Merge pull request #18 from freedomofpress/add-5.15

Added support for 5.15.* builds
freedomofpress · Jan 31, 2022 · bd7c750 · bd7c750
2 parents f108b0d + 0e5c1ab
commit bd7c750
Show file tree

Hide file tree

Showing 5 changed files with 9,808 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
-# debian:buster 2021-02-10
-FROM debian@sha256:1092695e843ad975267131f27a2b523128c4e03d2d96574bbdd7cf949ed51475
+# debian:buster 2021-12-20
+FROM debian@sha256:94ccfd1c5115a6903cbb415f043a0b04e307be3f37b768cf6d6d3edff0021da3
 
 ARG UID=1000
 ARG GID=1000

diff --git a/Makefile b/Makefile
@@ -28,6 +28,12 @@ securedrop-core: ## Builds kernels for SecureDrop servers, 5.4.x
 		LINUX_LOCAL_PATCHES_PATH="$(PWD)/patches" \
 		./scripts/build-kernel-wrapper
 
+securedrop-core-5.15: ## Builds kernels for SecureDrop servers, 5.15.x
+	GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable6 LOCALVERSION="-securedrop" \
+		LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-securedrop-5.15" \
+		LINUX_LOCAL_PATCHES_PATH="$(PWD)/patches" \
+		./scripts/build-kernel-wrapper
+
 securedrop-workstation: ## Builds kernels for SecureDrop Workstation
 	GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable3 LOCALVERSION="-workstation" \
 		LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-workstation-4.14" \

diff --git a/README.md b/README.md
@@ -78,6 +78,10 @@ sha256sum build/*
 # e.g. via Edit->Select All in gnome-terminal
 ```
 
+If your kernel packages are intended for distribution, you *must* retain the kernel source
+tarballs to allow FPF to comply with source requests. Contact the infra team or a SecureDrop
+maintainer to ensure that the tarballs are stored and available.
+
 ## Reproducible builds
 In the spirit of [reproducible builds], this repo attempts to make fully reproducible
 kernel images. There are some catches, however: a custom kernel patch is included