github.com/anthraxx/linux-hardened/releases/download/"
                        %xanmod-version "-" %hardened-revision "/linux-hardened-"
                        %xanmod-version "-" %hardened-revision ".patch"))
    (patches (list (local-file "patches/linux-hardened-xanmod-adaption.patch")))
    (sha256 (base32 "1zbhqwhbzjc2jsmbrqk6y4w62b9drhzh2kb1p5bwgi3nd17f43jj"))))
 (define linux-xanmod-source
  (origin
@ -105,7 +115,8 @@
              "6.0"
              (base32 "13kqh7yhifwz5dmd3ky0b3mzbh9r0nmjfp5mxy42drcdafjl692w")))
    (patches
-     (append (list linux-xanmod-patch)
+     (append (list linux-xanmod-patch
                   linux-hardened-patch-for-xanmod)
             (if (doc-supported? %xanmod-version)
                 (search-patches "linux-libre-infodocs-target.patch")
                 '())))))
--- a/rosenthal/packages/patches/linux-hardened-xanmod-adaption.patch
+++ b/rosenthal/packages/patches/linux-hardened-xanmod-adaption.patch
@ -0,0 +1,27 @@
 diff --git a/linux-hardened-6.0.10-hardened1.patch b/linux-hardened-6.0.10-hardened1.patch
 index 9cc8a0f..e7e71a7 100644
 --- a/linux-hardened-6.0.10-hardened1.patch
 +++ b/linux-hardened-6.0.10-hardened1.patch
@@ -1545,22 +1545,6 @@ index 205d605cacc5b..26c15bed8f7b4 100644
  int proc_dointvec_jiffies(struct ctl_table *table, int write,
  		    void *buffer, size_t *lenp, loff_t *ppos)
  {
 -@@ -1649,6 +1687,15 @@ static struct ctl_table kern_table[] = {
 - 		.mode		= 0644,
 - 		.proc_handler	= proc_dointvec,
 - 	},
 -+#ifdef CONFIG_USER_NS
 -+	{
 -+		.procname	= "unprivileged_userns_clone",
 -+		.data		= &unprivileged_userns_clone,
 -+		.maxlen		= sizeof(int),
 -+		.mode		= 0644,
 -+		.proc_handler	= proc_dointvec,
 -+	},
 -+#endif
 - #ifdef CONFIG_PROC_SYSCTL
 - 	{
 - 		.procname	= "tainted",
 @@ -2498,6 +2545,7 @@ EXPORT_SYMBOL(proc_douintvec);
  EXPORT_SYMBOL(proc_dointvec_jiffies);
  EXPORT_SYMBOL(proc_dointvec_minmax);