From c97a188a25292c8ea2505c9d881bc198e6c20552 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 3 Jun 2014 20:39:28 -0300 Subject: linux-libre-3.14.5-1: updating version --- ...0004-fs-Don-t-return-0-from-get_anon_bdev.patch | 44 ---------------------- ...h-correct-mac_len-in-skb_network_protocol.patch | 13 ------- libre/linux-libre/PKGBUILD | 23 +++-------- 3 files changed, 5 insertions(+), 75 deletions(-) delete mode 100644 libre/linux-libre/0004-fs-Don-t-return-0-from-get_anon_bdev.patch delete mode 100644 libre/linux-libre/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch (limited to 'libre') diff --git a/libre/linux-libre/0004-fs-Don-t-return-0-from-get_anon_bdev.patch b/libre/linux-libre/0004-fs-Don-t-return-0-from-get_anon_bdev.patch deleted file mode 100644 index 5e4a27f06..000000000 --- a/libre/linux-libre/0004-fs-Don-t-return-0-from-get_anon_bdev.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 835a463e190af87a36df681863db7c3ea7ba0d66 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Thomas=20B=C3=A4chler?= -Date: Thu, 3 Apr 2014 21:55:37 +0200 -Subject: [PATCH 04/10] fs: Don't return 0 from get_anon_bdev -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 9e30cc9595303b27b48 removed an internal mount. This -has the side-effect that rootfs now has FSID 0. Many -userspace utilities assume that st_dev in struct stat -is never 0, so this change breaks a number of tools in -early userspace. - -Since we don't know how many userspace programs are affected, -make sure that FSID is at least 1. - -References: http://article.gmane.org/gmane.linux.kernel/1666905 -References: http://permalink.gmane.org/gmane.linux.utilities.util-linux-ng/8557 -Cc: 3.14 -Signed-off-by: Thomas Bächler ---- - fs/super.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/fs/super.c b/fs/super.c -index 80d5cf2..7624267 100644 ---- a/fs/super.c -+++ b/fs/super.c -@@ -802,7 +802,10 @@ void emergency_remount(void) - - static DEFINE_IDA(unnamed_dev_ida); - static DEFINE_SPINLOCK(unnamed_dev_lock);/* protects the above */ --static int unnamed_dev_start = 0; /* don't bother trying below it */ -+/* Many userspace utilities consider an FSID of 0 invalid. -+ * Always return at least 1 from get_anon_bdev. -+ */ -+static int unnamed_dev_start = 1; - - int get_anon_bdev(dev_t *p) - { --- -1.9.2 - diff --git a/libre/linux-libre/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch b/libre/linux-libre/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch deleted file mode 100644 index 2840f190c..000000000 --- a/libre/linux-libre/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/net/core/dev.c b/net/core/dev.c -index 45fa2f1..6088927 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2289,7 +2289,7 @@ EXPORT_SYMBOL(skb_checksum_help); - __be16 skb_network_protocol(struct sk_buff *skb, int *depth) - { - __be16 type = skb->protocol; -- int vlan_depth = ETH_HLEN; -+ int vlan_depth = skb->mac_len; - - /* Tunnel gso handlers can set protocol to ethernet. */ - if (type == htons(ETH_P_TEB)) { diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD index d6b5755dc..9f0dda4ef 100644 --- a/libre/linux-libre/PKGBUILD +++ b/libre/linux-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 212338 2014-05-13 15:06:31Z tpowa $ +# $Id: PKGBUILD 213942 2014-06-01 05:52:43Z tpowa $ # Maintainer (Arch): Tobias Powalowski # Maintainer (Arch): Thomas Baechler # Maintainer: André Silva @@ -10,10 +10,10 @@ pkgbase=linux-libre # Build stock -LIBRE kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.14 -_sublevel=4 +_sublevel=5 pkgver=${_basekernel}.${_sublevel} pkgrel=1 -_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.5 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -32,17 +32,15 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0001-Bluetooth-allocate-static-minor-for-vhci.patch' '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch' '0003-module-remove-MODULE_GENERIC_TABLE.patch' - '0004-fs-Don-t-return-0-from-get_anon_bdev.patch' '0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch' '0006-genksyms-fix-typeof-handling.patch' '0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch' '0011-kernfs-fix-removed-error-check.patch' '0012-fix-saa7134.patch' - '0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch' '0015-fix-xsdt-validation.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' - '01de5e15a2081197859e617c441de5cac9ddf60bed6fcf4dcff7a54e210e7815' + '0bc9acbcc6d5fcabcc133a767c55e3040475e950ef80f866038d4ba0033e78d8' '71891ae6903598f4686e86fdb0d371ff9e179e8dac1d2cf60ca16c5190916745' 'fca0060bde385e2c292489087af0aa5f48da594221a6d162fc6f8ba2159571e8' 'dfe01c93d83cdac9ca502715ceb6ac9502d327c939fec2e3052a5a58422dc176' @@ -53,15 +51,13 @@ sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02' '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29' '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d' - '1e1ae0f31f722e80da083ecada1f1be57f9ddad133941820c4483b0240e494c1' '3fffb01cf97a5a7ab9601cb277d2468c0fb1e1cceba4225915f3ffae3a5694ec' 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7' 'c0af4622f75c89fef62183e18b7d49998228d4eaa906c6accaf4aa4ff0134f85' '04f44bf5c181d6dc31905937c1bdccb0f5aecaad3a579e99b302502b9cbe0f7a' '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18' - 'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be' '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4' - '43d975e9c9c68de131005a87c3c755fadef1eaed6c551bcafd08f2746f9d71fd') + '4f1db7c68dbff6d80258de4074af46b989cedcda175776b567cd4658b33c9f99') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -96,10 +92,6 @@ prepare() { patch -p1 -i "${srcdir}/0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch" patch -p1 -i "${srcdir}/0003-module-remove-MODULE_GENERIC_TABLE.patch" - # Fix various bugs caused by rootfs having FSID 0 - # See http://www.spinics.net/lists/kernel/msg1716924.html - patch -p1 -i "${srcdir}/0004-fs-Don-t-return-0-from-get_anon_bdev.patch" - # Disable usb autosuspend for intel btusb # See http://www.spinics.net/lists/kernel/msg1716461.html # Until a solution is found, make sure the driver leaves autosuspend alone @@ -122,11 +114,6 @@ prepare() { # https://bugzilla.kernel.org/show_bug.cgi?id=73361 patch -Np1 -i "${srcdir}/0012-fix-saa7134.patch" - # fix tun/openvpn performance - # https://bugs.archlinux.org/task/40089 - # https://bugzilla.kernel.org/show_bug.cgi?id=74051 - patch -Np1 -i "${srcdir}/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch" - # fix xsdt validation bug # https://bugs.archlinux.org/task/39811 # https://bugzilla.kernel.org/show_bug.cgi?id=73911 -- cgit v1.2.3-54-g00ecf From 8ddbba3b99414afc8c51b2702b21b1f03f99fff3 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 3 Jun 2014 20:40:42 -0300 Subject: linux-libre-grsec-3.14.5.201406021708-1: updating version --- ...0004-fs-Don-t-return-0-from-get_anon_bdev.patch | 44 ---------------------- ...h-correct-mac_len-in-skb_network_protocol.patch | 13 ------- libre/linux-libre-grsec/PKGBUILD | 27 ++++--------- 3 files changed, 7 insertions(+), 77 deletions(-) delete mode 100644 libre/linux-libre-grsec/0004-fs-Don-t-return-0-from-get_anon_bdev.patch delete mode 100644 libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch (limited to 'libre') diff --git a/libre/linux-libre-grsec/0004-fs-Don-t-return-0-from-get_anon_bdev.patch b/libre/linux-libre-grsec/0004-fs-Don-t-return-0-from-get_anon_bdev.patch deleted file mode 100644 index 5e4a27f06..000000000 --- a/libre/linux-libre-grsec/0004-fs-Don-t-return-0-from-get_anon_bdev.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 835a463e190af87a36df681863db7c3ea7ba0d66 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Thomas=20B=C3=A4chler?= -Date: Thu, 3 Apr 2014 21:55:37 +0200 -Subject: [PATCH 04/10] fs: Don't return 0 from get_anon_bdev -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 9e30cc9595303b27b48 removed an internal mount. This -has the side-effect that rootfs now has FSID 0. Many -userspace utilities assume that st_dev in struct stat -is never 0, so this change breaks a number of tools in -early userspace. - -Since we don't know how many userspace programs are affected, -make sure that FSID is at least 1. - -References: http://article.gmane.org/gmane.linux.kernel/1666905 -References: http://permalink.gmane.org/gmane.linux.utilities.util-linux-ng/8557 -Cc: 3.14 -Signed-off-by: Thomas Bächler ---- - fs/super.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/fs/super.c b/fs/super.c -index 80d5cf2..7624267 100644 ---- a/fs/super.c -+++ b/fs/super.c -@@ -802,7 +802,10 @@ void emergency_remount(void) - - static DEFINE_IDA(unnamed_dev_ida); - static DEFINE_SPINLOCK(unnamed_dev_lock);/* protects the above */ --static int unnamed_dev_start = 0; /* don't bother trying below it */ -+/* Many userspace utilities consider an FSID of 0 invalid. -+ * Always return at least 1 from get_anon_bdev. -+ */ -+static int unnamed_dev_start = 1; - - int get_anon_bdev(dev_t *p) - { --- -1.9.2 - diff --git a/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch b/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch deleted file mode 100644 index 2840f190c..000000000 --- a/libre/linux-libre-grsec/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/net/core/dev.c b/net/core/dev.c -index 45fa2f1..6088927 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2289,7 +2289,7 @@ EXPORT_SYMBOL(skb_checksum_help); - __be16 skb_network_protocol(struct sk_buff *skb, int *depth) - { - __be16 type = skb->protocol; -- int vlan_depth = ETH_HLEN; -+ int vlan_depth = skb->mac_len; - - /* Tunnel gso handlers can set protocol to ethernet. */ - if (type == htons(ETH_P_TEB)) { diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 582efe043..154cbc40e 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -12,13 +12,13 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.14 -_sublevel=4 +_sublevel=5 _grsecver=3.0 -_timestamp=201405281922 +_timestamp=201406021708 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} pkgrel=1 -_lxopkgver=${_basekernel}.4 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.5 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') @@ -39,19 +39,17 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0001-Bluetooth-allocate-static-minor-for-vhci.patch' '0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch' '0003-module-remove-MODULE_GENERIC_TABLE.patch' - '0004-fs-Don-t-return-0-from-get_anon_bdev.patch' '0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch' '0006-genksyms-fix-typeof-handling.patch' '0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch' '0011-kernfs-fix-removed-error-check.patch' '0012-fix-saa7134.patch' - '0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch' '0015-fix-xsdt-validation.patch' 'sysctl.conf' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' - '01de5e15a2081197859e617c441de5cac9ddf60bed6fcf4dcff7a54e210e7815' - '5b1a2efe49736d3b0417f3b76df779de4166fe5890489491e1d0b99fed653b57' + '0bc9acbcc6d5fcabcc133a767c55e3040475e950ef80f866038d4ba0033e78d8' + '8695054d1a1bd02acd2a08b1268eb65349f6877b1be1a00251dcbc5dd95a5a00' 'SKIP' 'a82a5b673dae3f1aa8124e91c485cb8648623d560b7543da63fffab2606443d6' '51e86aeeb4fadbb2ead2b4af115f0bfd04afb83c9959856e3495d704cec55db6' @@ -63,16 +61,14 @@ sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02' '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29' '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d' - '1e1ae0f31f722e80da083ecada1f1be57f9ddad133941820c4483b0240e494c1' '3fffb01cf97a5a7ab9601cb277d2468c0fb1e1cceba4225915f3ffae3a5694ec' 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7' 'c0af4622f75c89fef62183e18b7d49998228d4eaa906c6accaf4aa4ff0134f85' '04f44bf5c181d6dc31905937c1bdccb0f5aecaad3a579e99b302502b9cbe0f7a' '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18' - 'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be' '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4' 'e734ac2a6e865b70dbe1e55ce55a5bd1b1e0cedea903c6341b9cfbabe420c763' - '3cd53473e049a4809d9dde8ebef73307ce87076d707f3fd5c100844d4a9e8255') + '4f1db7c68dbff6d80258de4074af46b989cedcda175776b567cd4658b33c9f99') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -111,10 +107,6 @@ prepare() { patch -p1 -i "${srcdir}/0002-module-allow-multiple-calls-to-MODULE_DEVICE_TABLE-p.patch" patch -p1 -i "${srcdir}/0003-module-remove-MODULE_GENERIC_TABLE.patch" - # Fix various bugs caused by rootfs having FSID 0 - # See http://www.spinics.net/lists/kernel/msg1716924.html - patch -p1 -i "${srcdir}/0004-fs-Don-t-return-0-from-get_anon_bdev.patch" - # Disable usb autosuspend for intel btusb # See http://www.spinics.net/lists/kernel/msg1716461.html # Until a solution is found, make sure the driver leaves autosuspend alone @@ -127,7 +119,7 @@ prepare() { # https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/commit/?id=12f853a89e29f50b17698e17e73c328a35f1498d # FS#39815 patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch" - + # fix Xorg crash with i810 chipset due to wrong removed error check # References: http://lkml.kernel.org/g/533D01BD.1010200@googlemail.com patch -Np1 -i "${srcdir}/0011-kernfs-fix-removed-error-check.patch" @@ -137,11 +129,6 @@ prepare() { # https://bugzilla.kernel.org/show_bug.cgi?id=73361 patch -Np1 -i "${srcdir}/0012-fix-saa7134.patch" - # fix tun/openvpn performance - # https://bugs.archlinux.org/task/40089 - # https://bugzilla.kernel.org/show_bug.cgi?id=74051 - patch -Np1 -i "${srcdir}/0013-net-Start-with-correct-mac_len-in-skb_network_protocol.patch" - # fix xsdt validation bug # https://bugs.archlinux.org/task/39811 # https://bugzilla.kernel.org/show_bug.cgi?id=73911 -- cgit v1.2.3-54-g00ecf From f76652dc7549432c3ef80a41e6816dedab116d7e Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 3 Jun 2014 21:42:43 -0300 Subject: rebuild packages against linux-libre-3.14.5-1 --- libre/acpi_call-libre/PKGBUILD | 4 ++-- libre/bbswitch-libre/PKGBUILD | 4 ++-- libre/tp_smapi-libre/PKGBUILD | 4 ++-- libre/vhba-module-libre/PKGBUILD | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'libre') diff --git a/libre/acpi_call-libre/PKGBUILD b/libre/acpi_call-libre/PKGBUILD index 2fd6569a6..84eabd29c 100644 --- a/libre/acpi_call-libre/PKGBUILD +++ b/libre/acpi_call-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 108706 2014-04-01 22:24:11Z thomas $ +# $Id: PKGBUILD 112482 2014-06-02 19:16:06Z foutrelis $ # Maintainer (Arch): Maxime Gauduin # Contributor (Arch): mortzu # Contributor (Arch): fnord0 @@ -7,7 +7,7 @@ _pkgname=acpi_call pkgname=acpi_call-libre pkgver=1.1.0 -pkgrel=3 +pkgrel=4 _extramodules=extramodules-3.14-LIBRE pkgdesc='A linux kernel module that enables calls to ACPI methods through /proc/acpi/call (built for the linux-libre kernel package)' arch=('i686' 'x86_64') diff --git a/libre/bbswitch-libre/PKGBUILD b/libre/bbswitch-libre/PKGBUILD index e054cb2c7..9964d4e98 100644 --- a/libre/bbswitch-libre/PKGBUILD +++ b/libre/bbswitch-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 108708 2014-04-01 22:26:43Z thomas $ +# $Id: PKGBUILD 112484 2014-06-02 19:16:18Z foutrelis $ # Maintainer (Arch): Sven-Hendrik Haase # Contributor (Arch): M0Rf30 # Contributor (Arch): Samsagax @@ -8,7 +8,7 @@ _pkgname=bbswitch pkgname=bbswitch-libre pkgver=0.8 _extramodules=extramodules-3.14-LIBRE # Don't forget to update bbswitch.install -pkgrel=7 +pkgrel=8 pkgdesc="Kernel module allowing to switch dedicated graphics card on Optimus laptops (built for the linux-libre kernel package)" arch=('i686' 'x86_64' 'mips64el') url=("http://github.com/Bumblebee-Project/bbswitch") diff --git a/libre/tp_smapi-libre/PKGBUILD b/libre/tp_smapi-libre/PKGBUILD index d52136e63..e5db4a11d 100644 --- a/libre/tp_smapi-libre/PKGBUILD +++ b/libre/tp_smapi-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 108712 2014-04-01 22:34:00Z thomas $ +# $Id: PKGBUILD 112490 2014-06-02 19:17:04Z foutrelis $ # Maintainer (Arch): Lukas Fleischer # Contributor (Arch): xduugu # Contributor (Arch): nh2 @@ -12,7 +12,7 @@ _pkgname=tp_smapi pkgname=tp_smapi-libre pkgver=0.41 -pkgrel=45 +pkgrel=46 pkgdesc="Modules for ThinkPad's SMAPI functionality (built for the linux-libre kernel package)" arch=('i686' 'x86_64' 'mips64el') url='https://github.com/evgeni/tp_smapi' diff --git a/libre/vhba-module-libre/PKGBUILD b/libre/vhba-module-libre/PKGBUILD index e94daedc2..aa7417af2 100644 --- a/libre/vhba-module-libre/PKGBUILD +++ b/libre/vhba-module-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 108714 2014-04-01 22:36:58Z thomas $ +# $Id: PKGBUILD 112492 2014-06-02 19:17:18Z foutrelis $ # Maintainer (Arch): Ray Rashif # Contributor (Arch): Mateusz Herych # Contributor (Arch): Charles Lindsay @@ -8,7 +8,7 @@ _pkgname=vhba-module pkgname=vhba-module-libre pkgver=20130607 _extramodules=extramodules-3.14-LIBRE -pkgrel=25 +pkgrel=26 pkgdesc="Kernel module that emulates SCSI devices (built for the linux-libre kernel package)" arch=('i686' 'x86_64' 'mips64el') url="http://cdemu.sourceforge.net/" -- cgit v1.2.3-54-g00ecf From 6df1a4ed916662dc35afbb3f0cd35c05616c0965 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Wed, 4 Jun 2014 01:48:24 -0300 Subject: pacman-4.1.2-6.1: add secure options for gpg => https://lists.parabolagnulinux.org/pipermail/dev/2014-June/002219.html --- libre/pacman/PKGBUILD | 21 ++++++++++++--- libre/pacman/gpg.conf | 50 +++++++++++++++++++++++++++++++++++ libre/pacman/refresh-pacman-keys | 3 +++ libre/pacman/sks-keyservers.netCA.pem | 32 ++++++++++++++++++++++ 4 files changed, 103 insertions(+), 3 deletions(-) create mode 100644 libre/pacman/gpg.conf create mode 100644 libre/pacman/refresh-pacman-keys create mode 100644 libre/pacman/sks-keyservers.netCA.pem (limited to 'libre') diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD index 8fb58771b..774d45321 100644 --- a/libre/pacman/PKGBUILD +++ b/libre/pacman/PKGBUILD @@ -5,7 +5,7 @@ pkgname=pacman pkgver=4.1.2 -pkgrel=6 +pkgrel=6.1 pkgdesc="A library-based package manager with dependency support" arch=('i686' 'x86_64' 'mips64el') url="http://www.archlinux.org/pacman/" @@ -24,13 +24,19 @@ source=(ftp://ftp.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz{,.sig} pacman.conf.i686 pacman.conf.x86_64 pacman.conf.mips64el - makepkg.conf) + makepkg.conf + gpg.conf + sks-keyservers.netCA.pem + refresh-pacman-keys) md5sums=('063c8b0ff6bdf903dc235445525627cd' 'SKIP' '688feb0a552f42643a76f72e7198bfe4' '77c5fd379e73cf86fc08a4bd5c4b1ba1' '9e0c64937ef751ae4273fa4d73381484' - 'f0f310df411f943dbc4e2dd376c88662') + 'f0f310df411f943dbc4e2dd376c88662' + '8c339b2bf027979d1edcfc6ac0e7e81d' + '3cfc5d2867a6672f4f629220632948f4' + '093f0779ac55ae781ba028ad74b95f84') build() { cd "$pkgname-$pkgver" @@ -96,4 +102,13 @@ package() { done install -Dm644 contrib/PKGBUILD.vim "$pkgdir/usr/share/vim/vimfiles/syntax/PKGBUILD.vim" + + install -Dm755 "${srcdir}/refresh-pacman-keys" \ + "${pkgdir}/etc/cron.weekly/refresh-pacman-keys" + + install -Dm644 "${srcdir}/sks-keyservers.netCA.pem" \ + "${pkgdir}/etc/pacman.d/sks-keyservers.netCA.pem" + + install -Dm644 "${srcdir}/gpg.conf" \ + "${pkgdir}/etc/pacman.d/gpg.conf" } diff --git a/libre/pacman/gpg.conf b/libre/pacman/gpg.conf new file mode 100644 index 000000000..7fc6fc661 --- /dev/null +++ b/libre/pacman/gpg.conf @@ -0,0 +1,50 @@ +# pacman-key default options +no-greeting +no-permission-warning +lock-never +keyserver-options timeout=20 + +# From duraconf +# personal digest preferences +personal-digest-preferences SHA512 + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# Set the list of default preferences to string. +# used for new keys and default for "setpref" +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed + +# From +# https://crabgrass.riseup.net/riseuplabs+paow/openpgp-best-practices +# Only use secure keyservers +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem +keyserver-options no-honor-keyserver-url + +# when outputting certificates, view user IDs distinctly from keys: +fixed-list-mode + +# short-keyids are trivially spoofed; it's easy to create a long-keyid +# collision; if you care about strong key identifiers, you always want +# to see the fingerprint: +keyid-format 0xlong +fingerprint + +# when multiple digests are supported by all recipients, choose the +# strongest one: +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# If you use a graphical environment (and even if you don't) +# you should be using an agent: (similar arguments as +# https://www.debian-administration.org/users/dkg/weblog/64) +use-agent + +# You should always know at a glance which User IDs gpg thinks are +# legitimately bound to the keys in your keyring: +verify-options show-uid-validity +list-options show-uid-validity + +# include an unambiguous indicator of which key made a signature: (see +# http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) +sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g diff --git a/libre/pacman/refresh-pacman-keys b/libre/pacman/refresh-pacman-keys new file mode 100644 index 000000000..e96dc34e5 --- /dev/null +++ b/libre/pacman/refresh-pacman-keys @@ -0,0 +1,3 @@ +#!/bin/bash + +pacman-key --refresh-keys diff --git a/libre/pacman/sks-keyservers.netCA.pem b/libre/pacman/sks-keyservers.netCA.pem new file mode 100644 index 000000000..24a2ad2e8 --- /dev/null +++ b/libre/pacman/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- -- cgit v1.2.3-54-g00ecf