diff --git a/Makefile b/Makefile index 375a4e8..9bf1d57 100644 --- a/Makefile +++ b/Makefile @@ -195,10 +195,6 @@ $(CHROOT)/etc/portage/package.%/02$(APPLIANCE): appliances/$(APPLIANCE)/package. mkdir -p `dirname $@` cp $< $@ - -$(CHROOT)/etc/portage/make.conf: configs/make.conf.$(VA_ARCH) - COPY configs/make.conf.$(VA_ARCH) /etc/portage/make.conf - $(portage_make_conf_local): $(default_make_conf) $(appliance_make_conf) if [ -f "$(default_make_conf)" ] ; \ then COPY $(default_make_conf) /etc/portage/make.conf.local; \ @@ -212,9 +208,6 @@ $(CHROOT)/var/tmp/profile: $(STAGE3) RUN eselect profile set $(appliance_profile) touch $@ -$(CHROOT)/etc/locale.gen: configs/locale.gen - COPY configs/locale.gen /etc/locale.gen - $(KERNEL_PATH): $(STAGE3) $(KERNEL_CONFIG) ifneq ($(EXTERNAL_KERNEL),YES) $(eval kernel_ebuild = $(shell basename `RUN portageq best_visible / $(KERNEL_PKG)`)) @@ -232,12 +225,14 @@ ifneq ($(EXTERNAL_KERNEL),YES) cp -a $(CHROOT)/usr/src/linux-*/* $(shell cat $(KERNEL_PATH)); \ RUN $(EMERGE) -C sys-kernel/$(KERNEL_PKG); \ cp $(KERNEL_CONFIG) $(shell cat $(KERNEL_PATH))/.config; \ - RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) oldconfig modules_prepare; \ +## RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) oldconfig modules_prepare; \ fi endif touch $(KERNEL_SRC) -$(COMPILE_OPTIONS): $(STAGE3) $(PORTAGE_DIR) $(CHROOT)/etc/portage/make.conf configs/locale.gen $(portage_default_package_files) $(portage_package_files) $(portage_make_conf_local) $(CHROOT)/var/tmp/profile $(CHROOT)/etc/locale.gen $(CHROOT)/etc/portage/repos.conf $(KERNEL_SRC) +$(COMPILE_OPTIONS): $(STAGE3) $(PORTAGE_DIR) configs/make.conf.$(VA_ARCH) configs/locale.gen $(portage_default_package_files) $(portage_package_files) $(portage_make_conf_local) $(CHROOT)/var/tmp/profile $(CHROOT)/etc/portage/repos.conf $(KERNEL_SRC) + COPY configs/make.conf.$(VA_ARCH) /etc/portage/make.conf + COPY configs/locale.gen /etc/locale.gen RUN locale-gen touch $(COMPILE_OPTIONS) diff --git a/appliances/default/Makefile b/appliances/default/Makefile index 5cccc64..d93c30d 100644 --- a/appliances/default/Makefile +++ b/appliances/default/Makefile @@ -16,12 +16,12 @@ $(HARDENED): RUN $(EMERGE) $(USEPKG) --emptytree @world RUN $(EMERGE) --depclean --with-bdeps=n RUN bash -c 'yes YES | etc-update --automode -9' -ifneq ($(EXTERNAL_KERNEL),YES) - if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \ - RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \ - RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig modules_prepare; \ - fi -endif +##ifneq ($(EXTERNAL_KERNEL),YES) +## if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \ +## RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \ +## RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig modules_prepare; \ +## fi +##endif touch $(HARDENED) $(timesyncd_conf): default/timesyncd.conf diff --git a/appliances/default/make.conf b/appliances/default/make.conf index f9ee3f1..d4b204f 100644 --- a/appliances/default/make.conf +++ b/appliances/default/make.conf @@ -3,3 +3,8 @@ CXXFLAGS="-O2 -pipe" USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc" MAKEOPTS="-j5" ACCEPT_LICENSE="*" + +# Python-Version festpinnen (s. auch package.mask) +USE_PYTHON="3.9" +PYTHON_TARGETS="python3_9" +PYTHON_SINGLE_TARGET="python3_9" diff --git a/appliances/default/package.mask b/appliances/default/package.mask new file mode 100644 index 0000000..fe981bb --- /dev/null +++ b/appliances/default/package.mask @@ -0,0 +1,2 @@ +# Python: nur Version 3.9 verwenden (s. auch make.conf: PYTHON-Variable) +>=dev-lang/python-3.10 diff --git a/appliances/default/package.use b/appliances/default/package.use index b27a159..7ceee5a 100644 --- a/appliances/default/package.use +++ b/appliances/default/package.use @@ -1,7 +1,7 @@ # Base system app-admin/sudo -sendmail app-editors/nano ncurses -app-emulation/open-vm-tools pic -modules -resolutionkms +app-emulation/open-vm-tools pic -fuse -modules -resolutionkms app-misc/mc -slang dev-lang/python ssl threads xml dev-libs/libpcre cxx jit @@ -20,3 +20,7 @@ sys-kernel/gentoo-sources symlink # Monitoring net-analyzer/zabbix agent + +# temp., sonst circular dependencies error +sys-devel/m4 -nls +sys-apps/help2man -nls diff --git a/configs/kernel.config.amd64 b/configs/kernel.config.amd64 index 68d0101..aca3871 100644 --- a/configs/kernel.config.amd64 +++ b/configs/kernel.config.amd64 @@ -1,16 +1,17 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.27-gentoo Kernel Configuration +# Linux/x86 5.10.76-gentoo-r1 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 10.2.0-r5 p6) 10.2.0" +CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 11.2.0 p1) 11.2.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=100200 -CONFIG_LD_VERSION=235020000 +CONFIG_GCC_VERSION=110200 +CONFIG_LD_VERSION=237000000 CONFIG_CLANG_VERSION=0 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y @@ -404,8 +405,13 @@ CONFIG_SCHED_HRTICK=y # CONFIG_KEXEC_FILE is not set # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 -# CONFIG_RELOCATABLE is not set +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set @@ -787,7 +793,7 @@ CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_MMU_NOTIFIER=y # CONFIG_KSM is not set -CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # CONFIG_TRANSPARENT_HUGEPAGE is not set CONFIG_ARCH_WANTS_THP_SWAP=y # CONFIG_CLEANCACHE is not set @@ -1279,6 +1285,7 @@ CONFIG_VIRTIO_BLK=y # # CONFIG_BLK_DEV_NVME is not set # CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set # end of NVME Support # @@ -2410,7 +2417,6 @@ CONFIG_RTC_DRV_CMOS=y # DMABUF options # # CONFIG_SYNC_FILE is not set -# CONFIG_DMABUF_MOVE_NOTIFY is not set # CONFIG_DMABUF_HEAPS is not set # end of DMABUF options @@ -2772,7 +2778,6 @@ CONFIG_IO_WQ=y CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y -CONFIG_HARDENED_USERCOPY_FALLBACK=y CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set CONFIG_DEFAULT_SECURITY_DAC=y @@ -3111,6 +3116,8 @@ CONFIG_HAVE_ARCH_KGDB=y CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set # end of Generic Kernel Debugging Instruments CONFIG_DEBUG_KERNEL=y @@ -3293,4 +3300,7 @@ CONFIG_GENTOO_LINUX_PORTAGE=y CONFIG_GENTOO_LINUX_INIT_SCRIPT=y CONFIG_GENTOO_LINUX_INIT_SYSTEMD=y # end of Support for init systems, system and service managers + +CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y +CONFIG_GENTOO_PRINT_FIRMWARE_INFO=y # end of Gentoo Linux diff --git a/configs/make.conf.amd64 b/configs/make.conf.amd64 index 04f945b..d6ad83b 100644 --- a/configs/make.conf.amd64 +++ b/configs/make.conf.amd64 @@ -11,7 +11,6 @@ EPAUSE_IGNORE="1" EMERGE_DEFAULT_OPTS="--jobs=2 --autounmask=n" FEATURES="noinfo -test nodoc noman nostrip unmerge-orphans buildpkg notitles parallel-fetch binpkg-multi-instance -cgroup" CURL_SSL="openssl" -PYTHON_TARGETS="python3_8" INSTALL_MASK="/etc/default/grub /etc/locale.gen /etc/fstab /etc/issue /usr/share/doc" source make.conf.local diff --git a/configs/make.conf.x86 b/configs/make.conf.x86 index 1bed07a..5beeaea 100644 --- a/configs/make.conf.x86 +++ b/configs/make.conf.x86 @@ -11,7 +11,6 @@ EPAUSE_IGNORE="1" EMERGE_DEFAULT_OPTS="--jobs=2 --autounmask=n" FEATURES="noinfo -test nodoc noman nostrip unmerge-orphans buildpkg notitles parallel-fetch binpkg-multi-instance -cgroup" CURL_SSL="openssl" -PYTHON_TARGETS="python3_8" ABI_X86="32" INSTALL_MASK="/etc/default/grub /etc/locale.gen /etc/fstab /etc/issue /usr/share/doc"