From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 831ff05d898cbf3484922d33573ee067782eb663 Date: Thu, 06 Feb 2020 14:10:47 +0000 Message-ID: <48D0hR6ppkz2xyZ@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2410566127190409890==" List-Id: --===============2410566127190409890== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 831ff05d898cbf3484922d33573ee067782eb663 (commit) via 198c956bb74be7eeaa919c7de3fc3ada4ca52856 (commit) from 57b17167eb6cdbc35bdcf7f6614f00d8ac50fdd1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 831ff05d898cbf3484922d33573ee067782eb663 Author: Arne Fitzenreiter Date: Thu Feb 6 15:09:52 2020 +0100 kernel: enable and enforce signed kernel modules =20 Signed-off-by: Arne Fitzenreiter commit 198c956bb74be7eeaa919c7de3fc3ada4ca52856 Author: Arne Fitzenreiter Date: Wed Feb 5 18:25:54 2020 +0100 kernel: update to 4.14.170 =20 Signed-off-by: Arne Fitzenreiter ----------------------------------------------------------------------- Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 37 ++++++++++++++++---- config/kernel/kernel.config.armv5tel-ipfire-multi | 38 +++++++++++++++++---- config/kernel/kernel.config.i586-ipfire | 41 +++++++++++++++++----= -- config/kernel/kernel.config.i586-ipfire-pae | 41 +++++++++++++++++----= -- config/kernel/kernel.config.x86_64-ipfire | 41 +++++++++++++++++----= -- config/kernel/x509.genkey | 17 ++++++++++ config/rootfiles/common/i586/linux | 41 +++++++++++++++++++--= -- config/rootfiles/packages/linux-pae | 41 +++++++++++++++++++--= -- lfs/linux | 18 ++++++---- lfs/xtables-addons | 11 ++++-- 10 files changed, 262 insertions(+), 64 deletions(-) create mode 100644 config/kernel/x509.genkey Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne= l.config.aarch64-ipfire index e79403bc7..32ad2df07 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.14.154-ipfire Kernel Configuration +# Linux/arm64 4.14.166-ipfire Kernel Configuration # CONFIG_ARM64=3Dy CONFIG_64BIT=3Dy @@ -221,7 +221,7 @@ CONFIG_SLAB_MERGE_DEFAULT=3Dy CONFIG_SLAB_FREELIST_RANDOM=3Dy CONFIG_SLAB_FREELIST_HARDENED=3Dy CONFIG_SLUB_CPU_PARTIAL=3Dy -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=3Dy # CONFIG_PROFILING is not set CONFIG_TRACEPOINTS=3Dy # CONFIG_KPROBES is not set @@ -306,7 +306,15 @@ CONFIG_MODULE_UNLOAD=3Dy # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=3Dy CONFIG_MODULE_SRCVERSION_ALL=3Dy -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=3Dy +CONFIG_MODULE_SIG_FORCE=3Dy +CONFIG_MODULE_SIG_ALL=3Dy +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=3Dy +CONFIG_MODULE_SIG_HASH=3D"sha512" CONFIG_MODULE_COMPRESS=3Dy # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=3Dy @@ -369,6 +377,7 @@ CONFIG_MQ_IOSCHED_KYBER=3Dy CONFIG_IOSCHED_BFQ=3Dy CONFIG_BFQ_GROUP_IOSCHED=3Dy CONFIG_PADATA=3Dy +CONFIG_ASN1=3Dy CONFIG_INLINE_SPIN_UNLOCK_IRQ=3Dy CONFIG_INLINE_READ_UNLOCK=3Dy CONFIG_INLINE_READ_UNLOCK_IRQ=3Dy @@ -2065,6 +2074,7 @@ CONFIG_ACENIC=3Dm # CONFIG_ACENIC_OMIT_TIGON_I is not set CONFIG_ALTERA_TSE=3Dm CONFIG_NET_VENDOR_AMAZON=3Dy +CONFIG_ENA_ETHERNET=3Dm CONFIG_NET_VENDOR_AMD=3Dy CONFIG_AMD8111_ETH=3Dm CONFIG_PCNET32=3Dm @@ -6609,6 +6619,7 @@ CONFIG_CRYPTO=3Dy # # Crypto core or helper # +# CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=3Dy CONFIG_CRYPTO_ALGAPI2=3Dy CONFIG_CRYPTO_AEAD=3Dy @@ -6621,10 +6632,11 @@ CONFIG_CRYPTO_RNG=3Dy CONFIG_CRYPTO_RNG2=3Dy CONFIG_CRYPTO_RNG_DEFAULT=3Dy CONFIG_CRYPTO_AKCIPHER2=3Dy +CONFIG_CRYPTO_AKCIPHER=3Dy CONFIG_CRYPTO_KPP2=3Dy CONFIG_CRYPTO_KPP=3Dm CONFIG_CRYPTO_ACOMP2=3Dy -# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_RSA=3Dy # CONFIG_CRYPTO_DH is not set CONFIG_CRYPTO_ECDH=3Dm CONFIG_CRYPTO_MANAGER=3Dy @@ -6741,6 +6753,7 @@ CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set +CONFIG_CRYPTO_HASH_INFO=3Dy CONFIG_CRYPTO_HW=3Dy # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set # CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set @@ -6751,11 +6764,21 @@ CONFIG_CRYPTO_DEV_ROCKCHIP=3Dy # CONFIG_CRYPTO_DEV_CHELSIO is not set CONFIG_CRYPTO_DEV_VIRTIO=3Dm # CONFIG_CRYPTO_DEV_SAFEXCEL is not set -# CONFIG_ASYMMETRIC_KEY_TYPE is not set +CONFIG_ASYMMETRIC_KEY_TYPE=3Dy +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=3Dy +CONFIG_X509_CERTIFICATE_PARSER=3Dy +CONFIG_PKCS7_MESSAGE_PARSER=3Dy +CONFIG_PKCS7_TEST_KEY=3Dm +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set =20 # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY=3D"certs/signing_key.pem" +CONFIG_SYSTEM_TRUSTED_KEYRING=3Dy +CONFIG_SYSTEM_TRUSTED_KEYS=3D"" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # CONFIG_ARM64_CRYPTO is not set CONFIG_BINARY_PRINTF=3Dy @@ -6831,11 +6854,13 @@ CONFIG_DQL=3Dy CONFIG_GLOB=3Dy # CONFIG_GLOB_SELFTEST is not set CONFIG_NLATTR=3Dy +CONFIG_CLZ_TAB=3Dy CONFIG_CORDIC=3Dm CONFIG_DDR=3Dy CONFIG_IRQ_POLL=3Dy +CONFIG_MPILIB=3Dy CONFIG_LIBFDT=3Dy -CONFIG_OID_REGISTRY=3Dm +CONFIG_OID_REGISTRY=3Dy CONFIG_UCS2_STRING=3Dy CONFIG_FONT_SUPPORT=3Dy # CONFIG_FONTS is not set diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kerne= l/kernel.config.armv5tel-ipfire-multi index 7e9de39ea..cfa766005 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.154-ipfire-multi Kernel Configuration +# Linux/arm 4.14.166-ipfire-multi Kernel Configuration # CONFIG_ARM=3Dy CONFIG_ARM_HAS_SG_CHAIN=3Dy @@ -218,7 +218,7 @@ CONFIG_SLAB_MERGE_DEFAULT=3Dy CONFIG_SLAB_FREELIST_RANDOM=3Dy CONFIG_SLAB_FREELIST_HARDENED=3Dy CONFIG_SLUB_CPU_PARTIAL=3Dy -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=3Dy # CONFIG_PROFILING is not set CONFIG_TRACEPOINTS=3Dy CONFIG_HAVE_OPROFILE=3Dy @@ -301,7 +301,15 @@ CONFIG_MODULE_UNLOAD=3Dy # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=3Dy CONFIG_MODULE_SRCVERSION_ALL=3Dy -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=3Dy +CONFIG_MODULE_SIG_FORCE=3Dy +CONFIG_MODULE_SIG_ALL=3Dy +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=3Dy +CONFIG_MODULE_SIG_HASH=3D"sha512" CONFIG_MODULE_COMPRESS=3Dy # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=3Dy @@ -363,6 +371,7 @@ CONFIG_MQ_IOSCHED_KYBER=3Dy CONFIG_IOSCHED_BFQ=3Dy CONFIG_BFQ_GROUP_IOSCHED=3Dy CONFIG_PADATA=3Dy +CONFIG_ASN1=3Dy CONFIG_INLINE_SPIN_UNLOCK_IRQ=3Dy CONFIG_INLINE_READ_UNLOCK=3Dy CONFIG_INLINE_READ_UNLOCK_IRQ=3Dy @@ -2333,6 +2342,7 @@ CONFIG_ACENIC=3Dm # CONFIG_ACENIC_OMIT_TIGON_I is not set CONFIG_ALTERA_TSE=3Dm CONFIG_NET_VENDOR_AMAZON=3Dy +CONFIG_ENA_ETHERNET=3Dm CONFIG_NET_VENDOR_AMD=3Dy CONFIG_AMD8111_ETH=3Dm CONFIG_PCNET32=3Dm @@ -7045,7 +7055,6 @@ CONFIG_ARM_UNWIND=3Dy CONFIG_OLD_MCOUNT=3Dy # CONFIG_DEBUG_USER is not set # CONFIG_DEBUG_LL is not set -CONFIG_DEBUG_IMX_UART_PORT=3D1 CONFIG_DEBUG_LL_INCLUDE=3D"mach/debug-macro.S" # CONFIG_DEBUG_UART_8250 is not set CONFIG_UNCOMPRESS_INCLUDE=3D"debug/uncompress.h" @@ -7092,6 +7101,7 @@ CONFIG_CRYPTO=3Dy # # Crypto core or helper # +# CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=3Dy CONFIG_CRYPTO_ALGAPI2=3Dy CONFIG_CRYPTO_AEAD=3Dy @@ -7104,10 +7114,11 @@ CONFIG_CRYPTO_RNG=3Dy CONFIG_CRYPTO_RNG2=3Dy CONFIG_CRYPTO_RNG_DEFAULT=3Dy CONFIG_CRYPTO_AKCIPHER2=3Dy +CONFIG_CRYPTO_AKCIPHER=3Dy CONFIG_CRYPTO_KPP2=3Dy CONFIG_CRYPTO_KPP=3Dm CONFIG_CRYPTO_ACOMP2=3Dy -# CONFIG_CRYPTO_RSA is not set +CONFIG_CRYPTO_RSA=3Dy # CONFIG_CRYPTO_DH is not set CONFIG_CRYPTO_ECDH=3Dm CONFIG_CRYPTO_MANAGER=3Dy @@ -7224,6 +7235,7 @@ CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set +CONFIG_CRYPTO_HASH_INFO=3Dy CONFIG_CRYPTO_HW=3Dy CONFIG_CRYPTO_DEV_MV_CESA=3Dm # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set @@ -7242,11 +7254,21 @@ CONFIG_CRYPTO_DEV_SUN4I_SS=3Dy CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG=3Dy CONFIG_CRYPTO_DEV_ROCKCHIP=3Dy # CONFIG_CRYPTO_DEV_CHELSIO is not set -# CONFIG_ASYMMETRIC_KEY_TYPE is not set +CONFIG_ASYMMETRIC_KEY_TYPE=3Dy +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=3Dy +CONFIG_X509_CERTIFICATE_PARSER=3Dy +CONFIG_PKCS7_MESSAGE_PARSER=3Dy +CONFIG_PKCS7_TEST_KEY=3Dm +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set =20 # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY=3D"certs/signing_key.pem" +CONFIG_SYSTEM_TRUSTED_KEYRING=3Dy +CONFIG_SYSTEM_TRUSTED_KEYS=3D"" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set CONFIG_ARM_CRYPTO=3Dy CONFIG_CRYPTO_SHA1_ARM=3Dm @@ -7327,11 +7349,13 @@ CONFIG_GLOB=3Dy # CONFIG_GLOB_SELFTEST is not set CONFIG_NLATTR=3Dy CONFIG_GENERIC_ATOMIC64=3Dy +CONFIG_CLZ_TAB=3Dy CONFIG_CORDIC=3Dm CONFIG_DDR=3Dy CONFIG_IRQ_POLL=3Dy +CONFIG_MPILIB=3Dy CONFIG_LIBFDT=3Dy -CONFIG_OID_REGISTRY=3Dm +CONFIG_OID_REGISTRY=3Dy CONFIG_FONT_SUPPORT=3Dy # CONFIG_FONTS is not set CONFIG_FONT_8x8=3Dy diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.c= onfig.i586-ipfire index 2732bba42..4bb39fc20 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.154-ipfire-pae Kernel Configuration +# Linux/x86 4.14.170-ipfire Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=3Dy @@ -233,7 +233,7 @@ CONFIG_SLAB_MERGE_DEFAULT=3Dy CONFIG_SLAB_FREELIST_RANDOM=3Dy CONFIG_SLAB_FREELIST_HARDENED=3Dy CONFIG_SLUB_CPU_PARTIAL=3Dy -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=3Dy # CONFIG_PROFILING is not set CONFIG_TRACEPOINTS=3Dy CONFIG_HOTPLUG_SMT=3Dy @@ -334,7 +334,15 @@ CONFIG_MODULE_UNLOAD=3Dy # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=3Dy CONFIG_MODULE_SRCVERSION_ALL=3Dy -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=3Dy +CONFIG_MODULE_SIG_FORCE=3Dy +CONFIG_MODULE_SIG_ALL=3Dy +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=3Dy +CONFIG_MODULE_SIG_HASH=3D"sha512" CONFIG_MODULE_COMPRESS=3Dy # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=3Dy @@ -398,7 +406,7 @@ CONFIG_IOSCHED_BFQ=3Dy CONFIG_BFQ_GROUP_IOSCHED=3Dy CONFIG_PREEMPT_NOTIFIERS=3Dy CONFIG_PADATA=3Dy -CONFIG_ASN1=3Dm +CONFIG_ASN1=3Dy CONFIG_INLINE_SPIN_UNLOCK_IRQ=3Dy CONFIG_INLINE_READ_UNLOCK=3Dy CONFIG_INLINE_READ_UNLOCK_IRQ=3Dy @@ -6703,6 +6711,7 @@ CONFIG_DOUBLEFAULT=3Dy # CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_STRESS is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=3Dy +# CONFIG_X86_DECODER_SELFTEST is not set CONFIG_IO_DELAY_TYPE_0X80=3D0 CONFIG_IO_DELAY_TYPE_0XED=3D1 CONFIG_IO_DELAY_TYPE_UDELAY=3D2 @@ -6766,6 +6775,7 @@ CONFIG_CRYPTO=3Dy # # Crypto core or helper # +# CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=3Dy CONFIG_CRYPTO_ALGAPI2=3Dy CONFIG_CRYPTO_AEAD=3Dy @@ -6778,11 +6788,11 @@ CONFIG_CRYPTO_RNG=3Dy CONFIG_CRYPTO_RNG2=3Dy CONFIG_CRYPTO_RNG_DEFAULT=3Dy CONFIG_CRYPTO_AKCIPHER2=3Dy -CONFIG_CRYPTO_AKCIPHER=3Dm +CONFIG_CRYPTO_AKCIPHER=3Dy CONFIG_CRYPTO_KPP2=3Dy CONFIG_CRYPTO_KPP=3Dm CONFIG_CRYPTO_ACOMP2=3Dy -CONFIG_CRYPTO_RSA=3Dm +CONFIG_CRYPTO_RSA=3Dy CONFIG_CRYPTO_DH=3Dm CONFIG_CRYPTO_ECDH=3Dm CONFIG_CRYPTO_MANAGER=3Dy @@ -6851,7 +6861,7 @@ CONFIG_CRYPTO_RMD256=3Dm CONFIG_CRYPTO_RMD320=3Dm CONFIG_CRYPTO_SHA1=3Dy CONFIG_CRYPTO_SHA256=3Dy -CONFIG_CRYPTO_SHA512=3Dm +CONFIG_CRYPTO_SHA512=3Dy CONFIG_CRYPTO_SHA3=3Dm CONFIG_CRYPTO_TGR192=3Dm CONFIG_CRYPTO_WP512=3Dm @@ -6908,6 +6918,7 @@ CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy CONFIG_CRYPTO_USER_API_RNG=3Dm CONFIG_CRYPTO_USER_API_AEAD=3Dm +CONFIG_CRYPTO_HASH_INFO=3Dy CONFIG_CRYPTO_HW=3Dy CONFIG_CRYPTO_DEV_PADLOCK=3Dm CONFIG_CRYPTO_DEV_PADLOCK_AES=3Dm @@ -6928,11 +6939,21 @@ CONFIG_CRYPTO_DEV_QAT_C3XXXVF=3Dm CONFIG_CRYPTO_DEV_QAT_C62XVF=3Dm CONFIG_CRYPTO_DEV_CHELSIO=3Dm CONFIG_CRYPTO_DEV_VIRTIO=3Dm -# CONFIG_ASYMMETRIC_KEY_TYPE is not set +CONFIG_ASYMMETRIC_KEY_TYPE=3Dy +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=3Dy +CONFIG_X509_CERTIFICATE_PARSER=3Dy +CONFIG_PKCS7_MESSAGE_PARSER=3Dy +CONFIG_PKCS7_TEST_KEY=3Dm +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set =20 # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY=3D"certs/signing_key.pem" +CONFIG_SYSTEM_TRUSTED_KEYRING=3Dy +CONFIG_SYSTEM_TRUSTED_KEYS=3D"" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set CONFIG_HAVE_KVM=3Dy CONFIG_HAVE_KVM_IRQCHIP=3Dy @@ -7040,8 +7061,8 @@ CONFIG_CLZ_TAB=3Dy CONFIG_CORDIC=3Dm # CONFIG_DDR is not set CONFIG_IRQ_POLL=3Dy -CONFIG_MPILIB=3Dm -CONFIG_OID_REGISTRY=3Dm +CONFIG_MPILIB=3Dy +CONFIG_OID_REGISTRY=3Dy CONFIG_UCS2_STRING=3Dy CONFIG_FONT_SUPPORT=3Dy # CONFIG_FONTS is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kern= el.config.i586-ipfire-pae index 9b53ab35c..318384613 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.154-ipfire-pae Kernel Configuration +# Linux/x86 4.14.170-ipfire-pae Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=3Dy @@ -233,7 +233,7 @@ CONFIG_SLAB_MERGE_DEFAULT=3Dy CONFIG_SLAB_FREELIST_RANDOM=3Dy CONFIG_SLAB_FREELIST_HARDENED=3Dy CONFIG_SLUB_CPU_PARTIAL=3Dy -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=3Dy # CONFIG_PROFILING is not set CONFIG_TRACEPOINTS=3Dy CONFIG_HOTPLUG_SMT=3Dy @@ -335,7 +335,15 @@ CONFIG_MODULE_UNLOAD=3Dy # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=3Dy CONFIG_MODULE_SRCVERSION_ALL=3Dy -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=3Dy +CONFIG_MODULE_SIG_FORCE=3Dy +CONFIG_MODULE_SIG_ALL=3Dy +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=3Dy +CONFIG_MODULE_SIG_HASH=3D"sha512" CONFIG_MODULE_COMPRESS=3Dy # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=3Dy @@ -399,7 +407,7 @@ CONFIG_IOSCHED_BFQ=3Dy CONFIG_BFQ_GROUP_IOSCHED=3Dy CONFIG_PREEMPT_NOTIFIERS=3Dy CONFIG_PADATA=3Dy -CONFIG_ASN1=3Dm +CONFIG_ASN1=3Dy CONFIG_INLINE_SPIN_UNLOCK_IRQ=3Dy CONFIG_INLINE_READ_UNLOCK=3Dy CONFIG_INLINE_READ_UNLOCK_IRQ=3Dy @@ -6709,6 +6717,7 @@ CONFIG_DOUBLEFAULT=3Dy # CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_STRESS is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=3Dy +# CONFIG_X86_DECODER_SELFTEST is not set CONFIG_IO_DELAY_TYPE_0X80=3D0 CONFIG_IO_DELAY_TYPE_0XED=3D1 CONFIG_IO_DELAY_TYPE_UDELAY=3D2 @@ -6772,6 +6781,7 @@ CONFIG_CRYPTO=3Dy # # Crypto core or helper # +# CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=3Dy CONFIG_CRYPTO_ALGAPI2=3Dy CONFIG_CRYPTO_AEAD=3Dy @@ -6784,11 +6794,11 @@ CONFIG_CRYPTO_RNG=3Dy CONFIG_CRYPTO_RNG2=3Dy CONFIG_CRYPTO_RNG_DEFAULT=3Dy CONFIG_CRYPTO_AKCIPHER2=3Dy -CONFIG_CRYPTO_AKCIPHER=3Dm +CONFIG_CRYPTO_AKCIPHER=3Dy CONFIG_CRYPTO_KPP2=3Dy CONFIG_CRYPTO_KPP=3Dm CONFIG_CRYPTO_ACOMP2=3Dy -CONFIG_CRYPTO_RSA=3Dm +CONFIG_CRYPTO_RSA=3Dy CONFIG_CRYPTO_DH=3Dm CONFIG_CRYPTO_ECDH=3Dm CONFIG_CRYPTO_MANAGER=3Dy @@ -6857,7 +6867,7 @@ CONFIG_CRYPTO_RMD256=3Dm CONFIG_CRYPTO_RMD320=3Dm CONFIG_CRYPTO_SHA1=3Dy CONFIG_CRYPTO_SHA256=3Dy -CONFIG_CRYPTO_SHA512=3Dm +CONFIG_CRYPTO_SHA512=3Dy CONFIG_CRYPTO_SHA3=3Dm CONFIG_CRYPTO_TGR192=3Dm CONFIG_CRYPTO_WP512=3Dm @@ -6914,6 +6924,7 @@ CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy CONFIG_CRYPTO_USER_API_RNG=3Dm CONFIG_CRYPTO_USER_API_AEAD=3Dm +CONFIG_CRYPTO_HASH_INFO=3Dy CONFIG_CRYPTO_HW=3Dy CONFIG_CRYPTO_DEV_PADLOCK=3Dm CONFIG_CRYPTO_DEV_PADLOCK_AES=3Dm @@ -6933,11 +6944,21 @@ CONFIG_CRYPTO_DEV_QAT_C3XXXVF=3Dm CONFIG_CRYPTO_DEV_QAT_C62XVF=3Dm CONFIG_CRYPTO_DEV_CHELSIO=3Dm CONFIG_CRYPTO_DEV_VIRTIO=3Dm -# CONFIG_ASYMMETRIC_KEY_TYPE is not set +CONFIG_ASYMMETRIC_KEY_TYPE=3Dy +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=3Dy +CONFIG_X509_CERTIFICATE_PARSER=3Dy +CONFIG_PKCS7_MESSAGE_PARSER=3Dy +CONFIG_PKCS7_TEST_KEY=3Dm +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set =20 # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY=3D"certs/signing_key.pem" +CONFIG_SYSTEM_TRUSTED_KEYRING=3Dy +CONFIG_SYSTEM_TRUSTED_KEYS=3D"" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set CONFIG_HAVE_KVM=3Dy CONFIG_HAVE_KVM_IRQCHIP=3Dy @@ -7045,8 +7066,8 @@ CONFIG_CLZ_TAB=3Dy CONFIG_CORDIC=3Dm # CONFIG_DDR is not set CONFIG_IRQ_POLL=3Dy -CONFIG_MPILIB=3Dm -CONFIG_OID_REGISTRY=3Dm +CONFIG_MPILIB=3Dy +CONFIG_OID_REGISTRY=3Dy CONFIG_UCS2_STRING=3Dy CONFIG_FONT_SUPPORT=3Dy # CONFIG_FONTS is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel= .config.x86_64-ipfire index 2fcf1e589..b16d13504 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.154-ipfire Kernel Configuration +# Linux/x86 4.14.170-ipfire Kernel Configuration # CONFIG_64BIT=3Dy CONFIG_X86_64=3Dy @@ -242,7 +242,7 @@ CONFIG_SLAB_MERGE_DEFAULT=3Dy CONFIG_SLAB_FREELIST_RANDOM=3Dy CONFIG_SLAB_FREELIST_HARDENED=3Dy CONFIG_SLUB_CPU_PARTIAL=3Dy -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=3Dy # CONFIG_PROFILING is not set CONFIG_TRACEPOINTS=3Dy CONFIG_HOTPLUG_SMT=3Dy @@ -354,7 +354,15 @@ CONFIG_MODULE_UNLOAD=3Dy # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=3Dy CONFIG_MODULE_SRCVERSION_ALL=3Dy -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=3Dy +CONFIG_MODULE_SIG_FORCE=3Dy +CONFIG_MODULE_SIG_ALL=3Dy +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=3Dy +CONFIG_MODULE_SIG_HASH=3D"sha512" CONFIG_MODULE_COMPRESS=3Dy # CONFIG_MODULE_COMPRESS_GZIP is not set CONFIG_MODULE_COMPRESS_XZ=3Dy @@ -418,7 +426,7 @@ CONFIG_IOSCHED_BFQ=3Dy CONFIG_BFQ_GROUP_IOSCHED=3Dy CONFIG_PREEMPT_NOTIFIERS=3Dy CONFIG_PADATA=3Dy -CONFIG_ASN1=3Dm +CONFIG_ASN1=3Dy CONFIG_INLINE_SPIN_UNLOCK_IRQ=3Dy CONFIG_INLINE_READ_UNLOCK=3Dy CONFIG_INLINE_READ_UNLOCK_IRQ=3Dy @@ -6565,6 +6573,7 @@ CONFIG_DOUBLEFAULT=3Dy # CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_STRESS is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=3Dy +# CONFIG_X86_DECODER_SELFTEST is not set CONFIG_IO_DELAY_TYPE_0X80=3D0 CONFIG_IO_DELAY_TYPE_0XED=3D1 CONFIG_IO_DELAY_TYPE_UDELAY=3D2 @@ -6630,6 +6639,7 @@ CONFIG_CRYPTO=3Dy # # Crypto core or helper # +# CONFIG_CRYPTO_FIPS is not set CONFIG_CRYPTO_ALGAPI=3Dy CONFIG_CRYPTO_ALGAPI2=3Dy CONFIG_CRYPTO_AEAD=3Dy @@ -6642,11 +6652,11 @@ CONFIG_CRYPTO_RNG=3Dy CONFIG_CRYPTO_RNG2=3Dy CONFIG_CRYPTO_RNG_DEFAULT=3Dy CONFIG_CRYPTO_AKCIPHER2=3Dy -CONFIG_CRYPTO_AKCIPHER=3Dm +CONFIG_CRYPTO_AKCIPHER=3Dy CONFIG_CRYPTO_KPP2=3Dy CONFIG_CRYPTO_KPP=3Dm CONFIG_CRYPTO_ACOMP2=3Dy -CONFIG_CRYPTO_RSA=3Dm +CONFIG_CRYPTO_RSA=3Dy CONFIG_CRYPTO_DH=3Dm CONFIG_CRYPTO_ECDH=3Dm CONFIG_CRYPTO_MANAGER=3Dy @@ -6723,7 +6733,7 @@ CONFIG_CRYPTO_SHA1_MB=3Dm CONFIG_CRYPTO_SHA256_MB=3Dm CONFIG_CRYPTO_SHA512_MB=3Dm CONFIG_CRYPTO_SHA256=3Dy -CONFIG_CRYPTO_SHA512=3Dm +CONFIG_CRYPTO_SHA512=3Dy CONFIG_CRYPTO_SHA3=3Dm CONFIG_CRYPTO_TGR192=3Dm CONFIG_CRYPTO_WP512=3Dm @@ -6793,6 +6803,7 @@ CONFIG_CRYPTO_USER_API_HASH=3Dy CONFIG_CRYPTO_USER_API_SKCIPHER=3Dy CONFIG_CRYPTO_USER_API_RNG=3Dm CONFIG_CRYPTO_USER_API_AEAD=3Dm +CONFIG_CRYPTO_HASH_INFO=3Dy CONFIG_CRYPTO_HW=3Dy CONFIG_CRYPTO_DEV_PADLOCK=3Dm CONFIG_CRYPTO_DEV_PADLOCK_AES=3Dm @@ -6813,11 +6824,21 @@ CONFIG_CRYPTO_DEV_NITROX=3Dm CONFIG_CRYPTO_DEV_NITROX_CNN55XX=3Dm CONFIG_CRYPTO_DEV_CHELSIO=3Dm CONFIG_CRYPTO_DEV_VIRTIO=3Dm -# CONFIG_ASYMMETRIC_KEY_TYPE is not set +CONFIG_ASYMMETRIC_KEY_TYPE=3Dy +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=3Dy +CONFIG_X509_CERTIFICATE_PARSER=3Dy +CONFIG_PKCS7_MESSAGE_PARSER=3Dy +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set =20 # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY=3D"certs/signing_key.pem" +CONFIG_SYSTEM_TRUSTED_KEYRING=3Dy +CONFIG_SYSTEM_TRUSTED_KEYS=3D"" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set CONFIG_HAVE_KVM=3Dy CONFIG_HAVE_KVM_IRQCHIP=3Dy @@ -6925,8 +6946,8 @@ CONFIG_CLZ_TAB=3Dy CONFIG_CORDIC=3Dm # CONFIG_DDR is not set CONFIG_IRQ_POLL=3Dy -CONFIG_MPILIB=3Dm -CONFIG_OID_REGISTRY=3Dm +CONFIG_MPILIB=3Dy +CONFIG_OID_REGISTRY=3Dy CONFIG_UCS2_STRING=3Dy CONFIG_FONT_SUPPORT=3Dy # CONFIG_FONTS is not set diff --git a/config/kernel/x509.genkey b/config/kernel/x509.genkey new file mode 100644 index 000000000..9640ec6d0 --- /dev/null +++ b/config/kernel/x509.genkey @@ -0,0 +1,17 @@ +[ req ] +default_bits =3D 4096 +distinguished_name =3D req_distinguished_name +prompt =3D no +string_mask =3D utf8only +x509_extensions =3D myexts + +[ req_distinguished_name ] +O =3D IPFire.org +CN =3D Build time autogenerated kernel key +emailAddress =3D development(a)lists.ipfire.org + +[ myexts ] +basicConstraints=3Dcritical,CA:FALSE +keyUsage=3DdigitalSignature +subjectKeyIdentifier=3Dhash +authorityKeyIdentifier=3Dkeyid diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i58= 6/linux index 684dbe07b..e65260974 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -2092,6 +2092,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/certs #lib/modules/KVER-ipfire/build/certs/Kconfig #lib/modules/KVER-ipfire/build/certs/Makefile +#lib/modules/KVER-ipfire/build/certs/signing_key.pem +#lib/modules/KVER-ipfire/build/certs/signing_key.x509 #lib/modules/KVER-ipfire/build/crypto #lib/modules/KVER-ipfire/build/crypto/Kconfig #lib/modules/KVER-ipfire/build/crypto/Makefile @@ -6198,6 +6200,12 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/asus/nb/wmi.h #lib/modules/KVER-ipfire/build/include/config/asus/wireless.h #lib/modules/KVER-ipfire/build/include/config/asus/wmi.h +#lib/modules/KVER-ipfire/build/include/config/asymmetric +#lib/modules/KVER-ipfire/build/include/config/asymmetric/key +#lib/modules/KVER-ipfire/build/include/config/asymmetric/key/type.h +#lib/modules/KVER-ipfire/build/include/config/asymmetric/public +#lib/modules/KVER-ipfire/build/include/config/asymmetric/public/key +#lib/modules/KVER-ipfire/build/include/config/asymmetric/public/key/subtype.h #lib/modules/KVER-ipfire/build/include/config/async #lib/modules/KVER-ipfire/build/include/config/async/core.h #lib/modules/KVER-ipfire/build/include/config/async/memcpy.h @@ -6853,7 +6861,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/crypto/glue #lib/modules/KVER-ipfire/build/include/config/crypto/glue/helper #lib/modules/KVER-ipfire/build/include/config/crypto/glue/helper/x86.h +#lib/modules/KVER-ipfire/build/include/config/crypto/hash #lib/modules/KVER-ipfire/build/include/config/crypto/hash.h +#lib/modules/KVER-ipfire/build/include/config/crypto/hash/info.h #lib/modules/KVER-ipfire/build/include/config/crypto/hash2.h #lib/modules/KVER-ipfire/build/include/config/crypto/hmac.h #lib/modules/KVER-ipfire/build/include/config/crypto/hw.h @@ -9077,6 +9087,13 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/module/compress #lib/modules/KVER-ipfire/build/include/config/module/compress.h #lib/modules/KVER-ipfire/build/include/config/module/compress/xz.h +#lib/modules/KVER-ipfire/build/include/config/module/sig +#lib/modules/KVER-ipfire/build/include/config/module/sig.h +#lib/modules/KVER-ipfire/build/include/config/module/sig/all.h +#lib/modules/KVER-ipfire/build/include/config/module/sig/force.h +#lib/modules/KVER-ipfire/build/include/config/module/sig/hash.h +#lib/modules/KVER-ipfire/build/include/config/module/sig/key.h +#lib/modules/KVER-ipfire/build/include/config/module/sig/sha512.h #lib/modules/KVER-ipfire/build/include/config/module/srcversion #lib/modules/KVER-ipfire/build/include/config/module/srcversion/all.h #lib/modules/KVER-ipfire/build/include/config/module/unload.h @@ -10008,6 +10025,11 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/pinctrl/lewisburg.h #lib/modules/KVER-ipfire/build/include/config/pinctrl/mcp23s08.h #lib/modules/KVER-ipfire/build/include/config/pinmux.h +#lib/modules/KVER-ipfire/build/include/config/pkcs7 +#lib/modules/KVER-ipfire/build/include/config/pkcs7/message +#lib/modules/KVER-ipfire/build/include/config/pkcs7/message/parser.h +#lib/modules/KVER-ipfire/build/include/config/pkcs7/test +#lib/modules/KVER-ipfire/build/include/config/pkcs7/test/key.h #lib/modules/KVER-ipfire/build/include/config/plx #lib/modules/KVER-ipfire/build/include/config/plx/hermes.h #lib/modules/KVER-ipfire/build/include/config/pm @@ -11265,6 +11287,12 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sysfs #lib/modules/KVER-ipfire/build/include/config/sysfs.h #lib/modules/KVER-ipfire/build/include/config/sysfs/syscall.h +#lib/modules/KVER-ipfire/build/include/config/system +#lib/modules/KVER-ipfire/build/include/config/system/data +#lib/modules/KVER-ipfire/build/include/config/system/data/verification.h +#lib/modules/KVER-ipfire/build/include/config/system/trusted +#lib/modules/KVER-ipfire/build/include/config/system/trusted/keyring.h +#lib/modules/KVER-ipfire/build/include/config/system/trusted/keys.h #lib/modules/KVER-ipfire/build/include/config/sysvipc #lib/modules/KVER-ipfire/build/include/config/sysvipc.h #lib/modules/KVER-ipfire/build/include/config/sysvipc/sysctl.h @@ -12118,6 +12146,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/wlcore/sdio.h #lib/modules/KVER-ipfire/build/include/config/wmi #lib/modules/KVER-ipfire/build/include/config/wmi/bmof.h +#lib/modules/KVER-ipfire/build/include/config/x509 +#lib/modules/KVER-ipfire/build/include/config/x509/certificate +#lib/modules/KVER-ipfire/build/include/config/x509/certificate/parser.h #lib/modules/KVER-ipfire/build/include/config/x86 #lib/modules/KVER-ipfire/build/include/config/x86.h #lib/modules/KVER-ipfire/build/include/config/x86/32 @@ -17577,6 +17608,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/scripts/dtc/util.h #lib/modules/KVER-ipfire/build/scripts/dtc/version_gen.h #lib/modules/KVER-ipfire/build/scripts/export_report.pl +#lib/modules/KVER-ipfire/build/scripts/extract-cert #lib/modules/KVER-ipfire/build/scripts/extract-cert.c #lib/modules/KVER-ipfire/build/scripts/extract-ikconfig #lib/modules/KVER-ipfire/build/scripts/extract-module-sig.pl @@ -17758,6 +17790,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/scripts/selinux/mdp/mdp.c #lib/modules/KVER-ipfire/build/scripts/setlocalversion #lib/modules/KVER-ipfire/build/scripts/show_delta +#lib/modules/KVER-ipfire/build/scripts/sign-file #lib/modules/KVER-ipfire/build/scripts/sign-file.c #lib/modules/KVER-ipfire/build/scripts/sortextable #lib/modules/KVER-ipfire/build/scripts/sortextable.c @@ -18485,6 +18518,8 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/crypto/ansi_cprng.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/anubis.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/arc4.ko.xz +#lib/modules/KVER-ipfire/kernel/crypto/asymmetric_keys +#lib/modules/KVER-ipfire/kernel/crypto/asymmetric_keys/pkcs7_test_key.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/async_tx #lib/modules/KVER-ipfire/kernel/crypto/async_tx/async_memcpy.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/async_tx/async_pq.ko.xz @@ -18527,12 +18562,10 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/crypto/rmd160.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/rmd256.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/rmd320.ko.xz -#lib/modules/KVER-ipfire/kernel/crypto/rsa_generic.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/salsa20_generic.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/seed.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/serpent_generic.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/sha3_generic.ko.xz -#lib/modules/KVER-ipfire/kernel/crypto/sha512_generic.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/tcrypt.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/tea.ko.xz #lib/modules/KVER-ipfire/kernel/crypto/tgr192.ko.xz @@ -21202,7 +21235,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/lib/842 #lib/modules/KVER-ipfire/kernel/lib/842/842_compress.ko.xz #lib/modules/KVER-ipfire/kernel/lib/842/842_decompress.ko.xz -#lib/modules/KVER-ipfire/kernel/lib/asn1_decoder.ko.xz #lib/modules/KVER-ipfire/kernel/lib/cordic.ko.xz #lib/modules/KVER-ipfire/kernel/lib/crc-itu-t.ko.xz #lib/modules/KVER-ipfire/kernel/lib/crc7.ko.xz @@ -21212,9 +21244,6 @@ lib/modules/KVER-ipfire/kernel #lib/modules/KVER-ipfire/kernel/lib/lz4/lz4hc_compress.ko.xz #lib/modules/KVER-ipfire/kernel/lib/lzo #lib/modules/KVER-ipfire/kernel/lib/lzo/lzo_compress.ko.xz -#lib/modules/KVER-ipfire/kernel/lib/mpi -#lib/modules/KVER-ipfire/kernel/lib/mpi/mpi.ko.xz -#lib/modules/KVER-ipfire/kernel/lib/oid_registry.ko.xz #lib/modules/KVER-ipfire/kernel/lib/parman.ko.xz #lib/modules/KVER-ipfire/kernel/lib/raid6 #lib/modules/KVER-ipfire/kernel/lib/raid6/raid6_pq.ko.xz diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/= linux-pae index c0894cd1f..8c7b1f66b 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -2092,6 +2092,8 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/certs #lib/modules/KVER-ipfire-pae/build/certs/Kconfig #lib/modules/KVER-ipfire-pae/build/certs/Makefile +#lib/modules/KVER-ipfire-pae/build/certs/signing_key.pem +#lib/modules/KVER-ipfire-pae/build/certs/signing_key.x509 #lib/modules/KVER-ipfire-pae/build/crypto #lib/modules/KVER-ipfire-pae/build/crypto/Kconfig #lib/modules/KVER-ipfire-pae/build/crypto/Makefile @@ -6204,6 +6206,12 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/asus/nb/wmi.h #lib/modules/KVER-ipfire-pae/build/include/config/asus/wireless.h #lib/modules/KVER-ipfire-pae/build/include/config/asus/wmi.h +#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric +#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/key +#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/key/type.h +#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/public +#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/public/key +#lib/modules/KVER-ipfire-pae/build/include/config/asymmetric/public/key/subt= ype.h #lib/modules/KVER-ipfire-pae/build/include/config/async #lib/modules/KVER-ipfire-pae/build/include/config/async/core.h #lib/modules/KVER-ipfire-pae/build/include/config/async/memcpy.h @@ -6862,7 +6870,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/crypto/glue #lib/modules/KVER-ipfire-pae/build/include/config/crypto/glue/helper #lib/modules/KVER-ipfire-pae/build/include/config/crypto/glue/helper/x86.h +#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash #lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash.h +#lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash/info.h #lib/modules/KVER-ipfire-pae/build/include/config/crypto/hash2.h #lib/modules/KVER-ipfire-pae/build/include/config/crypto/hmac.h #lib/modules/KVER-ipfire-pae/build/include/config/crypto/hw.h @@ -9076,6 +9086,13 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/module/compress #lib/modules/KVER-ipfire-pae/build/include/config/module/compress.h #lib/modules/KVER-ipfire-pae/build/include/config/module/compress/xz.h +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig.h +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/all.h +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/force.h +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/hash.h +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/key.h +#lib/modules/KVER-ipfire-pae/build/include/config/module/sig/sha512.h #lib/modules/KVER-ipfire-pae/build/include/config/module/srcversion #lib/modules/KVER-ipfire-pae/build/include/config/module/srcversion/all.h #lib/modules/KVER-ipfire-pae/build/include/config/module/unload.h @@ -10012,6 +10029,11 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/pinctrl/lewisburg.h #lib/modules/KVER-ipfire-pae/build/include/config/pinctrl/mcp23s08.h #lib/modules/KVER-ipfire-pae/build/include/config/pinmux.h +#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7 +#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/message +#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/message/parser.h +#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/test +#lib/modules/KVER-ipfire-pae/build/include/config/pkcs7/test/key.h #lib/modules/KVER-ipfire-pae/build/include/config/plx #lib/modules/KVER-ipfire-pae/build/include/config/plx/hermes.h #lib/modules/KVER-ipfire-pae/build/include/config/pm @@ -11268,6 +11290,12 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/sysfs #lib/modules/KVER-ipfire-pae/build/include/config/sysfs.h #lib/modules/KVER-ipfire-pae/build/include/config/sysfs/syscall.h +#lib/modules/KVER-ipfire-pae/build/include/config/system +#lib/modules/KVER-ipfire-pae/build/include/config/system/data +#lib/modules/KVER-ipfire-pae/build/include/config/system/data/verification.h +#lib/modules/KVER-ipfire-pae/build/include/config/system/trusted +#lib/modules/KVER-ipfire-pae/build/include/config/system/trusted/keyring.h +#lib/modules/KVER-ipfire-pae/build/include/config/system/trusted/keys.h #lib/modules/KVER-ipfire-pae/build/include/config/sysvipc #lib/modules/KVER-ipfire-pae/build/include/config/sysvipc.h #lib/modules/KVER-ipfire-pae/build/include/config/sysvipc/sysctl.h @@ -12121,6 +12149,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/wlcore/sdio.h #lib/modules/KVER-ipfire-pae/build/include/config/wmi #lib/modules/KVER-ipfire-pae/build/include/config/wmi/bmof.h +#lib/modules/KVER-ipfire-pae/build/include/config/x509 +#lib/modules/KVER-ipfire-pae/build/include/config/x509/certificate +#lib/modules/KVER-ipfire-pae/build/include/config/x509/certificate/parser.h #lib/modules/KVER-ipfire-pae/build/include/config/x86 #lib/modules/KVER-ipfire-pae/build/include/config/x86.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/32 @@ -17647,6 +17678,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/scripts/dtc/util.h #lib/modules/KVER-ipfire-pae/build/scripts/dtc/version_gen.h #lib/modules/KVER-ipfire-pae/build/scripts/export_report.pl +#lib/modules/KVER-ipfire-pae/build/scripts/extract-cert #lib/modules/KVER-ipfire-pae/build/scripts/extract-cert.c #lib/modules/KVER-ipfire-pae/build/scripts/extract-ikconfig #lib/modules/KVER-ipfire-pae/build/scripts/extract-module-sig.pl @@ -17828,6 +17860,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/scripts/selinux/mdp/mdp.c #lib/modules/KVER-ipfire-pae/build/scripts/setlocalversion #lib/modules/KVER-ipfire-pae/build/scripts/show_delta +#lib/modules/KVER-ipfire-pae/build/scripts/sign-file #lib/modules/KVER-ipfire-pae/build/scripts/sign-file.c #lib/modules/KVER-ipfire-pae/build/scripts/sortextable #lib/modules/KVER-ipfire-pae/build/scripts/sortextable.c @@ -18555,6 +18588,8 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/crypto/ansi_cprng.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/anubis.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/arc4.ko.xz +#lib/modules/KVER-ipfire-pae/kernel/crypto/asymmetric_keys +#lib/modules/KVER-ipfire-pae/kernel/crypto/asymmetric_keys/pkcs7_test_key.ko= .xz #lib/modules/KVER-ipfire-pae/kernel/crypto/async_tx #lib/modules/KVER-ipfire-pae/kernel/crypto/async_tx/async_memcpy.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/async_tx/async_pq.ko.xz @@ -18597,12 +18632,10 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/crypto/rmd160.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/rmd256.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/rmd320.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/crypto/rsa_generic.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/salsa20_generic.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/seed.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/serpent_generic.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/sha3_generic.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/crypto/sha512_generic.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/tcrypt.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/tea.ko.xz #lib/modules/KVER-ipfire-pae/kernel/crypto/tgr192.ko.xz @@ -21288,7 +21321,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/lib/842 #lib/modules/KVER-ipfire-pae/kernel/lib/842/842_compress.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/842/842_decompress.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/lib/asn1_decoder.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/cordic.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/crc-itu-t.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/crc4.ko.xz @@ -21299,9 +21331,6 @@ lib/modules/KVER-ipfire-pae/kernel #lib/modules/KVER-ipfire-pae/kernel/lib/lz4/lz4hc_compress.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/lzo #lib/modules/KVER-ipfire-pae/kernel/lib/lzo/lzo_compress.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/lib/mpi -#lib/modules/KVER-ipfire-pae/kernel/lib/mpi/mpi.ko.xz -#lib/modules/KVER-ipfire-pae/kernel/lib/oid_registry.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/parman.ko.xz #lib/modules/KVER-ipfire-pae/kernel/lib/raid6 #lib/modules/KVER-ipfire-pae/kernel/lib/raid6/raid6_pq.ko.xz diff --git a/lfs/linux b/lfs/linux index aac2c4868..9bfa49fb8 100644 --- a/lfs/linux +++ b/lfs/linux @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2019 IPFire Team = # +# Copyright (C) 2007-2020 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,8 +24,8 @@ =20 include Config =20 -VER =3D 4.14.154 -ARM_PATCHES =3D 4.14.154-ipfire0 +VER =3D 4.14.170 +ARM_PATCHES =3D 4.14.170-ipfire0 =20 THISAPP =3D linux-$(VER) DL_FILE =3D linux-$(VER).tar.xz @@ -34,7 +34,7 @@ DIR_APP =3D $(DIR_SRC)/$(THISAPP) CFLAGS =3D CXXFLAGS =3D =20 -PAK_VER =3D 89 +PAK_VER =3D 90 DEPS =3D "" =20 HEADERS_ARCH =3D $(BUILD_PLATFORM) @@ -82,8 +82,8 @@ objects =3D$(DL_FILE) \ $(DL_FILE) =3D $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz =3D $(URL_IPFIRE)/arm-multi-patche= s-$(ARM_PATCHES).patch.xz =20 -$(DL_FILE)_MD5 =3D d6cf4b51c1cd10bc48bac50f4557a0d9 -arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 =3D 539737e07e5634565b3f4f1b93= 2c269b +$(DL_FILE)_MD5 =3D 2e3d6daa02e422f2387e7d2352e6aca8 +arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 =3D 2bf7ce33777ca17fd0cc8ab6c1= 37c656 =20 install : $(TARGET) =20 @@ -178,6 +178,9 @@ else cd $(DIR_APP) && make clean cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =3D.*/EXTRAVERSION\ =3D\ -$(VER= SUFIX)/' Makefile =20 + # Copy Module signing key configuration + cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey + # Remove modules folder if exists rm -rf /lib/modules/$(VER)-$(VERSUFIX) =20 @@ -219,6 +222,9 @@ endif cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/= $(VER)-$(VERSUFIX)/build cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include =20 + # Copy module signing key for off tree modules + cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/= build/certs/ + # Install objtool cd $(DIR_APP) && cp -a tools/objtool/objtool \ /lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || : diff --git a/lfs/xtables-addons b/lfs/xtables-addons index 2152fa5fd..651a13f9c 100644 --- a/lfs/xtables-addons +++ b/lfs/xtables-addons @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2018 IPFire Team = # +# Copyright (C) 2007-2020 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -106,9 +106,14 @@ else cd $(DIR_APP) && make $(MAKETUNING) =20 # Install the built kernel modules. + mkdir -p $(MODPATH) cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \ - mkdir -p $(MODPATH); \ - install -m 644 $$f $(MODPATH); \ + /lib/modules/$$(uname -r)$(KCFG)/build/scripts/sign-file sha512 \ + /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.pem \ + /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.x509 \ + $$f; \ + xz $$f; \ + install -m 644 $$f.xz $(MODPATH); \ done endif =20 hooks/post-receive -- IPFire 2.x development tree --===============2410566127190409890==--