From 2d09b7457a5c97591238b34ef717734a84167ec2 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 27 Dec 2019 22:54:53 +0000 Subject: Fri Dec 27 22:54:53 UTC 2019 a/kernel-generic-5.4.6-x86_64-2.txz: Rebuilt. a/kernel-huge-5.4.6-x86_64-2.txz: Rebuilt. a/kernel-modules-5.4.6-x86_64-2.txz: Rebuilt. ap/vim-8.2.0050-x86_64-1.txz: Upgraded. d/kernel-headers-5.4.6-x86-2.txz: Rebuilt. k/kernel-source-5.4.6-noarch-2.txz: Rebuilt. Apparently MODULE_SIG was enabled by SECURITY_LOCKDOWN_LSM. We'll turn both of those off to avoid needlessly tainting the kernel. -LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY n -LOCK_DOWN_KERNEL_FORCE_INTEGRITY n -LOCK_DOWN_KERNEL_FORCE_NONE y -MODULE_SIG_ALL n -MODULE_SIG_FORCE n -MODULE_SIG_FORMAT y -MODULE_SIG_HASH "sha256" -MODULE_SIG_KEY "certs/signing_key.pem" -MODULE_SIG_SHA1 n -MODULE_SIG_SHA224 n -MODULE_SIG_SHA256 y -MODULE_SIG_SHA384 n -MODULE_SIG_SHA512 n -SECURITY_LOCKDOWN_LSM_EARLY y MODULE_SIG y -> n SECURITY_LOCKDOWN_LSM y -> n l/imagemagick-7.0.9_12-x86_64-1.txz: Upgraded. l/libcap-2.29-x86_64-1.txz: Upgraded. xap/vim-gvim-8.2.0050-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Rebuilt. usb-and-pxe-installers/usbboot.img: Rebuilt. --- source/k/kernel-configs/config-generic-5.4.6 | 18 ++---------------- source/k/kernel-configs/config-generic-5.4.6.x64 | 18 ++---------------- source/k/kernel-configs/config-generic-smp-5.4.6-smp | 18 ++---------------- source/k/kernel-configs/config-huge-5.4.6 | 18 ++---------------- source/k/kernel-configs/config-huge-5.4.6.x64 | 18 ++---------------- source/k/kernel-configs/config-huge-smp-5.4.6-smp | 18 ++---------------- 6 files changed, 12 insertions(+), 96 deletions(-) (limited to 'source/k') diff --git a/source/k/kernel-configs/config-generic-5.4.6 b/source/k/kernel-configs/config-generic-5.4.6 index 7688ad136..e3750f084 100644 --- a/source/k/kernel-configs/config-generic-5.4.6 +++ b/source/k/kernel-configs/config-generic-5.4.6 @@ -786,22 +786,13 @@ CONFIG_GCC_PLUGINS=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set -CONFIG_MODULE_SIG=y -# CONFIG_MODULE_SIG_FORCE is not set -# CONFIG_MODULE_SIG_ALL is not set -# CONFIG_MODULE_SIG_SHA1 is not set -# CONFIG_MODULE_SIG_SHA224 is not set -CONFIG_MODULE_SIG_SHA256=y -# CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha256" +# CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS=y CONFIG_UNUSED_SYMBOLS=y @@ -8199,11 +8190,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_SECURITY_SAFESETID is not set -CONFIG_SECURITY_LOCKDOWN_LSM=y -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set -# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" @@ -8437,7 +8424,6 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set diff --git a/source/k/kernel-configs/config-generic-5.4.6.x64 b/source/k/kernel-configs/config-generic-5.4.6.x64 index 6c4af203d..ec7dc5934 100644 --- a/source/k/kernel-configs/config-generic-5.4.6.x64 +++ b/source/k/kernel-configs/config-generic-5.4.6.x64 @@ -829,22 +829,13 @@ CONFIG_GCC_PLUGINS=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set -CONFIG_MODULE_SIG=y -# CONFIG_MODULE_SIG_FORCE is not set -# CONFIG_MODULE_SIG_ALL is not set -# CONFIG_MODULE_SIG_SHA1 is not set -# CONFIG_MODULE_SIG_SHA224 is not set -CONFIG_MODULE_SIG_SHA256=y -# CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha256" +# CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS=y CONFIG_UNUSED_SYMBOLS=y @@ -8187,11 +8178,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_SECURITY_SAFESETID is not set -CONFIG_SECURITY_LOCKDOWN_LSM=y -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set -# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" @@ -8447,7 +8434,6 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set diff --git a/source/k/kernel-configs/config-generic-smp-5.4.6-smp b/source/k/kernel-configs/config-generic-smp-5.4.6-smp index e19e7e5db..393dc8834 100644 --- a/source/k/kernel-configs/config-generic-smp-5.4.6-smp +++ b/source/k/kernel-configs/config-generic-smp-5.4.6-smp @@ -826,22 +826,13 @@ CONFIG_GCC_PLUGINS=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set -CONFIG_MODULE_SIG=y -# CONFIG_MODULE_SIG_FORCE is not set -# CONFIG_MODULE_SIG_ALL is not set -# CONFIG_MODULE_SIG_SHA1 is not set -# CONFIG_MODULE_SIG_SHA224 is not set -CONFIG_MODULE_SIG_SHA256=y -# CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha256" +# CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS=y CONFIG_UNUSED_SYMBOLS=y @@ -8263,11 +8254,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_SECURITY_SAFESETID is not set -CONFIG_SECURITY_LOCKDOWN_LSM=y -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set -# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" @@ -8500,7 +8487,6 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set diff --git a/source/k/kernel-configs/config-huge-5.4.6 b/source/k/kernel-configs/config-huge-5.4.6 index d9b0b2141..67bdaba2a 100644 --- a/source/k/kernel-configs/config-huge-5.4.6 +++ b/source/k/kernel-configs/config-huge-5.4.6 @@ -786,22 +786,13 @@ CONFIG_GCC_PLUGINS=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set -CONFIG_MODULE_SIG=y -# CONFIG_MODULE_SIG_FORCE is not set -# CONFIG_MODULE_SIG_ALL is not set -# CONFIG_MODULE_SIG_SHA1 is not set -# CONFIG_MODULE_SIG_SHA224 is not set -CONFIG_MODULE_SIG_SHA256=y -# CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha256" +# CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS=y CONFIG_UNUSED_SYMBOLS=y @@ -8199,11 +8190,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_SECURITY_SAFESETID is not set -CONFIG_SECURITY_LOCKDOWN_LSM=y -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set -# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" @@ -8437,7 +8424,6 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set diff --git a/source/k/kernel-configs/config-huge-5.4.6.x64 b/source/k/kernel-configs/config-huge-5.4.6.x64 index b45fee5bc..e019cef1d 100644 --- a/source/k/kernel-configs/config-huge-5.4.6.x64 +++ b/source/k/kernel-configs/config-huge-5.4.6.x64 @@ -829,22 +829,13 @@ CONFIG_GCC_PLUGINS=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set -CONFIG_MODULE_SIG=y -# CONFIG_MODULE_SIG_FORCE is not set -# CONFIG_MODULE_SIG_ALL is not set -# CONFIG_MODULE_SIG_SHA1 is not set -# CONFIG_MODULE_SIG_SHA224 is not set -CONFIG_MODULE_SIG_SHA256=y -# CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha256" +# CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS=y CONFIG_UNUSED_SYMBOLS=y @@ -8187,11 +8178,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_SECURITY_SAFESETID is not set -CONFIG_SECURITY_LOCKDOWN_LSM=y -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set -# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" @@ -8447,7 +8434,6 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set diff --git a/source/k/kernel-configs/config-huge-smp-5.4.6-smp b/source/k/kernel-configs/config-huge-smp-5.4.6-smp index 26b43f409..45e8a1042 100644 --- a/source/k/kernel-configs/config-huge-smp-5.4.6-smp +++ b/source/k/kernel-configs/config-huge-smp-5.4.6-smp @@ -826,22 +826,13 @@ CONFIG_GCC_PLUGINS=y CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 -CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set -CONFIG_MODULE_SIG=y -# CONFIG_MODULE_SIG_FORCE is not set -# CONFIG_MODULE_SIG_ALL is not set -# CONFIG_MODULE_SIG_SHA1 is not set -# CONFIG_MODULE_SIG_SHA224 is not set -CONFIG_MODULE_SIG_SHA256=y -# CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha256" +# CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS=y CONFIG_UNUSED_SYMBOLS=y @@ -8263,11 +8254,7 @@ CONFIG_FORTIFY_SOURCE=y # CONFIG_SECURITY_LOADPIN is not set # CONFIG_SECURITY_YAMA is not set # CONFIG_SECURITY_SAFESETID is not set -CONFIG_SECURITY_LOCKDOWN_LSM=y -CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y -CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y -# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set -# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set # CONFIG_INTEGRITY is not set CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity" @@ -8500,7 +8487,6 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -- cgit v1.2.3-65-gdbad