joborun-pkg/jobcore
joborun-pkg/jobcore
Template
2
1
Fork 0
Code Issues Pull requests Projects Releases Activity

clean jobcore

Browse source
This commit is contained in:
joborun linux 2023-08-19 02:50:05 +03:00
parent fbbca9aac1
commit 72fbad89f0
6 changed files with 0 additions and 11144 deletions
Download patch file Download diff file Expand all files Collapse all files

42
jobo-mirror/pkg/jobo-mirror/etc/pacman.d/README.txt
View file

@ -1,42 +0,0 @@
OSDN services have become a major obstacle to our work
and we sincerely regret relying on them, but seeking other
such service has proved more difficult than we thought.
At this time and since July 9th 2023 uloads have been
blocked, although their mirrors now work and seem
synchronized. To keep users alert of ongoing work
and upgrades we have swithced to a temporary solution
with disroot which is 100% reliable but limited.
Since OSDN is more down than up we are in search for new file/binary
repositories and mirrors. Meanwhile, as a source repository
git.disroot.org has been 100% reliable, but the total amount of
files stores is limited. This disroot repository only holds
the repository databases, not the packages themselves. In lack
of another solution you will have to build any updates to your
system using our source, as explained in the wiki.
the 3 OSDN mirrors below will be functional once OSDN resumes
service, so comment out disroot and uncomment the other three
when it is announced in Joborun's webpage (news) or reddit
r/joborun board. Sorry for the inconvenience, this is the
best we can do at the moment given the resources available to us.
# pacman database only, no packages to download
Server = https://git.disroot.org/joborun-pkg/repos/raw/branch/main/
# osdn mirrors once they become available for uploads again
# DOWN since July 9th 2023
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/repos/
#Server = https://free.nchc.org.tw/osdn/storage/g/j/jo/joborun/repos/
#Server = https://osdn.net/projects/joborun/storage/repos/
## Unfortunately SourcForge mirrors only partially work
## which is the same as not working. The reason is that SF doesn't
## allow a : in their filesystem, being MS-Win oriented, and
## without knowing this when we uploaded, SF translates all : in
## the pkg name into an _ therefore pkgs like gtk3 or grub
## will not be found and you get a 404 errro trying to install them
## So we are back to square one. Waiting for OSDN mirrors to
## become operational again.

31
linux-lts/config.warnings.5.10.180
View file

@ -1,31 +0,0 @@
.config:45:warning: override: reassigning to symbol HAVE_KERNEL_XZ
.config:48:warning: override: reassigning to symbol HAVE_KERNEL_LZ4
.config:49:warning: override: reassigning to symbol HAVE_KERNEL_ZSTD
.config:120:warning: override: VIRT_CPU_ACCOUNTING_GEN changes choice state
.config:917:warning: override: reassigning to symbol MODULE_SIG_SHA256
.config:2376:warning: unexpected data: MTD_NAND_RICOH=y
.config:2556:warning: unexpected data: IDE=y
.config:3149:warning: symbol value 'm' invalid for NET_VENDOR_MARVELL
.config:3228:warning: symbol value 'm' invalid for NET_VENDOR_NVIDIA
.config:3978:warning: symbol value 'm' invalid for TOUCHSCREEN_ATMEL_MXT_T37
.config:4055:warning: symbol value 'm' invalid for TOUCHSCREEN_TSC2007_IIO
.config:4638:warning: symbol value 'm' invalid for GPIO_TPS68470
.config:5015:warning: override: reassigning to symbol X86_THERMAL_VECTOR
.config:5026:warning: symbol value 'm' invalid for PROC_THERMAL_MMIO_RAPL
.config:5258:warning: symbol value 'm' invalid for MFD_ARIZONA
.config:5472:warning: symbol value 'm' invalid for DVB_DYNAMIC_MINORS
.config:5692:warning: symbol value 'm' invalid for DVB_AV7110_IR
.config:5694:warning: symbol value 'm' invalid for DVB_AV7110_OSD
.config:6204:warning: unexpected data: NOUVEAU_LEGACY_CTX_SUPPORT=m
.config:6209:warning: symbol value 'm' invalid for DRM_NOUVEAU_BACKLIGHT
.config:6210:warning: symbol value 'm' invalid for DRM_NOUVEAU_SVM
.config:6722:warning: symbol value 'm' invalid for SND_SOC_SOF_DEBUG_PROBES
.config:8559:warning: override: reassigning to symbol AD7192
.config:9402:warning: override: SQUASHFS_DECOMP_MULTI changes choice state
.config:9403:warning: override: SQUASHFS_DECOMP_MULTI_PERCPU changes choice state
.config:9436:warning: unexpected data: PSTORE_LZ4_COMPRESS_DEFAULT=y
.config:9599:warning: unexpected data: PAGE_TABLE_ISOLATION=y
.config:9667:warning: override: INIT_STACK_ALL_ZERO changes choice state
.config:9875:warning: symbol value 'm' invalid for CRYPTO_ARCH_HAVE_LIB_BLAKE2S
.config:9876:warning: symbol value 'm' invalid for CRYPTO_LIB_BLAKE2S_GENERIC
.config:10431:warning: unexpected data: MEMTEST=y

151
linux/linux-lts/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
View file

@ -1,151 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Mon, 16 Sep 2019 04:53:20 +0200
Subject: [PATCH] ZEN: Add sysctl and CONFIG to disallow unprivileged
CLONE_NEWUSER
Our default behavior continues to match the vanilla kernel.
---
include/linux/user_namespace.h | 4 ++++
init/Kconfig | 16 ++++++++++++++++
kernel/fork.c | 14 ++++++++++++++
kernel/sysctl.c | 12 ++++++++++++
kernel/user_namespace.c | 7 +++++++
5 files changed, 53 insertions(+)
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 33a4240e6a6f..82213f9c4c17 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -139,6 +139,8 @@ static inline void set_rlimit_ucount_max(struct user_namespace *ns,
#ifdef CONFIG_USER_NS
+extern int unprivileged_userns_clone;
+
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
if (ns)
@@ -172,6 +174,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns);
struct ns_common *ns_get_owner(struct ns_common *ns);
#else
+#define unprivileged_userns_clone 0
+
static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
{
return &init_user_ns;
diff --git a/init/Kconfig b/init/Kconfig
index d19ed66aba3b..a67689ca1929 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1231,6 +1231,22 @@ config USER_NS
If unsure, say N.
+config USER_NS_UNPRIVILEGED
+ bool "Allow unprivileged users to create namespaces"
+ default y
+ depends on USER_NS
+ help
+ When disabled, unprivileged users will not be able to create
+ new namespaces. Allowing users to create their own namespaces
+ has been part of several recent local privilege escalation
+ exploits, so if you need user namespaces but are
+ paranoid^Wsecurity-conscious you want to disable this.
+
+ This setting can be overridden at runtime via the
+ kernel.unprivileged_userns_clone sysctl.
+
+ If unsure, say Y.
+
config PID_NS
bool "PID Namespaces"
default y
diff --git a/kernel/fork.c b/kernel/fork.c
index 908ba3c93893..b4982474fb93 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -98,6 +98,10 @@
#include <linux/io_uring.h>
#include <linux/bpf.h>
+#ifdef CONFIG_USER_NS
+#include <linux/user_namespace.h>
+#endif
+
#include <asm/pgalloc.h>
#include <linux/uaccess.h>
#include <asm/mmu_context.h>
@@ -1951,6 +1955,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
+ if ((clone_flags & CLONE_NEWUSER) && !unprivileged_userns_clone)
+ if (!capable(CAP_SYS_ADMIN))
+ return ERR_PTR(-EPERM);
+
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
@@ -3067,6 +3075,12 @@ int ksys_unshare(unsigned long unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
+ if ((unshare_flags & CLONE_NEWUSER) && !unprivileged_userns_clone) {
+ err = -EPERM;
+ if (!capable(CAP_SYS_ADMIN))
+ goto bad_unshare_out;
+ }
+
err = check_unshare_flags(unshare_flags);
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 23c08bf3db58..63ab60778e5d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -105,6 +105,9 @@
#ifdef CONFIG_LOCKUP_DETECTOR
#include <linux/nmi.h>
#endif
+#ifdef CONFIG_USER_NS
+#include <linux/user_namespace.h>
+#endif
#if defined(CONFIG_SYSCTL)
@@ -1953,6 +1956,15 @@ static struct ctl_table kern_table[] = {
.proc_handler = proc_dointvec,
},
#endif
+#ifdef CONFIG_USER_NS
+ {
+ .procname = "unprivileged_userns_clone",
+ .data = &unprivileged_userns_clone,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+#endif
#ifdef CONFIG_PROC_SYSCTL
{
.procname = "tainted",
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 5481ba44a8d6..423ab2563ad7 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -21,6 +21,13 @@
#include <linux/bsearch.h>
#include <linux/sort.h>
+/* sysctl */
+#ifdef CONFIG_USER_NS_UNPRIVILEGED
+int unprivileged_userns_clone = 1;
+#else
+int unprivileged_userns_clone;
+#endif
+
static struct kmem_cache *user_ns_cachep __read_mostly;
static DEFINE_MUTEX(userns_state_mutex);

213
linux/linux-lts/PKGBUILD
View file

@ -1,213 +0,0 @@
# Maintainer: Andreas Radke <andyrtr@archlinux.org>
pkgbase=linux-lts
pkgver=5.15.74
pkgrel=1
pkgdesc='LTS Linux'
url="https://www.kernel.org/"
arch=(x86_64)
license=(GPL2)
makedepends=(
bc libelf pahole cpio perl tar xz
xmlto python-sphinx python-sphinx_rtd_theme graphviz imagemagick texlive-latexextra
)
options=('!strip')
_srcname=linux-$pkgver
source=(
https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.{xz,sign}
config # the main kernel config file
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
0002-PCI-Add-more-NVIDIA-controllers-to-the-MSI-masking-q.patch
0003-iommu-intel-do-deep-dma-unmapping-to-avoid-kernel-fl.patch
0004-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch
0005-lg-laptop-Recognize-more-models.patch
0006-Fix-NFSv4-mount-regression.patch
)
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
)
# https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
sha256sums=('2c1539a2f85b835c36c4a07c8270b52b0bec38fdda7339477d07f0c3af8c4265'
'SKIP'
'8924e710cf047279574bd3dd5a8a9869f7baeb0cd291bbaf3b9530c70600a643'
'3b5cfc9ca9cf778ea2c4b619b933cda26519969df2d764b5a687f63cf59974cd'
'c175fbb141c3cec013c799f694d88310375ac5456042f6a4a1adc7667836d786'
'8357f000b2b622e73dcfd41c2bad42b5e99fffe8f7ee64f774aa771f86cef43c'
'5c1ee81fdd5818442af6081de987f9c1a9ce3c8d183566b3dfc19a8433aa3dde'
'067e8995fcd6f6ed25e0253e9374c0e179a000c154da3e59ce62634945ac5be9'
'10801c245064777873b580bea1fc17a4288ec519e0ce9500aa1b7c6e19fe777b')
export KBUILD_BUILD_HOST=archlinux
export KBUILD_BUILD_USER=$pkgbase
export KBUILD_BUILD_TIMESTAMP="$(date -Ru${SOURCE_DATE_EPOCH:+d @$SOURCE_DATE_EPOCH})"
prepare() {
cd $_srcname
echo "Setting version..."
scripts/setlocalversion --save-scmversion
echo "-$pkgrel" > localversion.10-pkgrel
echo "${pkgbase#linux}" > localversion.20-pkgname
local src
for src in "${source[@]}"; do
src="${src%%::*}"
src="${src##*/}"
[[ $src = *.patch ]] || continue
echo "Applying patch $src..."
patch -Np1 < "../$src"
done
echo "Setting config..."
cp ../config .config
make olddefconfig
diff -u ../config .config || :
make -s kernelrelease > version
echo "Prepared $pkgbase version $(<version)"
}
build() {
cd $_srcname
make htmldocs all
}
_package() {
pkgdesc="The $pkgdesc kernel and modules"
depends=(coreutils kmod initramfs)
optdepends=('wireless-regdb: to set the correct wireless channels of your country'
'linux-firmware: firmware images needed for some devices')
provides=(VIRTUALBOX-GUEST-MODULES WIREGUARD-MODULE KSMBD-MODULE)
replaces=(wireguard-lts)
cd $_srcname
local kernver="$(<version)"
local modulesdir="$pkgdir/usr/lib/modules/$kernver"
echo "Installing boot image..."
# systemd expects to find the kernel here to allow hibernation
# https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
# Used by mkinitcpio to name the kernel
echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
echo "Installing modules..."
make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \
DEPMOD=/doesnt/exist modules_install # Suppress depmod
# remove build and source links
rm "$modulesdir"/{source,build}
}
_package-headers() {
pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
depends=(pahole)
cd $_srcname
local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
echo "Installing build files..."
install -Dt "$builddir" -m644 .config Makefile Module.symvers System.map \
localversion.* version vmlinux
install -Dt "$builddir/kernel" -m644 kernel/Makefile
install -Dt "$builddir/arch/x86" -m644 arch/x86/Makefile
cp -t "$builddir" -a scripts
# required when STACK_VALIDATION is enabled
install -Dt "$builddir/tools/objtool" tools/objtool/objtool
# required when DEBUG_INFO_BTF_MODULES is enabled
install -Dt "$builddir/tools/bpf/resolve_btfids" tools/bpf/resolve_btfids/resolve_btfids
echo "Installing headers..."
cp -t "$builddir" -a include
cp -t "$builddir/arch/x86" -a arch/x86/include
install -Dt "$builddir/arch/x86/kernel" -m644 arch/x86/kernel/asm-offsets.s
install -Dt "$builddir/drivers/md" -m644 drivers/md/*.h
install -Dt "$builddir/net/mac80211" -m644 net/mac80211/*.h
# https://bugs.archlinux.org/task/13146
install -Dt "$builddir/drivers/media/i2c" -m644 drivers/media/i2c/msp3400-driver.h
# https://bugs.archlinux.org/task/20402
install -Dt "$builddir/drivers/media/usb/dvb-usb" -m644 drivers/media/usb/dvb-usb/*.h
install -Dt "$builddir/drivers/media/dvb-frontends" -m644 drivers/media/dvb-frontends/*.h
install -Dt "$builddir/drivers/media/tuners" -m644 drivers/media/tuners/*.h
# https://bugs.archlinux.org/task/71392
install -Dt "$builddir/drivers/iio/common/hid-sensors" -m644 drivers/iio/common/hid-sensors/*.h
echo "Installing KConfig files..."
find . -name 'Kconfig*' -exec install -Dm644 {} "$builddir/{}" \;
echo "Removing unneeded architectures..."
local arch
for arch in "$builddir"/arch/*/; do
[[ $arch = */x86/ ]] && continue
echo "Removing $(basename "$arch")"
rm -r "$arch"
done
echo "Removing documentation..."
rm -r "$builddir/Documentation"
echo "Removing broken symlinks..."
find -L "$builddir" -type l -printf 'Removing %P\n' -delete
echo "Removing loose objects..."
find "$builddir" -type f -name '*.o' -printf 'Removing %P\n' -delete
echo "Stripping build tools..."
local file
while read -rd '' file; do
case "$(file -bi "$file")" in
application/x-sharedlib\;*) # Libraries (.so)
strip -v $STRIP_SHARED "$file" ;;
application/x-archive\;*) # Libraries (.a)
strip -v $STRIP_STATIC "$file" ;;
application/x-executable\;*) # Binaries
strip -v $STRIP_BINARIES "$file" ;;
application/x-pie-executable\;*) # Relocatable binaries
strip -v $STRIP_SHARED "$file" ;;
esac
done < <(find "$builddir" -type f -perm -u+x ! -name vmlinux -print0)
echo "Stripping vmlinux..."
strip -v $STRIP_STATIC "$builddir/vmlinux"
echo "Adding symlink..."
mkdir -p "$pkgdir/usr/src"
ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
}
_package-docs() {
pkgdesc="Documentation for the $pkgdesc kernel"
cd $_srcname
local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
echo "Installing documentation..."
local src dst
while read -rd '' src; do
dst="${src#Documentation/}"
dst="$builddir/Documentation/${dst#output/}"
install -Dm644 "$src" "$dst"
done < <(find Documentation -name '.*' -prune -o ! -type d -print0)
echo "Adding symlink..."
mkdir -p "$pkgdir/usr/share/doc"
ln -sr "$builddir/Documentation" "$pkgdir/usr/share/doc/$pkgbase"
}
pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-docs")
for _p in "${pkgname[@]}"; do
eval "package_$_p() {
$(declare -f "_package${_p#$pkgbase}")
_package${_p#$pkgbase}
}"
done
# vim:set ts=8 sts=2 sw=2 et:

10701
linux/linux-lts/config
View file

File diff suppressed because it is too large Load diff

6
pklist
View file

@ -1,6 +0,0 @@
testing/libnghttp2 1.50.0-01 1.51.0-1 -0.02 MiB
testing/libpipeline 1.5.6-01 1.5.7-1 -0.02 MiB
testing/libxcrypt 4.4.30-01 4.4.31-1 -0.02 MiB
testing/nano 6.4-01 7.0-1 -0.01 MiB 0.58 MiB
testing/xfsprogs 5.19.0-02 6.0.0-1 -1.99 MiB
testing/xz 5.2.7-01 5.2.8-1 0.00 MiB