[PATCH] gnu: Add kconfig-hardened-check.

Done

Details

2 participants

Hilton Chain
Christopher Baines

Owner: unassigned

Submitted by: Hilton Chain

Severity: normal

Debbugs page

Hilton Chain wrote on 5 Nov 2022 03:53

Recipients:(address . guix-patches@gnu.org)

Message-ID:y76pme14qqb.wl-hako@ultrarare.space

* gnu/packages/linux.scm (kconfig-hardened-check): New variable.

---

gnu/packages/linux.scm | 21 +++++++++++++++++++++

1 file changed, 21 insertions(+)

Toggle diff (33 lines)diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..3aa5613a15 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,24 @@ (define-public tp-smapi-module
 @acronym{SMAPI, System Management Application Program Interface} and direct
 access to the embedded controller.")
     (license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+  (package
+    (name "kconfig-hardened-check")
+    (version "0.5.17")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+    (synopsis
+     "Tool for checking the security hardening options of the Linux kernel")
+    (description
+     "Tool for checking the security hardening options of the Linux kernel.")
+    (license license:gpl3)))

base-commit: e67f9d7ab0c4bc957a918987a347a9ca429f3b0a
-- 
2.38.0

Christopher Baines wrote on 6 Nov 2022 06:12

Recipients:(name . Hilton Chain)(address . hako@ultrarare.space)

Message-ID:875yfsgocy.fsf@cbaines.net

Hilton Chain via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (6 lines)

> + (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")

> + (synopsis

> + "Tool for checking the security hardening options of the Linux kernel")

> + (description

> + "Tool for checking the security hardening options of the Linux kernel.")

This looks generally OK to me, but could you have a go at writing a

description that's different to the synopsis?

Even just wording it slightly differently would be OK (e.g. "The

@code{kconfig-hardened-check} tool helps with checking the security

hardening options of the Linux kernel").

Thanks,

Chris

Christopher Baines wrote on 6 Nov 2022 06:16

tag 59043 moreinfo

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87pme0jhhm.fsf@cbaines.net

tags 59043 + moreinfo

quit

Hilton Chain wrote on 6 Nov 2022 06:52

[PATCH v2] gnu: Add kconfig-hardened-check.

Recipients:(name . Christopher Baines)(address . mail@cbaines.net)

Message-ID:y768rkodtjw.wl-hako@ultrarare.space

* gnu/packages/linux.scm (kconfig-hardened-check): New variable.

---

v1 -> v2: Add more description.

gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++

1 file changed, 32 insertions(+)

Toggle diff (42 lines)diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..8eadf8354c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,35 @@ (define-public tp-smapi-module
 @acronym{SMAPI, System Management Application Program Interface} and direct
 access to the embedded controller.")
     (license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+  (package
+    (name "kconfig-hardened-check")
+    (version "0.5.17")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+    (synopsis
+     "Tool for checking the security hardening options of the Linux kernel")
+    (description
+     "@code{kconfig-hardened-check} is a tool for checking the security
+hardening options of the Linux kernel.  Provided preferences are based on
+suggestions from various sources, including:
+
+@itemize
+@item KSPP recommended settings
+@item CLIP OS kernel configuration
+@item Last public grsecurity patch (options which they disable)
+@item SECURITY_LOCKDOWN_LSM patchset
+@item Direct feedback from the Linux kernel maintainers
+@end itemize\n
+This tool supports checking Kconfig options and kernel cmdline parameters.")
+    (license license:gpl3)))

base-commit: 97d565c786ee1a1eb920ed66384f60aad20e5cc2

2.38.0

Christopher Baines wrote on 7 Nov 2022 11:57

Recipients:(name . Hilton Chain)(address . hako@ultrarare.space)

Message-ID:87v8nqo7u5.fsf@cbaines.net

Hilton Chain <hako@ultrarare.space> writes:

Toggle quote (8 lines)

> * gnu/packages/linux.scm (kconfig-hardened-check): New variable.

> ---

> v1 -> v2: Add more description.

> gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++

> 1 file changed, 32 insertions(+)

Thanks! That looks good, I've gone ahead and pushed to master as

cad335a32acf8c31b49fe83f1b38b1d1a6da76be.

Thanks,

Chris

Your comment

This issue is archived.

To comment on this conversation send an email to 59043@patchwise.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 59043

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date