1 files changed, 99 insertions, 42 deletions
diff --git a/libre/linux-libre-hardened/PKGBUILD b/libre/linux-libre-hardened/PKGBUILD
index 5a164640c..506d116ad 100644
--- a/libre/linux-libre-hardened/PKGBUILD
+++ b/libre/linux-libre-hardened/PKGBUILD
@@ -9,22 +9,36 @@ _replacesoldkernels=() # '%' gets replaced with kernel suffix
 _replacesoldmodules=() # '%' gets replaced with kernel suffix
 
 pkgbase=linux-libre-hardened
-pkgver=5.7.16.a
-pkgrel=1
+pkgver=6.7.3.hardened1
+pkgrel=3
 pkgdesc='Security-Hardened Linux-libre'
 url='https://linux-libre.fsfla.org/'
 arch=(x86_64)
 license=(GPL2)
 makedepends=(
-  bc kmod libelf
-  xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick
+  bc
+  cpio
+  gettext
+  libelf
+  pahole
+  perl
+  python
+  tar
+  xz
+
+  # htmldocs
+  graphviz
+  imagemagick
+  python-sphinx
+  texlive-latexextra
 )
 options=('!strip')
-_srcname=linux-5.7
+_srcname=linux-6.7
+_srctag=${pkgver%.*}-${pkgver##*.}
 source=(
   "https://linux-libre.fsfla.org/pub/linux-libre/releases/${_srcname##*-}-gnu/linux-libre-${_srcname##*-}-gnu.tar.xz"{,.sign}
   "https://linux-libre.fsfla.org/pub/linux-libre/releases/${pkgver%.*}-gnu/patch-${_srcname##*-}-gnu-${pkgver%.*}-gnu.xz"{,.sign}
-  "https://github.com/anthraxx/linux-hardened/releases/download/$pkgver/linux-hardened-$pkgver.patch"{,.sig}
+  "https://github.com/anthraxx/linux-hardened/releases/download/${_srctag}/linux-hardened-${_srctag}.patch"{,.sig}
   "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_"{clut224.ppm,vga16.ppm,mono.pbm}{,.sig}
   config         # the main kernel config file
 
@@ -36,31 +50,48 @@ source=(
   # http://www.fsfla.org/pipermail/linux-libre/2015-November/003202.html
   0002-fix-Atmel-maXTouch-touchscreen-support.patch
   # Arch Linux patches
-  sphinx-workaround.patch
+  # https://gitlab.archlinux.org/archlinux/packaging/packages/linux-hardened
+  0001-Revert-mm-sparsemem-fix-race-in-accessing-memory_sec.patch
 )
 validpgpkeys=(
-  '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
-  '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A' # Daniel Micay
-  '6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78' # David P.
-  'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak
+  474402C8C582DAFBE389C427BCB7CF877E7D47A7 # Alexandre Oliva
+  65EEFE022108E2B708CBFCF7F9E712E59AF5F22A # Daniel Micay
+  6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78 # David P.
+  E240B57E2C4630BA768E2F26FC1B547C8D8172C8 # Levente Polyak
 )
-sha512sums=('4805b2956f628c6581e86d67b1996b5b404e7f4b5d29ecfe708ddca45344571d75018364d8f0049835d4286ca1ba591307be263536d1bed0ea006696a8b8ac73'
+sha256sums=('eb43c7dfe646d607ce7f010fa77789260db46fad1086dcd5c7f8df0bee9c14b0'
             'SKIP'
-            '647e349deb1d5630c29d2958d91fa777b13bc1eff250220d810eaa7b61b0aa49bc3ebfa043f054bcb12d9a0a946820e7dbc8c763c7d40a4a9f20d874a4e7eeb2'
+            '2b28165b2bd4fb1c833d79cab429d5a282dd41d94cee54370f21ff2261f36cf8'
             'SKIP'
-            'bf33d52de3f2e6b795820aaf39c5e36faad6ecbe053eb8ee0c54c1794bec51a7581a5ef1dda50e508c15310b20509dd212c486673e2ef4b309eb9ce1bbb1b154'
+            'a427d149a67eec747cf070cd176033663b2bfd972b4ba114049e9aee0a644d0e'
             'SKIP'
-            '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
+            'bfd4a7f61febe63c880534dcb7c31c5b932dde6acf991810b41a939a93535494'
             'SKIP'
-            '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
+            '6de8a8319271809ffdb072b68d53d155eef12438e6d04ff06a5a4db82c34fa8a'
             'SKIP'
-            '267295aa0cea65684968420c68b32f1a66a22d018b9d2b2c1ef14267bcf4cb68aaf7099d073cbfefe6c25c8608bdcbbd45f7ac8893fdcecbf1e621abdfe9ecc1'
+            '13bd7a8d9ed6b6bc971e4cd162262c5a20448a83796af39ce394d827b0e5de74'
             'SKIP'
-            '40c217a36fd5aecd2fa4d8de9ac90d2b58f3e15b23be199b80b69cee393f1a755ad221a4fce74e7eb63ffc700491c80ee5a1462a82874db31906fdeed9fded1b'
-            '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
-            'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
-            '98e97155f86bbe837d43f27ec1018b5b6fdc6c372d6f7f2a0fe29da117d53979d9f9c262f886850d92002898682781029b80d4ee923633fc068f979e6c8254be')
-  
+            '133c9b3908b52912ad04fcad1de76c1af61e2fe81984c979057f8e58f8aabf74'
+            '0376bd5efa31d4e2a9d52558777cebd9f0941df8e1adab916c868bf0c05f2fc3'
+            '351fd96be8cd5ebd0435c0a8a978673fc023e3b1026085e67f86d815b2285e25'
+            '88c88d845998b88cb9fa617b2f30e35f05b168c2bdd52537cd6a8b6aac173641')
+b2sums=('45471cdf9e8fc37e384bdcfc2d22b113850daf62a5bea70a1dc6ea402fd2f924bc21cb0275f7e22532092e20af6de7fc2bc7f2056321d29fd29e5cb0e7e80f87'
+        'SKIP'
+        'eb0ad58e4bc9603c59fa41181b18b189325a2576a28de57e933d147d946b814ec8c95b813b7a3e01742e340951d0f9dd68fb1b209e4e25fdfed8ed15166e30a4'
+        'SKIP'
+        '64b7a697d32582e725125d32303983d2d32bfb8591848be8e1ce7971ce0118d464264c2d3e154cb088bf4f0c614facb07c368aade40f22886d7351cec5c929b1'
+        'SKIP'
+        '73fee2ae5cb1ffd3e6584e56da86a8b1ff6c713aae54d77c0dab113890fc673dc5f300eb9ed93fb367b045ece8fa80304ff277fe61665eccf7b7ce24f0c045eb'
+        'SKIP'
+        'd02a1153a4285b32c774dca4560fe37907ccf30b8e487a681b717ed95ae9bed5988875c0a118938e5885ae9d2857e53a6f216b732b6fa3368e3c5fe08c86382c'
+        'SKIP'
+        '580911af9431c066bbc072fd22d5e2ef65f12d8358cec5ff5a4f1b7deebb86cef6b5c1ad631f42350af72c51d44d2093c71f761234fb224a8b9dbb3b64b8201d'
+        'SKIP'
+        '6b04c78215f9c0c582d301b3cc6d30d1ec7ffb0d13db821d60a02a37c649a1f12b50cd4337baa22adf8983d6a98f04eb4d626ddd3a21b648b22be3fc695932df'
+        'c2214154c36900e311531bfe68184f31639f5c50fed23bc3803a7f18439b7ff258552a39f02fed0ea92f10744e17a6c55cef0ef1a98187f978fe480fb3dddc14'
+        '0c7ceba7cd90087db3296610a07886f337910bad265a32c052d3a703e6eb8e53f355ab9948d72d366408d968d8ee7435084dd89bef5ed0b69355fd884c2cd468'
+        '687419d6145974e147419d658eec47efa019064f26378081a12ff145f62a141deec42cabfbdedfe5bc27333e1e610a059d3d5584d0d1afd545d8542f9c6d44d7')
+
 _replacesarchkernel=("${_replacesarchkernel[@]/\%/${pkgbase#linux-libre}}")
 _replacesoldkernels=("${_replacesoldkernels[@]/\%/${pkgbase#linux-libre}}")
 _replacesoldmodules=("${_replacesoldmodules[@]/\%/${pkgbase#linux-libre}}")
@@ -82,8 +113,8 @@ prepare() {
     ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
 
   echo "Setting version..."
-  sed -e "/^EXTRAVERSION = -gnu/s/= -gnu.*/= .${pkgver##*.}-gnu/" -i Makefile
-  scripts/setlocalversion --save-scmversion
+  sed -e "/^[-+]EXTRAVERSION =/s/= */= -gnu/" \
+      -i "../linux-hardened-$_srctag.patch"
   echo "-$pkgrel" > localversion.10-pkgrel
   echo "${pkgbase#linux-libre}" > localversion.20-pkgname
 
@@ -91,6 +122,7 @@ prepare() {
   for src in "${source[@]}"; do
     src="${src%%::*}"
     src="${src##*/}"
+    src="${src%.zst}"
     [[ $src = *.patch ]] || continue
     echo "Applying patch $src..."
     patch -Np1 < "../$src"
@@ -99,6 +131,7 @@ prepare() {
   echo "Setting config..."
   cp ../config .config
   make olddefconfig
+  diff -u ../config .config || :
 
   make -s kernelrelease > version
   echo "Prepared $pkgbase version $(<version)"
@@ -106,24 +139,39 @@ prepare() {
 
 build() {
   cd $_srcname
+
+  make htmldocs &
+  local pid_docs=$!
+
   make all
-  make htmldocs
+  wait "${pid_docs}"
 }
 
 _package() {
   pkgdesc="The $pkgdesc kernel and modules"
-  depends=(coreutils kmod initramfs)
-  optdepends=('crda: to set the correct wireless channels of your country'
-              'linux-libre-firmware: firmware images needed for some devices'
-              'usbctl: deny_new_usb control')
-  provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE)
+  depends=(
+    coreutils
+    initramfs
+    kmod
+  )
+  optdepends=(
+    'wireless-regdb: to set the correct wireless channels of your country'
+    'linux-libre-firmware: firmware images needed for some devices'
+    'usbctl: deny_new_usb control'
+  )
+  provides=(
+    KSMBD-MODULE
+    VIRTUALBOX-GUEST-MODULES
+    WIREGUARD-MODULE
+  )
+  replaces=(
+  )
   provides+=("${_replacesarchkernel[@]/%/=${pkgver%.*}}" "LINUX-ABI_VERSION=${pkgver%.*}")
   conflicts=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
   replaces=("${_replacesarchkernel[@]}" "${_replacesoldkernels[@]}" "${_replacesoldmodules[@]}")
 
   cd $_srcname
-  local kernver="$(<version)"
-  local modulesdir="$pkgdir/usr/lib/modules/$kernver"
+  local modulesdir="$pkgdir/usr/lib/modules/$(<version)"
 
   echo "Installing boot image..."
   # systemd expects to find the kernel here to allow hibernation
@@ -134,14 +182,16 @@ _package() {
   echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
 
   echo "Installing modules..."
-  make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 modules_install
+  ZSTD_CLEVEL=19 make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \
+    DEPMOD=/doesnt/exist modules_install  # Suppress depmod
 
-  # remove build and source links
-  rm "$modulesdir"/{source,build}
+  # remove build link
+  rm "$modulesdir"/build
 }
 
 _package-headers() {
   pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
+  depends=(pahole)
   provides=("${_replacesarchkernel[@]/%/-headers=${pkgver%.*}}")
   conflicts=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
   replaces=("${_replacesarchkernel[@]/%/-headers}" "${_replacesoldkernels[@]/%/-headers}")
@@ -156,11 +206,11 @@ _package-headers() {
   install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
   cp -t "$builddir" -a scripts
 
-  # add objtool for external module building and enabled VALIDATION_STACK option
+  # required when STACK_VALIDATION is enabled
   install -Dt "$builddir/tools/objtool" tools/objtool/objtool
 
-  # add xfs and shmem for aufs building
-  mkdir -p "$builddir"/{fs/xfs,mm}
+  # required when DEBUG_INFO_BTF_MODULES is enabled
+  # install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids
 
   echo "Installing headers..."
   cp -t "$builddir" -a include
@@ -170,14 +220,17 @@ _package-headers() {
   install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
   install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
 
-  # http://bugs.archlinux.org/task/13146
+  # https://bugs.archlinux.org/task/13146
   install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
 
-  # http://bugs.archlinux.org/task/20402
+  # https://bugs.archlinux.org/task/20402
   install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
   install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
   install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
 
+  # https://bugs.archlinux.org/task/71392
+  install -Dt "$builddir/drivers/iio/common/hid-sensors" -m644 drivers/iio/common/hid-sensors/*.h
+
   echo "Installing KConfig files..."
   find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
 
@@ -201,7 +254,7 @@ _package-headers() {
   echo "Stripping build tools..."
   local file
   while read -rd '' file; do
-    case "$(file -bi "$file")" in
+    case "$(file -Sib "$file")" in
       application/x-sharedlib\;*)      # Libraries (.so)
         strip -v $STRIP_SHARED "$file" ;;
       application/x-archive\;*)        # Libraries (.a)
@@ -243,7 +296,11 @@ _package-docs() {
   ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
 }
 
-pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
+pkgname=(
+  "$pkgbase"
+  "$pkgbase-headers"
+  "$pkgbase-docs"
+)
 for _p in "${pkgname[@]}"; do
   eval "package_$_p() {
     $(declare -f "_package${_p#$pkgbase}")