[PATCH] gnu: Add kconfig-hardened-check.

  • Done
  • quality assurance status badge
Details
2 participants
  • Hilton Chain
  • Christopher Baines
Owner
unassigned
Submitted by
Hilton Chain
Severity
normal
H
H
Hilton Chain wrote on 5 Nov 2022 11:53
(address . guix-patches@gnu.org)
y76pme14qqb.wl-hako@ultrarare.space
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
---
gnu/packages/linux.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)

Toggle diff (33 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..3aa5613a15 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,24 @@ (define-public tp-smapi-module
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "Tool for checking the security hardening options of the Linux kernel.")
+ (license license:gpl3)))

base-commit: e67f9d7ab0c4bc957a918987a347a9ca429f3b0a
--
2.38.0
C
C
Christopher Baines wrote on 6 Nov 2022 15:12
(name . Hilton Chain)(address . hako@ultrarare.space)
875yfsgocy.fsf@cbaines.net
Hilton Chain via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (6 lines)
> + (synopsis
> + "Tool for checking the security hardening options of the Linux kernel")
> + (description
> + "Tool for checking the security hardening options of the Linux kernel.")

This looks generally OK to me, but could you have a go at writing a
description that's different to the synopsis?

Even just wording it slightly differently would be OK (e.g. "The
@code{kconfig-hardened-check} tool helps with checking the security
hardening options of the Linux kernel").

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNnwa1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdKig//Xx6hcXFBRtOTIJkUmcvN6B5FWjKvUbaT
MoYLYxOWoyX1uZpHSIYsP34EnGKGYi/UPL0bRZSPjGRN8mtSOaz0No9ExKpln/In
AmBxwb8eUPY06Jl5LSqtzEDr7mipZBR5NfwKz8bI0O1SLq7uILy/HWnvX+tkSvus
oJ7HcqhddknBmRBRP5faRGliLphStGPjob4CsKIxL68byux48jwOP3rs0j/UEogz
Og2YAsgMRpCz4ZG4oX2um6NEO/vGIa5nJJf06LxkR7pI2b6jzXP6w+kW6vmSHXI1
N53YWe9qdQUX+6jz0sq9YjPGnBN8fS434VPKPrWUpjZwTnpFKGNwfIwFZQuiYGSo
Pngli0fP8eK2uLA1UrSUTfcK/vhZkg9Av+KDaSuBZcnKWuDLlJpebyx0SjaJwRKb
JFJD2cpNDcU6SISedCG+xrNU08grm9KYTd/+TS5VoFPbXSfovSuobRvBuBMfjHVZ
2wFaxYTasNl7ev48fqs2dMFlZtMkr6gY84g7hKKsaN4P7+IQDp9I+bXbz9FB99ZY
4Bbgbmidah+3JlqHQHxXFcdnB+LIIsAsTt+Zg4EZ4pXpSJp6Z75jhXFyZlgcAiYt
jAljETY0rJ8roczMbjqUyqDv9J9dqxTTco20hIyXPM081L6AbrieWudEs0o1yDjy
wcY2aWQg0T4=
=UFqX
-----END PGP SIGNATURE-----

C
C
Christopher Baines wrote on 6 Nov 2022 15:16
tag 59043 moreinfo
(address . control@debbugs.gnu.org)
87pme0jhhm.fsf@cbaines.net
tags 59043 + moreinfo
quit
H
H
Hilton Chain wrote on 6 Nov 2022 15:52
[PATCH v2] gnu: Add kconfig-hardened-check.
(name . Christopher Baines)(address . mail@cbaines.net)
y768rkodtjw.wl-hako@ultrarare.space
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
---
v1 -> v2: Add more description.

gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)

Toggle diff (42 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..8eadf8354c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,35 @@ (define-public tp-smapi-module
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "@code{kconfig-hardened-check} is a tool for checking the security
+hardening options of the Linux kernel. Provided preferences are based on
+suggestions from various sources, including:
+
+@itemize
+@item KSPP recommended settings
+@item CLIP OS kernel configuration
+@item Last public grsecurity patch (options which they disable)
+@item SECURITY_LOCKDOWN_LSM patchset
+@item Direct feedback from the Linux kernel maintainers
+@end itemize\n
+This tool supports checking Kconfig options and kernel cmdline parameters.")
+ (license license:gpl3)))

base-commit: 97d565c786ee1a1eb920ed66384f60aad20e5cc2
--
2.38.0
C
C
Christopher Baines wrote on 7 Nov 2022 20:57
(name . Hilton Chain)(address . hako@ultrarare.space)
87v8nqo7u5.fsf@cbaines.net
Hilton Chain <hako@ultrarare.space> writes:

Toggle quote (8 lines)
> * gnu/packages/linux.scm (kconfig-hardened-check): New variable.
> ---
> v1 -> v2: Add more description.
>
> gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>

Thanks! That looks good, I've gone ahead and pushed to master as
cad335a32acf8c31b49fe83f1b38b1d1a6da76be.

Thanks,

Chris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmNpY1JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9Xe1RxAAuK6PhCrUm0MJLOqYhGcnrhC7yDajly+r
ce+ovjCuHsUwtOOaya9GvNamqA61Znph1c273tr/eMZgBEY8D1532dDngh2uMmEL
s/PRqCGH3rnLLClEKR5bxKIzVVxL5gcPsxON4JsnElFqgKjmOxOm4uI/sYIQ1cAl
CkvN4qL5Nm3i7MMRKuIKiO4LZqkSPgBrSlbBVw01ng+fVi3jKaPW4geCACVB9nA0
LkIZs7ud19YW98TssLJ5fsjCqPZmW6ANvOhugNegMj1lhf9EhpWzRSOiG/lcA5WV
dcMWdl5uKHGQBDu/gkT+YT7HGqmBU9DpDLqo8ZTMbf1QJwUrY469HMB3wyHHrRW+
hn1jvVAOdjfQW2qqQEdD+d7eiozp0SON5T1ovP6+VMzv0x8RsgjhI0uLhKAlZK7Y
A/GajKPNdkid5qydgWl7/cQ5Nn8UsGSgFkeUAB/Su5kHRXKtlffqZWNGzVXiv1fn
seFGVOrIXtBwWie+qF9PE0cMvsTpX9j2B48cSGO7rdelj8Oy3EHbdNTn00aJ5eYo
sJdl08RCodTU67U+YxUml/WfIi0dVoBvtBLQn4Y/Qv5pRjB1Troi/qXi6GusyRSX
NuNcV3E0+Y4Ob76khAa97wusc4fD7LAEKFHjv4bExDt0k0KlkOg6gjvxjbr/OK5F
/izD1qCEFiQ=
=x4kF
-----END PGP SIGNATURE-----

?