GNU bug report logs -
#59043
[PATCH] gnu: Add kconfig-hardened-check.
Previous Next
Reported by: Hilton Chain <hako <at> ultrarare.space>
Date: Sat, 5 Nov 2022 10:54:02 UTC
Severity: normal
Tags: moreinfo, patch
Done: Christopher Baines <mail <at> cbaines.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59043 in the body.
You can then email your comments to 59043 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#59043; Package
guix-patches.
(Sat, 05 Nov 2022 10:54:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Hilton Chain <hako <at> ultrarare.space>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 05 Nov 2022 10:54:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
---
gnu/packages/linux.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..3aa5613a15 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,24 @@ (define-public tp-smapi-module
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "Tool for checking the security hardening options of the Linux kernel.")
+ (license license:gpl3)))
base-commit: e67f9d7ab0c4bc957a918987a347a9ca429f3b0a
--
2.38.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#59043; Package
guix-patches.
(Sun, 06 Nov 2022 14:17:02 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hilton Chain via Guix-patches via <guix-patches <at> gnu.org> writes:
> + (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
> + (synopsis
> + "Tool for checking the security hardening options of the Linux kernel")
> + (description
> + "Tool for checking the security hardening options of the Linux kernel.")
This looks generally OK to me, but could you have a go at writing a
description that's different to the synopsis?
Even just wording it slightly differently would be OK (e.g. "The
@code{kconfig-hardened-check} tool helps with checking the security
hardening options of the Linux kernel").
Thanks,
Chris
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#59043; Package
guix-patches.
(Sun, 06 Nov 2022 14:17:02 GMT)
Full text and
rfc822 format available.
Added tag(s) moreinfo.
Request was from
Christopher Baines <mail <at> cbaines.net>
to
control <at> debbugs.gnu.org.
(Sun, 06 Nov 2022 14:17:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#59043; Package
guix-patches.
(Sun, 06 Nov 2022 14:53:02 GMT)
Full text and
rfc822 format available.
Message #16 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/linux.scm (kconfig-hardened-check): New variable.
---
v1 -> v2: Add more description.
gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..8eadf8354c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,35 @@ (define-public tp-smapi-module
@acronym{SMAPI, System Management Application Program Interface} and direct
access to the embedded controller.")
(license license:gpl2+)))
+
+(define-public kconfig-hardened-check
+ (package
+ (name "kconfig-hardened-check")
+ (version "0.5.17")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0p9pywfxwyk4yfgaf7bhqrf72ywc6w6k77dbi7lldynha886ih4a"))))
+ (build-system python-build-system)
+ (home-page "https://github.com/a13xp0p0v/kconfig-hardened-check")
+ (synopsis
+ "Tool for checking the security hardening options of the Linux kernel")
+ (description
+ "@code{kconfig-hardened-check} is a tool for checking the security
+hardening options of the Linux kernel. Provided preferences are based on
+suggestions from various sources, including:
+
+@itemize
+@item KSPP recommended settings
+@item CLIP OS kernel configuration
+@item Last public grsecurity patch (options which they disable)
+@item SECURITY_LOCKDOWN_LSM patchset
+@item Direct feedback from the Linux kernel maintainers
+@end itemize\n
+This tool supports checking Kconfig options and kernel cmdline parameters.")
+ (license license:gpl3)))
base-commit: 97d565c786ee1a1eb920ed66384f60aad20e5cc2
--
2.38.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#59043; Package
guix-patches.
(Sun, 06 Nov 2022 14:53:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#59043; Package
guix-patches.
(Mon, 07 Nov 2022 19:59:01 GMT)
Full text and
rfc822 format available.
Message #22 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hilton Chain <hako <at> ultrarare.space> writes:
> * gnu/packages/linux.scm (kconfig-hardened-check): New variable.
> ---
> v1 -> v2: Add more description.
>
> gnu/packages/linux.scm | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>
Thanks! That looks good, I've gone ahead and pushed to master as
cad335a32acf8c31b49fe83f1b38b1d1a6da76be.
Thanks,
Chris
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Christopher Baines <mail <at> cbaines.net>:
You have taken responsibility.
(Mon, 07 Nov 2022 19:59:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Hilton Chain <hako <at> ultrarare.space>:
bug acknowledged by developer.
(Mon, 07 Nov 2022 19:59:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 06 Dec 2022 12:24:08 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 196 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.