[PATCH] gnu: Add kconfig-hardened-check.

  • Done
  • quality assurance status badge
Details
2 participants
  • Hilton Chain
  • Christopher Baines
Owner
unassigned
Submitted by
Hilton Chain
Severity
normal

Debbugs page

H
H
Hilton Chain wrote on 5 Nov 2022 03:53
(address . guix-patches@gnu.org)
y76pme14qqb.wl-hako@ultrarare.space
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
---
gnu/packages/linux.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)

Toggle diff (33 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..3aa5613a15 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,24 @@ (define-public tp-smapi-module
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "Tool for checking the security hardening options of the Linux kernel.")
+ (license license:gpl3)))

base-commit: e67f9d7ab0c4bc957a918987a347a9ca429f3b0a
--
2.38.0
C
C
Christopher Baines wrote on 6 Nov 2022 06:12
(name . Hilton Chain)(address . hako@ultrarare.space)
875yfsgocy.fsf@cbaines.net
Hilton Chain via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (6 lines)
> + (synopsis
> + "Tool for checking the security hardening options of the Linux kernel")
> + (description
> + "Tool for checking the security hardening options of the Linux kernel.")

This looks generally OK to me, but could you have a go at writing a
description that's different to the synopsis?

Even just wording it slightly differently would be OK (e.g. "The
@code{kconfig-hardened-check} tool helps with checking the security
hardening options of the Linux kernel").

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNnwa1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdKig//Xx6hcXFBRtOTIJkUmcvN6B5FWjKvUbaT
MoYLYxOWoyX1uZpHSIYsP34EnGKGYi/UPL0bRZSPjGRN8mtSOaz0No9ExKpln/In
AmBxwb8eUPY06Jl5LSqtzEDr7mipZBR5NfwKz8bI0O1SLq7uILy/HWnvX+tkSvus
oJ7HcqhddknBmRBRP5faRGliLphStGPjob4CsKIxL68byux48jwOP3rs0j/UEogz
Og2YAsgMRpCz4ZG4oX2um6NEO/vGIa5nJJf06LxkR7pI2b6jzXP6w+kW6vmSHXI1
N53YWe9qdQUX+6jz0sq9YjPGnBN8fS434VPKPrWUpjZwTnpFKGNwfIwFZQuiYGSo
Pngli0fP8eK2uLA1UrSUTfcK/vhZkg9Av+KDaSuBZcnKWuDLlJpebyx0SjaJwRKb
JFJD2cpNDcU6SISedCG+xrNU08grm9KYTd/+TS5VoFPbXSfovSuobRvBuBMfjHVZ
2wFaxYTasNl7ev48fqs2dMFlZtMkr6gY84g7hKKsaN4P7+IQDp9I+bXbz9FB99ZY
4Bbgbmidah+3JlqHQHxXFcdnB+LIIsAsTt+Zg4EZ4pXpSJp6Z75jhXFyZlgcAiYt
jAljETY0rJ8roczMbjqUyqDv9J9dqxTTco20hIyXPM081L6AbrieWudEs0o1yDjy
wcY2aWQg0T4=
=UFqX
-----END PGP SIGNATURE-----

C
C
Christopher Baines wrote on 6 Nov 2022 06:16
tag 59043 moreinfo
(address . control@debbugs.gnu.org)
87pme0jhhm.fsf@cbaines.net
tags 59043 + moreinfo
quit
H
H
Hilton Chain wrote on 6 Nov 2022 06:52
[PATCH v2] gnu: Add kconfig-hardened-check.
(name . Christopher Baines)(address . mail@cbaines.net)
y768rkodtjw.wl-hako@ultrarare.space
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
---
v1 -> v2: Add more description.

gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (42 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..8eadf8354c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,35 @@ (define-public tp-smapi-module
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "@code{kconfig-hardened-check} is a tool for checking the security
+hardening options of the Linux kernel. Provided preferences are based on
+suggestions from various sources, including:
+
+@itemize
+@item KSPP recommended settings
+@item CLIP OS kernel configuration
+@item Last public grsecurity patch (options which they disable)
+@item SECURITY_LOCKDOWN_LSM patchset
+@item Direct feedback from the Linux kernel maintainers
+@end itemize\n
+This tool supports checking Kconfig options and kernel cmdline parameters.")
+ (license license:gpl3)))

base-commit: 97d565c786ee1a1eb920ed66384f60aad20e5cc2
--
2.38.0
C
C
Christopher Baines wrote on 7 Nov 2022 11:57
(name . Hilton Chain)(address . hako@ultrarare.space)
87v8nqo7u5.fsf@cbaines.net
Hilton Chain <hako@ultrarare.space> writes:

Toggle quote (8 lines)
> * gnu/packages/linux.scm (kconfig-hardened-check): New variable.
> ---
> v1 -> v2: Add more description.
>
> gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>

Thanks! That looks good, I've gone ahead and pushed to master as
cad335a32acf8c31b49fe83f1b38b1d1a6da76be.

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNpY1JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9Xe1RxAAuK6PhCrUm0MJLOqYhGcnrhC7yDajly+r
ce+ovjCuHsUwtOOaya9GvNamqA61Znph1c273tr/eMZgBEY8D1532dDngh2uMmEL
s/PRqCGH3rnLLClEKR5bxKIzVVxL5gcPsxON4JsnElFqgKjmOxOm4uI/sYIQ1cAl
CkvN4qL5Nm3i7MMRKuIKiO4LZqkSPgBrSlbBVw01ng+fVi3jKaPW4geCACVB9nA0
LkIZs7ud19YW98TssLJ5fsjCqPZmW6ANvOhugNegMj1lhf9EhpWzRSOiG/lcA5WV
dcMWdl5uKHGQBDu/gkT+YT7HGqmBU9DpDLqo8ZTMbf1QJwUrY469HMB3wyHHrRW+
hn1jvVAOdjfQW2qqQEdD+d7eiozp0SON5T1ovP6+VMzv0x8RsgjhI0uLhKAlZK7Y
A/GajKPNdkid5qydgWl7/cQ5Nn8UsGSgFkeUAB/Su5kHRXKtlffqZWNGzVXiv1fn
seFGVOrIXtBwWie+qF9PE0cMvsTpX9j2B48cSGO7rdelj8Oy3EHbdNTn00aJ5eYo
sJdl08RCodTU67U+YxUml/WfIi0dVoBvtBLQn4Y/Qv5pRjB1Troi/qXi6GusyRSX
NuNcV3E0+Y4Ob76khAa97wusc4fD7LAEKFHjv4bExDt0k0KlkOg6gjvxjbr/OK5F
/izD1qCEFiQ=
=x4kF
-----END PGP SIGNATURE-----

?
Your comment

This issue is archived.

To comment on this conversation send an email to 59043@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 59043
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch