release v0.9.2: dirtydecrypt verified on mainline 6.19.7 (22 → 28)
release / build (arm64) (push) Waiting to run
release / build (x86_64) (push) Waiting to run
release / build (x86_64-static / musl) (push) Waiting to run
release / build (arm64-static / musl) (push) Waiting to run
release / release (push) Blocked by required conditions
release / build (arm64) (push) Waiting to run
release / build (x86_64) (push) Waiting to run
release / build (x86_64-static / musl) (push) Waiting to run
release / build (arm64-static / musl) (push) Waiting to run
release / release (push) Blocked by required conditions
Verifies CVE-2026-31635 dirtydecrypt's OK path on a kernel that predates the bug: 'kernel predates the rxgk RESPONSE-handling code added in 7.0' — match. Confirms detect() doesn't false-positive on older 6.x kernels. Attempted fragnesia (CVE-2026-46300) but mainline 7.0.5 .debs depend on libssl3t64 / libelf1t64 (t64-transition libs from Ubuntu 24.04+ / Debian 13+). No Parallels-supported Vagrant box ships those yet — dpkg --force-depends leaves the kernel package in iHR state with no /boot/vmlinuz. Marked manual: true with rationale. Verifier infrastructure: pin-mainline now uses dpkg --force-depends as a fallback so partial-install state can at least be inspected.
This commit is contained in:
Vendored
+5
-1
@@ -150,7 +150,11 @@ Vagrant.configure("2") do |c|
|
||||
curl -fsSL -O "${URL}${f}"
|
||||
done
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
dpkg -i *.deb || apt-get install -f -y -qq
|
||||
# --force-depends so packages still install even when t64-transition
|
||||
# libs (libssl3t64, libelf1t64) are missing on a pre-24.04 rootfs.
|
||||
# The kernel image + modules don't actually need those at boot —
|
||||
# the dependency is for signing/integrity checks at build time.
|
||||
dpkg -i --force-depends *.deb || apt-get install -f -y -qq || true
|
||||
fi # end SKIP_INSTALL guard
|
||||
|
||||
# Pin grub default to the just-installed mainline kernel. Without
|
||||
|
||||
Reference in New Issue
Block a user