better locale.gen handling, handling of kernel modules temporarily disabled

2022-01-19 12:03:55 +01:00 · 2022-01-19 12:03:55 +01:00 · 0709757051
parent 35319acde1
commit 0709757051
8 changed files with 40 additions and 26 deletions
--- a/13
+++ b/13
@ -195,10 +195,6 @@ $(CHROOT)/etc/portage/package.%/02$(APPLIANCE): appliances/$(APPLIANCE)/package.
 	mkdir -p `dirname $@`
 	cp $< $@
 $(CHROOT)/etc/portage/make.conf: configs/make.conf.$(VA_ARCH)
 	COPY configs/make.conf.$(VA_ARCH) /etc/portage/make.conf
 $(portage_make_conf_local): $(default_make_conf) $(appliance_make_conf)
 	if [ -f "$(default_make_conf)" ] ;  \
 		then COPY $(default_make_conf) /etc/portage/make.conf.local; \
@ -212,9 +208,6 @@ $(CHROOT)/var/tmp/profile: $(STAGE3)
 	RUN eselect profile set $(appliance_profile)
 	touch $@
 $(CHROOT)/etc/locale.gen: configs/locale.gen
 	COPY configs/locale.gen /etc/locale.gen
 $(KERNEL_PATH): $(STAGE3) $(KERNEL_CONFIG)
 ifneq ($(EXTERNAL_KERNEL),YES)
 	$(eval kernel_ebuild = $(shell basename `RUN portageq best_visible / $(KERNEL_PKG)`))
@ -232,12 +225,14 @@ ifneq ($(EXTERNAL_KERNEL),YES)
 		cp -a $(CHROOT)/usr/src/linux-*/* $(shell cat $(KERNEL_PATH)); \
 		RUN $(EMERGE) -C sys-kernel/$(KERNEL_PKG); \
 		cp $(KERNEL_CONFIG) $(shell cat $(KERNEL_PATH))/.config; \
-		RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) oldconfig modules_prepare; \
+##		RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) oldconfig modules_prepare; \
 	fi
 endif
 	touch $(KERNEL_SRC)
-$(COMPILE_OPTIONS): $(STAGE3) $(PORTAGE_DIR) $(CHROOT)/etc/portage/make.conf configs/locale.gen $(portage_default_package_files) $(portage_package_files) $(portage_make_conf_local) $(CHROOT)/var/tmp/profile $(CHROOT)/etc/locale.gen $(CHROOT)/etc/portage/repos.conf $(KERNEL_SRC)
+$(COMPILE_OPTIONS): $(STAGE3) $(PORTAGE_DIR) configs/make.conf.$(VA_ARCH) configs/locale.gen $(portage_default_package_files) $(portage_package_files) $(portage_make_conf_local) $(CHROOT)/var/tmp/profile $(CHROOT)/etc/portage/repos.conf $(KERNEL_SRC)
 	COPY configs/make.conf.$(VA_ARCH) /etc/portage/make.conf
 	COPY configs/locale.gen /etc/locale.gen
 	RUN locale-gen
 	touch $(COMPILE_OPTIONS)
--- a/appliances/default/Makefile
+++ b/appliances/default/Makefile
@ -16,12 +16,12 @@ $(HARDENED):
 	RUN $(EMERGE) $(USEPKG) --emptytree @world
 	RUN $(EMERGE) --depclean --with-bdeps=n
 	RUN bash -c 'yes YES | etc-update --automode -9'
-ifneq ($(EXTERNAL_KERNEL),YES)
+##ifneq ($(EXTERNAL_KERNEL),YES)
-	if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \
+##	if ! grep -q "$(shell /usr/bin/gcc --version | grep gcc)" "$(shell cat $(KERNEL_PATH))/.config"; then \
-		RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \
+##		RUN $(EMERGE) $(USEPKG) --onlydeps --oneshot --noreplace sys-kernel/$(KERNEL_PKG); \
-		RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig modules_prepare; \
+##		RUN make -C /usr/src/linux MAKEOPTS=$(MAKEOPTS) clean oldconfig modules_prepare; \
-	fi
+##	fi
-endif
+##endif
 	touch $(HARDENED)
 $(timesyncd_conf): default/timesyncd.conf
--- a/appliances/default/make.conf
+++ b/appliances/default/make.conf
@ -3,3 +3,8 @@ CXXFLAGS="-O2 -pipe"
 USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc"
 MAKEOPTS="-j5"
 ACCEPT_LICENSE="*"
 # Python-Version festpinnen (s. auch package.mask)
 USE_PYTHON="3.9"
 PYTHON_TARGETS="python3_9"
 PYTHON_SINGLE_TARGET="python3_9"
--- a/appliances/default/package.mask
+++ b/appliances/default/package.mask
@ -0,0 +1,2 @@
 # Python: nur Version 3.9 verwenden (s. auch make.conf: PYTHON-Variable)
 >=dev-lang/python-3.10
--- a/appliances/default/package.use
+++ b/appliances/default/package.use
@ -1,7 +1,7 @@
 # Base system
 app-admin/sudo -sendmail
 app-editors/nano ncurses
-app-emulation/open-vm-tools pic -modules -resolutionkms
+app-emulation/open-vm-tools pic -fuse -modules -resolutionkms
 app-misc/mc -slang
 dev-lang/python ssl threads xml
 dev-libs/libpcre cxx jit
@ -20,3 +20,7 @@ sys-kernel/gentoo-sources symlink
 # Monitoring
 net-analyzer/zabbix agent
 # temp., sonst circular dependencies error
 sys-devel/m4 -nls
 sys-apps/help2man -nls
--- a/configs/kernel.config.amd64
+++ b/configs/kernel.config.amd64
@ -1,16 +1,17 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.10.27-gentoo Kernel Configuration
+# Linux/x86 5.10.76-gentoo-r1 Kernel Configuration
 #
-CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 10.2.0-r5 p6) 10.2.0"
+CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 11.2.0 p1) 11.2.0"
 CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=100200
+CONFIG_GCC_VERSION=110200
-CONFIG_LD_VERSION=235020000
+CONFIG_LD_VERSION=237000000
 CONFIG_CLANG_VERSION=0
 CONFIG_LLD_VERSION=0
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_CAN_LINK_STATIC=y
 CONFIG_CC_HAS_ASM_GOTO=y
 CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
 CONFIG_CC_HAS_ASM_INLINE=y
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_TABLE_SORT=y
@ -404,8 +405,13 @@ CONFIG_SCHED_HRTICK=y
 # CONFIG_KEXEC_FILE is not set
 # CONFIG_CRASH_DUMP is not set
 CONFIG_PHYSICAL_START=0x1000000
-# CONFIG_RELOCATABLE is not set
+CONFIG_RELOCATABLE=y
 CONFIG_RANDOMIZE_BASE=y
 CONFIG_X86_NEED_RELOCS=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
 CONFIG_DYNAMIC_MEMORY_LAYOUT=y
 CONFIG_RANDOMIZE_MEMORY=y
 CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set
@ -787,7 +793,7 @@ CONFIG_BOUNCE=y
 CONFIG_VIRT_TO_BUS=y
 CONFIG_MMU_NOTIFIER=y
 # CONFIG_KSM is not set
-CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
 # CONFIG_TRANSPARENT_HUGEPAGE is not set
 CONFIG_ARCH_WANTS_THP_SWAP=y
 # CONFIG_CLEANCACHE is not set
@ -1279,6 +1285,7 @@ CONFIG_VIRTIO_BLK=y
 #
 # CONFIG_BLK_DEV_NVME is not set
 # CONFIG_NVME_FC is not set
 # CONFIG_NVME_TCP is not set
 # end of NVME Support
 #
@ -2410,7 +2417,6 @@ CONFIG_RTC_DRV_CMOS=y
 # DMABUF options
 #
 # CONFIG_SYNC_FILE is not set
 # CONFIG_DMABUF_MOVE_NOTIFY is not set
 # CONFIG_DMABUF_HEAPS is not set
 # end of DMABUF options
@ -2772,7 +2778,6 @@ CONFIG_IO_WQ=y
 CONFIG_PAGE_TABLE_ISOLATION=y
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
 CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
@ -3111,6 +3116,8 @@ CONFIG_HAVE_ARCH_KGDB=y
 CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
 # CONFIG_UBSAN is not set
 CONFIG_HAVE_ARCH_KCSAN=y
 CONFIG_HAVE_KCSAN_COMPILER=y
 # CONFIG_KCSAN is not set
 # end of Generic Kernel Debugging Instruments
 CONFIG_DEBUG_KERNEL=y
@ -3293,4 +3300,7 @@ CONFIG_GENTOO_LINUX_PORTAGE=y
 CONFIG_GENTOO_LINUX_INIT_SCRIPT=y
 CONFIG_GENTOO_LINUX_INIT_SYSTEMD=y
 # end of Support for init systems, system and service managers
 CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y
 CONFIG_GENTOO_PRINT_FIRMWARE_INFO=y
 # end of Gentoo Linux
--- a/configs/make.conf.amd64
+++ b/configs/make.conf.amd64
@ -11,7 +11,6 @@ EPAUSE_IGNORE="1"
 EMERGE_DEFAULT_OPTS="--jobs=2 --autounmask=n"
 FEATURES="noinfo -test nodoc noman nostrip unmerge-orphans buildpkg notitles parallel-fetch binpkg-multi-instance -cgroup"
 CURL_SSL="openssl"
 PYTHON_TARGETS="python3_8"
 INSTALL_MASK="/etc/default/grub /etc/locale.gen /etc/fstab /etc/issue /usr/share/doc"
 source make.conf.local
--- a/configs/make.conf.x86
+++ b/configs/make.conf.x86
@ -11,7 +11,6 @@ EPAUSE_IGNORE="1"
 EMERGE_DEFAULT_OPTS="--jobs=2 --autounmask=n"
 FEATURES="noinfo -test nodoc noman nostrip unmerge-orphans buildpkg notitles parallel-fetch binpkg-multi-instance -cgroup"
 CURL_SSL="openssl"
 PYTHON_TARGETS="python3_8"
 ABI_X86="32"
 INSTALL_MASK="/etc/default/grub /etc/locale.gen /etc/fstab /etc/issue /usr/share/doc"
		`@ -0,0 +1,2 @@`
							`# Python: nur Version 3.9 verwenden (s. auch make.conf: PYTHON-Variable)`
							`>=dev-lang/python-3.10`