* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 831ff05d898cbf3484922d33573ee067782eb663
@ 2020-02-06 14:10 Arne Fitzenreiter
0 siblings, 0 replies; only message in thread
From: Arne Fitzenreiter @ 2020-02-06 14:10 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 43321 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 831ff05d898cbf3484922d33573ee067782eb663 (commit)
via 198c956bb74be7eeaa919c7de3fc3ada4ca52856 (commit)
from 57b17167eb6cdbc35bdcf7f6614f00d8ac50fdd1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 831ff05d898cbf3484922d33573ee067782eb663
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Feb 6 15:09:52 2020 +0100
kernel: enable and enforce signed kernel modules
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 198c956bb74be7eeaa919c7de3fc3ada4ca52856
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Feb 5 18:25:54 2020 +0100
kernel: update to 4.14.170
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/kernel/kernel.config.aarch64-ipfire | 37 ++++++++++++++++----
config/kernel/kernel.config.armv5tel-ipfire-multi | 38 +++++++++++++++++----
config/kernel/kernel.config.i586-ipfire | 41 +++++++++++++++++------
config/kernel/kernel.config.i586-ipfire-pae | 41 +++++++++++++++++------
config/kernel/kernel.config.x86_64-ipfire | 41 +++++++++++++++++------
config/kernel/x509.genkey | 17 ++++++++++
config/rootfiles/common/i586/linux | 41 +++++++++++++++++++----
config/rootfiles/packages/linux-pae | 41 +++++++++++++++++++----
lfs/linux | 18 ++++++----
lfs/xtables-addons | 11 ++++--
10 files changed, 262 insertions(+), 64 deletions(-)
create mode 100644 config/kernel/x509.genkey
Difference in files:
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index e79403bc7..32ad2df07 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.154-ipfire Kernel Configuration
+# Linux/arm64 4.14.166-ipfire Kernel Configuration
#
CONFIG_ARM64=y
CONFIG_64BIT=y
@@ -221,7 +221,7 @@ CONFIG_SLAB_MERGE_DEFAULT=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
# CONFIG_KPROBES is not set
@@ -306,7 +306,15 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -369,6 +377,7 @@ CONFIG_MQ_IOSCHED_KYBER=y
CONFIG_IOSCHED_BFQ=y
CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PADATA=y
+CONFIG_ASN1=y
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
CONFIG_INLINE_READ_UNLOCK=y
CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -2065,6 +2074,7 @@ CONFIG_ACENIC=m
# CONFIG_ACENIC_OMIT_TIGON_I is not set
CONFIG_ALTERA_TSE=m
CONFIG_NET_VENDOR_AMAZON=y
+CONFIG_ENA_ETHERNET=m
CONFIG_NET_VENDOR_AMD=y
CONFIG_AMD8111_ETH=m
CONFIG_PCNET32=m
@@ -6609,6 +6619,7 @@ CONFIG_CRYPTO=y
#
# Crypto core or helper
#
+# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
@@ -6621,10 +6632,11 @@ CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
-# CONFIG_CRYPTO_RSA is not set
+CONFIG_CRYPTO_RSA=y
# CONFIG_CRYPTO_DH is not set
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
@@ -6741,6 +6753,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
+CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
# CONFIG_CRYPTO_DEV_MARVELL_CESA is not set
# CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set
@@ -6751,11 +6764,21 @@ CONFIG_CRYPTO_DEV_ROCKCHIP=y
# CONFIG_CRYPTO_DEV_CHELSIO is not set
CONFIG_CRYPTO_DEV_VIRTIO=m
# CONFIG_CRYPTO_DEV_SAFEXCEL is not set
-# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+CONFIG_PKCS7_TEST_KEY=m
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
# CONFIG_ARM64_CRYPTO is not set
CONFIG_BINARY_PRINTF=y
@@ -6831,11 +6854,13 @@ CONFIG_DQL=y
CONFIG_GLOB=y
# CONFIG_GLOB_SELFTEST is not set
CONFIG_NLATTR=y
+CONFIG_CLZ_TAB=y
CONFIG_CORDIC=m
CONFIG_DDR=y
CONFIG_IRQ_POLL=y
+CONFIG_MPILIB=y
CONFIG_LIBFDT=y
-CONFIG_OID_REGISTRY=m
+CONFIG_OID_REGISTRY=y
CONFIG_UCS2_STRING=y
CONFIG_FONT_SUPPORT=y
# CONFIG_FONTS is not set
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi
index 7e9de39ea..cfa766005 100644
--- a/config/kernel/kernel.config.armv5tel-ipfire-multi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.154-ipfire-multi Kernel Configuration
+# Linux/arm 4.14.166-ipfire-multi Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
@@ -218,7 +218,7 @@ CONFIG_SLAB_MERGE_DEFAULT=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
CONFIG_HAVE_OPROFILE=y
@@ -301,7 +301,15 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -363,6 +371,7 @@ CONFIG_MQ_IOSCHED_KYBER=y
CONFIG_IOSCHED_BFQ=y
CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PADATA=y
+CONFIG_ASN1=y
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
CONFIG_INLINE_READ_UNLOCK=y
CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -2333,6 +2342,7 @@ CONFIG_ACENIC=m
# CONFIG_ACENIC_OMIT_TIGON_I is not set
CONFIG_ALTERA_TSE=m
CONFIG_NET_VENDOR_AMAZON=y
+CONFIG_ENA_ETHERNET=m
CONFIG_NET_VENDOR_AMD=y
CONFIG_AMD8111_ETH=m
CONFIG_PCNET32=m
@@ -7045,7 +7055,6 @@ CONFIG_ARM_UNWIND=y
CONFIG_OLD_MCOUNT=y
# CONFIG_DEBUG_USER is not set
# CONFIG_DEBUG_LL is not set
-CONFIG_DEBUG_IMX_UART_PORT=1
CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S"
# CONFIG_DEBUG_UART_8250 is not set
CONFIG_UNCOMPRESS_INCLUDE="debug/uncompress.h"
@@ -7092,6 +7101,7 @@ CONFIG_CRYPTO=y
#
# Crypto core or helper
#
+# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
@@ -7104,10 +7114,11 @@ CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
-# CONFIG_CRYPTO_RSA is not set
+CONFIG_CRYPTO_RSA=y
# CONFIG_CRYPTO_DH is not set
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
@@ -7224,6 +7235,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
+CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_MV_CESA=m
# CONFIG_CRYPTO_DEV_MARVELL_CESA is not set
@@ -7242,11 +7254,21 @@ CONFIG_CRYPTO_DEV_SUN4I_SS=y
CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG=y
CONFIG_CRYPTO_DEV_ROCKCHIP=y
# CONFIG_CRYPTO_DEV_CHELSIO is not set
-# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+CONFIG_PKCS7_TEST_KEY=m
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
CONFIG_ARM_CRYPTO=y
CONFIG_CRYPTO_SHA1_ARM=m
@@ -7327,11 +7349,13 @@ CONFIG_GLOB=y
# CONFIG_GLOB_SELFTEST is not set
CONFIG_NLATTR=y
CONFIG_GENERIC_ATOMIC64=y
+CONFIG_CLZ_TAB=y
CONFIG_CORDIC=m
CONFIG_DDR=y
CONFIG_IRQ_POLL=y
+CONFIG_MPILIB=y
CONFIG_LIBFDT=y
-CONFIG_OID_REGISTRY=m
+CONFIG_OID_REGISTRY=y
CONFIG_FONT_SUPPORT=y
# CONFIG_FONTS is not set
CONFIG_FONT_8x8=y
diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire
index 2732bba42..4bb39fc20 100644
--- a/config/kernel/kernel.config.i586-ipfire
+++ b/config/kernel/kernel.config.i586-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.154-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.170-ipfire Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -233,7 +233,7 @@ CONFIG_SLAB_MERGE_DEFAULT=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
CONFIG_HOTPLUG_SMT=y
@@ -334,7 +334,15 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -398,7 +406,7 @@ CONFIG_IOSCHED_BFQ=y
CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
-CONFIG_ASN1=m
+CONFIG_ASN1=y
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
CONFIG_INLINE_READ_UNLOCK=y
CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -6703,6 +6711,7 @@ CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+# CONFIG_X86_DECODER_SELFTEST is not set
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
@@ -6766,6 +6775,7 @@ CONFIG_CRYPTO=y
#
# Crypto core or helper
#
+# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
@@ -6778,11 +6788,11 @@ CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
-CONFIG_CRYPTO_AKCIPHER=m
+CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
-CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
@@ -6851,7 +6861,7 @@ CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
@@ -6908,6 +6918,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER_API_RNG=m
CONFIG_CRYPTO_USER_API_AEAD=m
+CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6928,11 +6939,21 @@ CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
CONFIG_CRYPTO_DEV_QAT_C62XVF=m
CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
-# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+CONFIG_PKCS7_TEST_KEY=m
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
CONFIG_HAVE_KVM=y
CONFIG_HAVE_KVM_IRQCHIP=y
@@ -7040,8 +7061,8 @@ CONFIG_CLZ_TAB=y
CONFIG_CORDIC=m
# CONFIG_DDR is not set
CONFIG_IRQ_POLL=y
-CONFIG_MPILIB=m
-CONFIG_OID_REGISTRY=m
+CONFIG_MPILIB=y
+CONFIG_OID_REGISTRY=y
CONFIG_UCS2_STRING=y
CONFIG_FONT_SUPPORT=y
# CONFIG_FONTS is not set
diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae
index 9b53ab35c..318384613 100644
--- a/config/kernel/kernel.config.i586-ipfire-pae
+++ b/config/kernel/kernel.config.i586-ipfire-pae
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.154-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.170-ipfire-pae Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -233,7 +233,7 @@ CONFIG_SLAB_MERGE_DEFAULT=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
CONFIG_HOTPLUG_SMT=y
@@ -335,7 +335,15 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -399,7 +407,7 @@ CONFIG_IOSCHED_BFQ=y
CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
-CONFIG_ASN1=m
+CONFIG_ASN1=y
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
CONFIG_INLINE_READ_UNLOCK=y
CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -6709,6 +6717,7 @@ CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+# CONFIG_X86_DECODER_SELFTEST is not set
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
@@ -6772,6 +6781,7 @@ CONFIG_CRYPTO=y
#
# Crypto core or helper
#
+# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
@@ -6784,11 +6794,11 @@ CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
-CONFIG_CRYPTO_AKCIPHER=m
+CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
-CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
@@ -6857,7 +6867,7 @@ CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
@@ -6914,6 +6924,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER_API_RNG=m
CONFIG_CRYPTO_USER_API_AEAD=m
+CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6933,11 +6944,21 @@ CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
CONFIG_CRYPTO_DEV_QAT_C62XVF=m
CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
-# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+CONFIG_PKCS7_TEST_KEY=m
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
CONFIG_HAVE_KVM=y
CONFIG_HAVE_KVM_IRQCHIP=y
@@ -7045,8 +7066,8 @@ CONFIG_CLZ_TAB=y
CONFIG_CORDIC=m
# CONFIG_DDR is not set
CONFIG_IRQ_POLL=y
-CONFIG_MPILIB=m
-CONFIG_OID_REGISTRY=m
+CONFIG_MPILIB=y
+CONFIG_OID_REGISTRY=y
CONFIG_UCS2_STRING=y
CONFIG_FONT_SUPPORT=y
# CONFIG_FONTS is not set
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 2fcf1e589..b16d13504 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.154-ipfire Kernel Configuration
+# Linux/x86 4.14.170-ipfire Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -242,7 +242,7 @@ CONFIG_SLAB_MERGE_DEFAULT=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
CONFIG_HOTPLUG_SMT=y
@@ -354,7 +354,15 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+CONFIG_MODULE_SIG_FORCE=y
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
# CONFIG_MODULE_COMPRESS_GZIP is not set
CONFIG_MODULE_COMPRESS_XZ=y
@@ -418,7 +426,7 @@ CONFIG_IOSCHED_BFQ=y
CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
-CONFIG_ASN1=m
+CONFIG_ASN1=y
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
CONFIG_INLINE_READ_UNLOCK=y
CONFIG_INLINE_READ_UNLOCK_IRQ=y
@@ -6565,6 +6573,7 @@ CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+# CONFIG_X86_DECODER_SELFTEST is not set
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
@@ -6630,6 +6639,7 @@ CONFIG_CRYPTO=y
#
# Crypto core or helper
#
+# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
@@ -6642,11 +6652,11 @@ CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
-CONFIG_CRYPTO_AKCIPHER=m
+CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
-CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
@@ -6723,7 +6733,7 @@ CONFIG_CRYPTO_SHA1_MB=m
CONFIG_CRYPTO_SHA256_MB=m
CONFIG_CRYPTO_SHA512_MB=m
CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
@@ -6793,6 +6803,7 @@ CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER_API_RNG=m
CONFIG_CRYPTO_USER_API_AEAD=m
+CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
@@ -6813,11 +6824,21 @@ CONFIG_CRYPTO_DEV_NITROX=m
CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m
CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
-# CONFIG_ASYMMETRIC_KEY_TYPE is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+# CONFIG_PKCS7_TEST_KEY is not set
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
CONFIG_HAVE_KVM=y
CONFIG_HAVE_KVM_IRQCHIP=y
@@ -6925,8 +6946,8 @@ CONFIG_CLZ_TAB=y
CONFIG_CORDIC=m
# CONFIG_DDR is not set
CONFIG_IRQ_POLL=y
-CONFIG_MPILIB=m
-CONFIG_OID_REGISTRY=m
+CONFIG_MPILIB=y
+CONFIG_OID_REGISTRY=y
CONFIG_UCS2_STRING=y
CONFIG_FONT_SUPPORT=y
# CONFIG_FONTS is not set
diff --git a/config/kernel/x509.genkey b/config/kernel/x509.genkey
new file mode 100644
index 000000000..9640ec6d0
--- /dev/null
+++ b/config/kernel/x509.genkey
@@ -0,0 +1,17 @@
+[ req ]
+default_bits = 4096
+distinguished_name = req_distinguished_name
+prompt = no
+string_mask = utf8only
+x509_extensions = myexts
+
+[ req_distinguished_name ]
+O = IPFire.org
+CN = Build time autogenerated kernel key
+emailAddress = development(a)lists.ipfire.org
+
+[ myexts ]
+basicConstraints=critical,CA:FALSE
+keyUsage=digitalSignature
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux
index 684dbe07b..e65260974 100644
--- a/config/rootfiles/common/i586/linux
+++ b/config/rootfiles/common/i586/linux
@@ -2092,6 +2092,8 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/certs
#lib/modules/KVER-ipfire/build/certs/Kconfig
#lib/modules/KVER-ipfire/build/certs/Makefile
+#lib/modules/KVER-ipfire/build/certs/signing_key.pem
+#lib/modules/KVER-ipfire/build/certs/signing_key.x509
#lib/modules/KVER-ipfire/build/crypto
#lib/modules/KVER-ipfire/build/crypto/Kconfig
#lib/modules/KVER-ipfire/build/crypto/Makefile
@@ -6198,6 +6200,12 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/asus/nb/wmi.h
#lib/modules/KVER-ipfire/build/include/config/asus/wireless.h
#lib/modules/KVER-ipfire/build/include/config/asus/wmi.h
+#lib/modules/KVER-ipfire/build/include/config/asymmetric
+#lib/modules/KVER-ipfire/build/include/config/asymmetric/key
+#lib/modules/KVER-ipfire/build/include/config/asymmetric/key/type.h
+#lib/modules/KVER-ipfire/build/include/config/asymmetric/public
+#lib/modules/KVER-ipfire/build/include/config/asymmetric/public/key
+#lib/modules/KVER-ipfire/build/include/config/asymmetric/public/key/subtype.h
#lib/modules/KVER-ipfire/build/include/config/async
#lib/modules/KVER-ipfire/build/include/config/async/core.h
#lib/modules/KVER-ipfire/build/include/config/async/memcpy.h
@@ -6853,7 +6861,9 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/crypto/glue
#lib/modules/KVER-ipfire/build/include/config/crypto/glue/helper
#lib/modules/KVER-ipfire/build/include/config/crypto/glue/helper/x86.h
+#lib/modules/KVER-ipfire/build/include/config/crypto/hash
#lib/modules/KVER-ipfire/build/include/config/crypto/hash.h
+#lib/modules/KVER-ipfire/build/include/config/crypto/hash/info.h
#lib/modules/KVER-ipfire/build/include/config/crypto/hash2.h
#lib/modules/KVER-ipfire/build/include/config/crypto/hmac.h
#lib/modules/KVER-ipfire/build/include/config/crypto/hw.h
@@ -9077,6 +9087,13 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/module/compress
#lib/modules/KVER-ipfire/build/include/config/module/compress.h
#lib/modules/KVER-ipfire/build/include/config/module/compress/xz.h
+#lib/modules/KVER-ipfire/build/include/config/module/sig
+#lib/modules/KVER-ipfire/build/include/config/module/sig.h
+#lib/modules/KVER-ipfire/build/include/config/module/sig/all.h
+#lib/modules/KVER-ipfire/build/include/config/module/sig/force.h
+#lib/modules/KVER-ipfire/build/include/config/module/sig/hash.h
+#lib/modules/KVER-ipfire/build/include/config/module/sig/key.h
+#lib/modules/KVER-ipfire/build/include/config/module/sig/sha512.h
#lib/modules/KVER-ipfire/build/include/config/module/srcversion
#lib/modules/KVER-ipfire/build/include/config/module/srcversion/all.h
#lib/modules/KVER-ipfire/build/include/config/module/unload.h
@@ -10008,6 +10025,11 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/pinctrl/lewisburg.h
#lib/modules/KVER-ipfire/build/include/config/pinctrl/mcp23s08.h
#lib/modules/KVER-ipfire/build/include/config/pinmux.h
+#lib/modules/KVER-ipfire/build/include/config/pkcs7
+#lib/modules/KVER-ipfire/build/include/config/pkcs7/message
+#lib/modules/KVER-ipfire/build/include/config/pkcs7/message/parser.h
+#lib/modules/KVER-ipfire/build/include/config/pkcs7/test
+#lib/modules/KVER-ipfire/build/include/config/pkcs7/test/key.h
#lib/modules/KVER-ipfire/build/include/config/plx
#lib/modules/KVER-ipfire/build/include/config/plx/hermes.h
#lib/modules/KVER-ipfire/build/include/config/pm
@@ -11265,6 +11287,12 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/sysfs
#lib/modules/KVER-ipfire/build/include/config/sysfs.h
#lib/modules/KVER-ipfire/build/include/config/sysfs/syscall.h
+#lib/modules/KVER-ipfire/build/include/config/system
+#lib/modules/KVER-ipfire/build/include/config/system/data
+#lib/modules/KVER-ipfire/build/include/config/system/data/verification.h
+#lib/modules/KVER-ipfire/build/include/config/system/trusted
+#lib/modules/KVER-ipfire/build/include/config/system/trusted/keyring.h
+#lib/modules/KVER-ipfire/build/include/config/system/trusted/keys.h
#lib/modules/KVER-ipfire/build/include/config/sysvipc
#lib/modules/KVER-ipfire/build/include/config/sysvipc.h
#lib/modules/KVER-ipfire/build/include/config/sysvipc/sysctl.h
@@ -12118,6 +12146,9 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/wlcore/sdio.h
#lib/modules/KVER-ipfire/build/include/config/wmi
#lib/modules/KVER-ipfire/build/include/config/wmi/bmof.h
+#lib/modules/KVER-ipfire/build/include/config/x509
+#lib/modules/KVER-ipfire/build/include/config/x509/certificate
+#lib/modules/KVER-ipfire/build/include/config/x509/certificate/parser.h
#lib/modules/KVER-ipfire/build/include/config/x86
#lib/modules/KVER-ipfire/build/include/config/x86.h
#lib/modules/KVER-ipfire/build/include/config/x86/32
@@ -17577,6 +17608,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/scripts/dtc/util.h
#lib/modules/KVER-ipfire/build/scripts/dtc/version_gen.h
#lib/modules/KVER-ipfire/build/scripts/export_report.pl
+#lib/modules/KVER-ipfire/build/scripts/extract-cert
#lib/modules/KVER-ipfire/build/scripts/extract-cert.c
#lib/modules/KVER-ipfire/build/scripts/extract-ikconfig
#lib/modules/KVER-ipfire/build/scripts/extract-module-sig.pl
@@ -17758,6 +17790,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/scripts/selinux/mdp/mdp.c
#lib/modules/KVER-ipfire/build/scripts/setlocalversion
#lib/modules/KVER-ipfire/build/scripts/show_delta
+#lib/modules/KVER-ipfire/build/scripts/sign-file
#lib/modules/KVER-ipfire/build/scripts/sign-file.c
#lib/modules/KVER-ipfire/build/scripts/sortextable
#lib/modules/KVER-ipfire/build/scripts/sortextable.c
@@ -18485,6 +18518,8 @@ lib/modules/KVER-ipfire/kernel
#lib/modules/KVER-ipfire/kernel/crypto/ansi_cprng.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/anubis.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/arc4.ko.xz
+#lib/modules/KVER-ipfire/kernel/crypto/asymmetric_keys
+#lib/modules/KVER-ipfire/kernel/crypto/asymmetric_keys/pkcs7_test_key.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/async_tx
#lib/modules/KVER-ipfire/kernel/crypto/async_tx/async_memcpy.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/async_tx/async_pq.ko.xz
@@ -18527,12 +18562,10 @@ lib/modules/KVER-ipfire/kernel
#lib/modules/KVER-ipfire/kernel/crypto/rmd160.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/rmd256.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/rmd320.ko.xz
-#lib/modules/KVER-ipfire/kernel/crypto/rsa_generic.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/salsa20_generic.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/seed.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/serpent_generic.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/sha3_generic.ko.xz
-#lib/modules/KVER-ipfire/kernel/crypto/sha512_generic.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/tcrypt.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/tea.ko.xz
#lib/modules/KVER-ipfire/kernel/crypto/tgr192.ko.xz
@@ -21202,7 +21235,6 @@ lib/modules/KVER-ipfire/kernel
#lib/modules/KVER-ipfire/kernel/lib/842
#lib/modules/KVER-ipfire/kernel/lib/842/842_compress.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/842/842_decompress.ko.xz
-#lib/modules/KVER-ipfire/kernel/lib/asn1_decoder.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/cordic.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/crc-itu-t.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/crc7.ko.xz
@@ -21212,9 +21244,6 @@ lib/modules/KVER-ipfire/kernel
#lib/modules/KVER-ipfire/kernel/lib/lz4/lz4hc_compress.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/lzo
#lib/modules/KVER-ipfire/kernel/lib/lzo/lzo_compress.ko.xz
-#lib/modules/KVER-ipfire/kernel/lib/mpi
-#lib/modules/KVER-ipfire/kernel/lib/mpi/mpi.ko.xz
-#lib/modules/KVER-ipfire/kernel/lib/oid_registry.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/parman.ko.xz
#lib/modules/KVER-ipfire/kernel/lib/raid6
#lib/modules/KVER-ipfire/kernel/lib/raid6/raid6_pq.ko.xz
diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae
index c0894cd1f..8c7b1f66b 100644
--- a/config/rootfiles/packages/linux-pae
+++ b/config/rootfiles/packages/linux-pae
@@ -2092,6 +2092,8 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/certs
#lib/modules/KVER-ipfire-pae/build/certs/Kconfig
#lib/modules/KVER-ipfire-pae/build/certs/Makefile
+#lib/modules/KVER-ipfire-pae/build/certs/signing_key.pem
+#lib/modules/KVER-ipfire-pae/build/certs/signing_key.x509
#lib/modules/KVER-ipfire-pae/build/crypto
#lib/modules/KVER-ipfire-pae/build/crypto/Kconfig
#lib/modules/KVER-ipfire-pae/build/crypto/Makefile
@@ -6204,6 +6206,12 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/include/config/asus/nb/wmi.h
#lib/modules/KVER-ipfire-pae/build/include/config/asus/wireless.h
#lib/modules/KVER-ipfire-pae/build/include/config/asus/wmi.h
+#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric
+#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/key
+#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/key/type.h
+#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/public
+#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/public/key
+#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/public/key/subtype.h
#lib/modules/KVER-ipfire-pae/build/include/config/async
#lib/modules/KVER-ipfire-pae/build/include/config/async/core.h
#lib/modules/KVER-ipfire-pae/build/include/config/async/memcpy.h
@@ -6862,7 +6870,9 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/glue
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/glue/helper
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/glue/helper/x86.h
+#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash.h
+#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash/info.h
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash2.h
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hmac.h
#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hw.h
@@ -9076,6 +9086,13 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/include/config/module/compress
#lib/modules/KVER-ipfire-pae/build/include/config/module/compress.h
#lib/modules/KVER-ipfire-pae/build/include/config/module/compress/xz.h
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig.h
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/all.h
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/force.h
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/hash.h
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/key.h
+#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/sha512.h
#lib/modules/KVER-ipfire-pae/build/include/config/module/srcversion
#lib/modules/KVER-ipfire-pae/build/include/config/module/srcversion/all.h
#lib/modules/KVER-ipfire-pae/build/include/config/module/unload.h
@@ -10012,6 +10029,11 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/include/config/pinctrl/lewisburg.h
#lib/modules/KVER-ipfire-pae/build/include/config/pinctrl/mcp23s08.h
#lib/modules/KVER-ipfire-pae/build/include/config/pinmux.h
+#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7
+#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/message
+#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/message/parser.h
+#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/test
+#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/test/key.h
#lib/modules/KVER-ipfire-pae/build/include/config/plx
#lib/modules/KVER-ipfire-pae/build/include/config/plx/hermes.h
#lib/modules/KVER-ipfire-pae/build/include/config/pm
@@ -11268,6 +11290,12 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/include/config/sysfs
#lib/modules/KVER-ipfire-pae/build/include/config/sysfs.h
#lib/modules/KVER-ipfire-pae/build/include/config/sysfs/syscall.h
+#lib/modules/KVER-ipfire-pae/build/include/config/system
+#lib/modules/KVER-ipfire-pae/build/include/config/system/data
+#lib/modules/KVER-ipfire-pae/build/include/config/system/data/verification.h
+#lib/modules/KVER-ipfire-pae/build/include/config/system/trusted
+#lib/modules/KVER-ipfire-pae/build/include/config/system/trusted/keyring.h
+#lib/modules/KVER-ipfire-pae/build/include/config/system/trusted/keys.h
#lib/modules/KVER-ipfire-pae/build/include/config/sysvipc
#lib/modules/KVER-ipfire-pae/build/include/config/sysvipc.h
#lib/modules/KVER-ipfire-pae/build/include/config/sysvipc/sysctl.h
@@ -12121,6 +12149,9 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/include/config/wlcore/sdio.h
#lib/modules/KVER-ipfire-pae/build/include/config/wmi
#lib/modules/KVER-ipfire-pae/build/include/config/wmi/bmof.h
+#lib/modules/KVER-ipfire-pae/build/include/config/x509
+#lib/modules/KVER-ipfire-pae/build/include/config/x509/certificate
+#lib/modules/KVER-ipfire-pae/build/include/config/x509/certificate/parser.h
#lib/modules/KVER-ipfire-pae/build/include/config/x86
#lib/modules/KVER-ipfire-pae/build/include/config/x86.h
#lib/modules/KVER-ipfire-pae/build/include/config/x86/32
@@ -17647,6 +17678,7 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/scripts/dtc/util.h
#lib/modules/KVER-ipfire-pae/build/scripts/dtc/version_gen.h
#lib/modules/KVER-ipfire-pae/build/scripts/export_report.pl
+#lib/modules/KVER-ipfire-pae/build/scripts/extract-cert
#lib/modules/KVER-ipfire-pae/build/scripts/extract-cert.c
#lib/modules/KVER-ipfire-pae/build/scripts/extract-ikconfig
#lib/modules/KVER-ipfire-pae/build/scripts/extract-module-sig.pl
@@ -17828,6 +17860,7 @@ boot/vmlinuz-KVER-ipfire-pae
#lib/modules/KVER-ipfire-pae/build/scripts/selinux/mdp/mdp.c
#lib/modules/KVER-ipfire-pae/build/scripts/setlocalversion
#lib/modules/KVER-ipfire-pae/build/scripts/show_delta
+#lib/modules/KVER-ipfire-pae/build/scripts/sign-file
#lib/modules/KVER-ipfire-pae/build/scripts/sign-file.c
#lib/modules/KVER-ipfire-pae/build/scripts/sortextable
#lib/modules/KVER-ipfire-pae/build/scripts/sortextable.c
@@ -18555,6 +18588,8 @@ lib/modules/KVER-ipfire-pae/kernel
#lib/modules/KVER-ipfire-pae/kernel/crypto/ansi_cprng.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/anubis.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/arc4.ko.xz
+#lib/modules/KVER-ipfire-pae/kernel/crypto/asymmetric_keys
+#lib/modules/KVER-ipfire-pae/kernel/crypto/asymmetric_keys/pkcs7_test_key.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/async_tx
#lib/modules/KVER-ipfire-pae/kernel/crypto/async_tx/async_memcpy.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/async_tx/async_pq.ko.xz
@@ -18597,12 +18632,10 @@ lib/modules/KVER-ipfire-pae/kernel
#lib/modules/KVER-ipfire-pae/kernel/crypto/rmd160.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/rmd256.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/rmd320.ko.xz
-#lib/modules/KVER-ipfire-pae/kernel/crypto/rsa_generic.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/salsa20_generic.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/seed.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/serpent_generic.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/sha3_generic.ko.xz
-#lib/modules/KVER-ipfire-pae/kernel/crypto/sha512_generic.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/tcrypt.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/tea.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/crypto/tgr192.ko.xz
@@ -21288,7 +21321,6 @@ lib/modules/KVER-ipfire-pae/kernel
#lib/modules/KVER-ipfire-pae/kernel/lib/842
#lib/modules/KVER-ipfire-pae/kernel/lib/842/842_compress.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/842/842_decompress.ko.xz
-#lib/modules/KVER-ipfire-pae/kernel/lib/asn1_decoder.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/cordic.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/crc-itu-t.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/crc4.ko.xz
@@ -21299,9 +21331,6 @@ lib/modules/KVER-ipfire-pae/kernel
#lib/modules/KVER-ipfire-pae/kernel/lib/lz4/lz4hc_compress.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/lzo
#lib/modules/KVER-ipfire-pae/kernel/lib/lzo/lzo_compress.ko.xz
-#lib/modules/KVER-ipfire-pae/kernel/lib/mpi
-#lib/modules/KVER-ipfire-pae/kernel/lib/mpi/mpi.ko.xz
-#lib/modules/KVER-ipfire-pae/kernel/lib/oid_registry.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/parman.ko.xz
#lib/modules/KVER-ipfire-pae/kernel/lib/raid6
#lib/modules/KVER-ipfire-pae/kernel/lib/raid6/raid6_pq.ko.xz
diff --git a/lfs/linux b/lfs/linux
index aac2c4868..9bfa49fb8 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,8 +24,8 @@
include Config
-VER = 4.14.154
-ARM_PATCHES = 4.14.154-ipfire0
+VER = 4.14.170
+ARM_PATCHES = 4.14.170-ipfire0
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
@@ -34,7 +34,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
-PAK_VER = 89
+PAK_VER = 90
DEPS = ""
HEADERS_ARCH = $(BUILD_PLATFORM)
@@ -82,8 +82,8 @@ objects =$(DL_FILE) \
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = d6cf4b51c1cd10bc48bac50f4557a0d9
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 539737e07e5634565b3f4f1b932c269b
+$(DL_FILE)_MD5 = 2e3d6daa02e422f2387e7d2352e6aca8
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 2bf7ce33777ca17fd0cc8ab6c137c656
install : $(TARGET)
@@ -178,6 +178,9 @@ else
cd $(DIR_APP) && make clean
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile
+ # Copy Module signing key configuration
+ cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey
+
# Remove modules folder if exists
rm -rf /lib/modules/$(VER)-$(VERSUFIX)
@@ -219,6 +222,9 @@ endif
cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build
cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include
+ # Copy module signing key for off tree modules
+ cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/build/certs/
+
# Install objtool
cd $(DIR_APP) && cp -a tools/objtool/objtool \
/lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || :
diff --git a/lfs/xtables-addons b/lfs/xtables-addons
index 2152fa5fd..651a13f9c 100644
--- a/lfs/xtables-addons
+++ b/lfs/xtables-addons
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -106,9 +106,14 @@ else
cd $(DIR_APP) && make $(MAKETUNING)
# Install the built kernel modules.
+ mkdir -p $(MODPATH)
cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \
- mkdir -p $(MODPATH); \
- install -m 644 $$f $(MODPATH); \
+ /lib/modules/$$(uname -r)$(KCFG)/build/scripts/sign-file sha512 \
+ /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.pem \
+ /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.x509 \
+ $$f; \
+ xz $$f; \
+ install -m 644 $$f.xz $(MODPATH); \
done
endif
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-02-06 14:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-06 14:10 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 831ff05d898cbf3484922d33573ee067782eb663 Arne Fitzenreiter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox