[Lunar-commits] CVS: moonbase/kernel/linux-2.6-grsec BUILD, NONE,
1.1 CONFIGURE, NONE, 1.1 DEPENDS, NONE, 1.1 DETAILS, NONE,
1.1 POST_INSTALL, NONE, 1.1 PRE_BUILD, NONE, 1.1
Jaime Buffery
nestu at lunar-linux.org
Tue Oct 12 15:16:47 UTC 2004
Update of /var/cvs/lunar/moonbase/kernel/linux-2.6-grsec
In directory espresso.foo-projects.org:/tmp/cvs-serv10185/linux-2.6-grsec
Added Files:
BUILD CONFIGURE DEPENDS DETAILS POST_INSTALL PRE_BUILD
Log Message:
First grsec for 2.6.X in moonbase. Yay! ;)
gcc 3.3.3, glibc 2.3.2, headers 2.6.8.1
--- NEW FILE: BUILD ---
cd /usr/src/linux
while
case $CONFIG_KERNEL in
y|Y)
case $CONFIG_METHOD in
xconfig )
if [ "$DISPLAY" ]; then
make xconfig || make menuconfig || make config
else
make menuconfig || make config
fi
;;
menuconfig )
make menuconfig || make config
;;
config )
make config
;;
esac
if query "Repeat $CONFIG_METHOD? " n ; then
CONFIG_KERNEL=y
else
CONFIG_KERNEL=n
fi
;;
*)
false
;;
esac
do
true
done
(
yes n | make oldconfig
cp .config $CONFIG_CACHE/.config-2.6-grsec
rm -f arch/i386/boot/bzImage
# Because parallel make seems not to work, a hack
optimize_make &&
KMAKES=${MAKES:=1} &&
make -j${KMAKES} bzImage &&
make -j${KMAKES} modules &&
backup_mods_krnl ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} &&
prepare_install &&
make modules_install &&
cp arch/i386/boot/bzImage /boot/${KERNEL_VERSION}-grsec-${GRSEC_VERSION} &&
cp System.map /boot/System.map-${KERNEL_VERSION}-grsec-${GRSEC_VERSION}
) > $C_FIFO 2>&1
--- NEW FILE: CONFIGURE ---
if ! grep -q "BOOT_LOADER" $MODULE_CONFIG; then
# message "The Linux Kernel requires a boot loader"
message "Choose either GRUB or LILO"
# BOOT_LOADER=lilo
if query "Use LILO?" y ; then
BOOT_LOADER=lilo
else
BOOT_LOADER=grub
fi
echo "BOOT_LOADER=$BOOT_LOADER" >> $MODULE_CONFIG
fi
CONFIG_GRUB="n"
CONFIG_LILO="n"
if grep -q "BOOT_LOADER=grub" $MODULE_CONFIG && query "Configure grub?" n ; then
CONFIG_GRUB=y
fi
if grep -q "BOOT_LOADER=lilo" $MODULE_CONFIG && query "Configure lilo?" n ; then
CONFIG_LILO=y
fi
if ! grep -q "CONFIG_METHOD=" $MODULE_CONFIG ; then
if query "Do you prefer make menuconfig over make config" y ; then
CONFIG_METHOD="menuconfig"
else
CONFIG_METHOD="config"
fi
echo "CONFIG_METHOD=$CONFIG_METHOD" >> $MODULE_CONFIG
fi
if [ ! -f $CONFIG_CACHE/.config-2.6-grsec ]; then
message "Preparing to make menuconfig."
CONFIG_KERNEL="y"
else
message "Reconfiguration is optional."
if query "Configure linux kernel?" n ; then
CONFIG_KERNEL=y
else
CONFIG_KERNEL=n
fi
fi
TEMP=`grep -v "CONFIG_KERNEL=" $MODULE_CONFIG | grep -v "CONFIG_LILO=" | grep -v "CONFIG_GRUB="`
echo "$TEMP" > $MODULE_CONFIG
echo "CONFIG_KERNEL=$CONFIG_KERNEL" >> $MODULE_CONFIG
echo "CONFIG_LILO=$CONFIG_LILO" >> $MODULE_CONFIG
echo "CONFIG_GRUB=$CONFIG_GRUB" >> $MODULE_CONFIG
--- NEW FILE: DEPENDS ---
depends module-init-tools &&
depends gradm
--- NEW FILE: DETAILS ---
MODULE=linux-2.6-grsec
KERNEL_VERSION=2.6.7
GRSEC_VERSION=2.0.1
VERSION=${KERNEL_VERSION}-${GRSEC_VERSION}
SOURCE=linux-${KERNEL_VERSION}.tar.bz2
SOURCE2=grsecurity-${GRSEC_VERSION}-${KERNEL_VERSION}.patch
SOURCE_DIRECTORY=linux-${KERNEL_VERSION}-grsec-${GRSEC_VERSION}
SOURCE_URL[0]=$KERNEL_URL/pub/linux/kernel/v2.6/
SOURCE_URL[1]=http://www.kernel.org/pub/linux/kernel/v2.6/
SOURCE2_URL=http://www.grsecurity.org/
SOURCE_VFY=sha1:a030a9c6dcd10c5d90a86f915ad4710084cbca71
SOURCE2_VFY=sha1:caa94787653362783849a4424d3e24430acf29ab
WEB_SITE=http://www.kernel.org
ENTERED=20041012
UPDATED=20041012
KEEP_SOURCE="on"
SHORT="The Linux kernel with the latest grsecurity patch"
cat << EOF
grsecurity is an innovative approach to security utilizing a multi-layered
detection, prevention, and containment model. It is licensed under the GPL.
It offers among many other features:
* An intelligent and robust Role-Based Access Control (RBAC) system that can
generate least privilege policies for your entire system with no
configuration
* Change root (chroot) hardening
* /tmp race prevention
* Extensive auditing
* Prevention of entire classes of exploits related to address space bugs
(from the PaX project)
* Additional randomness in the TCP/IP stack
* A restriction that allows a user to only view his/her processes
* Every security alert or audit contains the IP address of the person that
caused the event
EOF
--- NEW FILE: POST_INSTALL ---
# Done to shorten the boot label for lilo
#LABEL=`echo ${VERSION} | sed 's/-//g' | sed 's/test/t/g'`
case $BOOT_LOADER in
lilo) update_lilo ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} ;;
grub) update_grub ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} ;;
aboot) update_aboot ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} ${KERNEL_VERSION}-grsec-${GRSEC_VERSION} ;;
esac
# Reinstall packages that add their own kernel modules
if module_installed ftpfs; then lin ftpfs; fi
if module_installed cvsfs; then lin cvsfs; fi
if module_installed NVIDIA; then lin NVIDIA; fi
if module_installed cryptoapi; then lin cryptoapi; fi
if module_installed pcmcia-cs; then lin pcmcia-cs; fi
if module_installed mwavem; then lin mwavem; fi
if module_installed cipe; then lin cipe; fi
if module_installed snare-core; then lin snare-core; fi
if module_installed bluez-kernel; then lin bluez-kernel; fi
if module_installed submount; then lin submount; fi
if module_installed hostap-driver; then lin hostap-driver; fi
--- NEW FILE: PRE_BUILD ---
set -x
cd /usr/src
SOURCE_DIR_NAME=linux-${KERNEL_VERSION}-grsec-${GRSEC_VERSION}
if [ ! -d ${SOURCE_DIR_NAME} ]; then
rm -rf linux-${KERNEL_VERSION}
rm -rf linux
unpack $SOURCE
# let's make our source dir have a unique name
mv linux-${KERNEL_VERSION} ${SOURCE_DIR_NAME} &&
ln -s ${SOURCE_DIR_NAME} linux &&
cd linux/ &&
patch_it ${SOURCE2} 1 &&
for config in .config-2.6-grsec .config.beta
do
if [ -f ${CONFIG_CACHE}/${config} ]; then
cp $CONFIG_CACHE/${config} /usr/src/linux/.config
break
fi
done
else
message "Sources found: /usr/src/${SOURCE_DIR_NAME}"
if [ "`readlink linux`" != "${SOURCE_DIR_NAME}" ]; then
rm -rf linux
ln -s ${SOURCE_DIR_NAME} linux
fi
fi
More information about the Lunar-commits
mailing list