# bump hardened-sources?

## Jacek

Hi,

Is it possible to place a newer hardened-sources (>=2.6.30) in a portage tree?

I have a hardware (onboard RTL8111 network card) which is making a panic on all <=2.6.29* (every 1-3 days), but it have been fixed in 2.6.30 (current uptime 70 days without kernel panic).

I have next (with the same hardware) server, and I have to upgrade to >=2.6.30 and I don't want do it by hand.

I'm using amd64.

Thanks,

Jack

----------

## desultory

Your request would probably get noticed by the right developers more quickly if it was made via the bug tracker, there does not appear to be an existing bug requesting the same version bump, at least according to a quick search.

----------

## Jacek

Thanks for a quick answer.

----------

## Jacek

desultory, is there any chance to speedup this bug request? Over 2 weeks and still no reply, no answer, no new version.  :Sad: 

Nobody (from a developers) is interested in a new version, but a list of users is increasing.

Link to tracker: https://bugs.gentoo.org/show_bug.cgi?id=284746

----------

## desultory

There has been subtle activity, so the maintainers know about the request, they just have yet to comment on it. For now, short of making an ebuild for the bump, it is mostly a matter of waiting.

----------

## mv

Since hardened-sources seem to be "freezed"  :Sad:  I have brewed my own hardened-sources for quite a while: The only difference with gentoo-sources is the grsecurity patch which you can download from the website. If you apply the patch manually, do not forget to remove the "localversion-grsec" file after the patch, or your kernel will be built with a new version extension. However, I prefer my own ebuild in an overlay. Here are instructions how to do it:

First, download the patch from grsecurity (testing) and pack it into a new tar.bz2 file "hardened-patches-2.6.31-1.extras.tar.bz2" which you place into your distdir. Then copy the hardened-sources-2.6.29.ebuild into your local overlay under the name hardened-sources-2.6.31.ebuild and apply the following patch. 

```

--- hardened-sources-2.6.29.ebuild

+++ hardened-sources-2.6.31.ebuild

@@ -4,7 +4,7 @@

 

 ETYPE="sources"

 K_WANT_GENPATCHES="base extras"

-K_GENPATCHES_VER="6"

+K_GENPATCHES_VER="2"

 

 inherit kernel-2

 detect_version

@@ -14,7 +14,8 @@

 SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}"

 

 UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2"

-UNIPATCH_EXCLUDE="4201_fbcondecor-0.9.6.patch"

+UNIPATCH_EXCLUDE="*fbcondecor*"

+UNIPATCH_STRICTORDER="true"

 

 DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})"

 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/"

@@ -22,6 +23,11 @@

 

 KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"

 

+src_unpack() {

+       kernel-2_src_unpack

+       rm -v -- "${S}"/localversion*

+}

+

 pkg_postinst() {

        kernel-2_pkg_postinst

 

```

 Observe that essentially the only change is the code to remove the "localversion-grsec" after the patching. The UNIPATCH_STRICTORDER="true" is useful to guarantee that the grsec-patch is the latest which is applied, independently of how you packaged it. I am not sure whether it is really necessary to exclude the fbcondecor patch, but the hardened team always did, so maybe they have a reason for it. Finally, the K_GENPATCHES_VER can be read from the gentoo-sources ebuild you want to modify. When all is done (especially if the new tarball is in your distdir) call 

```
ebuild hardened-sources-2.6.31.ebuild manifest
```

 and happy emerge.

----------

