1 |
commit: 1f4c512494c5b7c8ffb04c3ea2ff7fac58e6cf3b |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Feb 5 18:02:46 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 5 18:02:46 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=1f4c5124 |
7 |
|
8 |
sys-kernel/hardened-sources: testing patchset 20120203, adds USE=xtpax |
9 |
|
10 |
(Portage version: 2.1.10.44/git/Linux x86_64, signed Manifest commit with key 0xD0455535) |
11 |
|
12 |
--- |
13 |
sys-kernel/hardened-sources/ChangeLog | 8 +++ |
14 |
sys-kernel/hardened-sources/Manifest | 24 +++++++-- |
15 |
.../hardened-sources-2.6.32-r90.ebuild | 52 ++++++++++++++++++++ |
16 |
.../hardened-sources/hardened-sources-3.2.4.ebuild | 51 +++++++++++++++++++ |
17 |
sys-kernel/hardened-sources/metadata.xml | 3 +- |
18 |
5 files changed, 132 insertions(+), 6 deletions(-) |
19 |
|
20 |
diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-sources/ChangeLog |
21 |
index ea7da15..48abacb 100644 |
22 |
--- a/sys-kernel/hardened-sources/ChangeLog |
23 |
+++ b/sys-kernel/hardened-sources/ChangeLog |
24 |
@@ -1,5 +1,13 @@ |
25 |
|
26 |
|
27 |
+*hardened-sources-3.2.4 (05 Feb 2012) |
28 |
+*hardened-sources-2.6.32-r90 (05 Feb 2012) |
29 |
+ |
30 |
+ 05 Feb 2012; Anthony G. Basile <blueness@g.o> |
31 |
+ +hardened-sources-2.6.32-r90.ebuild, +hardened-sources-3.2.4.ebuild, |
32 |
+ metadata.xml: |
33 |
+ testing patchset 20120203, adds USE=xtpax |
34 |
+ |
35 |
28 Jan 2012; Anthony G. Basile <blueness@g.o> |
36 |
-hardened-sources-2.6.32-r89.ebuild, -hardened-sources-3.2.2-r1.ebuild: |
37 |
moved to tree |
38 |
|
39 |
diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest |
40 |
index 975bb45..db1a565 100644 |
41 |
--- a/sys-kernel/hardened-sources/Manifest |
42 |
+++ b/sys-kernel/hardened-sources/Manifest |
43 |
@@ -1,12 +1,26 @@ |
44 |
-----BEGIN PGP SIGNED MESSAGE----- |
45 |
Hash: SHA256 |
46 |
|
47 |
-MISC ChangeLog 14463 RMD160 f16c681899b732235fdfc0743086e34e48e48ff7 SHA1 9e2778be387c60910621f0a99651a579d2941db2 SHA256 35a6c72df3c9efa674b504550c9e5fbe4cd882aaa3bfb0ec7324d560b3f3b4fd |
48 |
-MISC metadata.xml 578 RMD160 7ea189a37d0f863ae9c52170bb85df27d21686fb SHA1 4765c25d7770a69f7b9dda2b1accc8ff27b74ad0 SHA256 64140e091b51002a5355d8fcfd351f2f39ed63da68af3a5751fc2058d0d03813 |
49 |
+DIST deblob-2.6.32 84094 RMD160 394f46ec5b869638a7bc2e87beb118167c9bd6cb SHA1 1a2a1efb72126609d9e3b9be99ae5be2751efd06 SHA256 de625f0bd221c9c38d4453f1b709622f222d86a0ae9350d2b7b0e17795e6de6d |
50 |
+DIST deblob-3.2 107602 RMD160 56f1dfe4f0254c802b49ea5220c4f67e56649852 SHA1 83421184d88d02e24de2adbc5debfb03454a7f4b SHA256 5db88405af6d51a77d84354afc3b2bdf673b1a5dcff37bb8db4ccbd12d91db20 |
51 |
+DIST deblob-check-2.6.32 247608 RMD160 840bf8a229ea79810519eee6241edb85b78a6562 SHA1 d45a24eb16e5ac956c0fcddbc1ac4d67e326c7b8 SHA256 da1aecdf3ab7f1207b90642d303e52262ccc2ed9e49739b729512b88950d17f3 |
52 |
+DIST deblob-check-3.2 423268 RMD160 8cb0c1b4a289db94543396c4445c4c7a35d2ba70 SHA1 01e50f824a577d15749f24643fdd136180342808 SHA256 9e67dd0885aa8ef356dbc15d487c8dea5a54f74c5b03a5d7946b65ee43f12638 |
53 |
+DIST genpatches-2.6.32-48.base.tar.bz2 1033142 RMD160 c42b6a5edbb9965391bbcf6ee40bb79c2080f497 SHA1 95e90447ecd875228121fa32e8cf89eaabde5fa6 SHA256 7438e7b7c0ef32e0c639cf89c4f53a3bc7917ca466b1fcf3931adb65ad05b583 |
54 |
+DIST genpatches-2.6.32-48.extras.tar.bz2 24939 RMD160 055706793fb532caeb3d364c5e1bd0ad46aff4b2 SHA1 2a966a4d5f9a718a0d43c25df563d0377154996f SHA256 ee714d14310fd5242ce2e28a8f8e5fda63ba18957960814876506f8754b9d2a0 |
55 |
+DIST genpatches-3.2-6.base.tar.bz2 84773 RMD160 cd3c6e712dc806879bc7db457948a6d8a8a1035b SHA1 09ae718822fd99eb6c0a1c34e2b37604fd8a60db SHA256 cbde89d0aab03aafa925af320fc4f65e7ed56cf98c02dee0f58a9c8c90a454ec |
56 |
+DIST genpatches-3.2-6.extras.tar.bz2 17208 RMD160 8324da51ce71afb0d375f34b0dd05209079bd7a3 SHA1 c2f4e029aebbc0ae82221aa2643de06a2d08cbd8 SHA256 7f60ab18e2965d024b7a36327577bcc771061f2cfac221ed475a6fd6b2ab89c7 |
57 |
+DIST hardened-patches-2.6.32-92.extras.tar.bz2 568992 RMD160 26bed4cfb7763a26e0d9f6d49752c86e5dc8865b SHA1 20da9ac7d625dd4961b66264660851a5babf3ac7 SHA256 39196f8a4d25fc1b31f3f2db474c165cb5ff5540c0d0d3634254acba7b66ea46 |
58 |
+DIST hardened-patches-3.2.4-1.extras.tar.bz2 525150 RMD160 740c8d0a5e69e7c802d11f1677abcaa9163af323 SHA1 035e1561693ab0ab930c41df7f64ee70f4bc8a5b SHA256 1f40a610c54a0c42b5eaaaa4123def0d4fb6fe0a561778b1891129da7d28b65d |
59 |
+DIST linux-2.6.32.tar.bz2 64424138 RMD160 b93742cbaf8174f2200d2dbef0d47a26c618039c SHA1 410b4fc818023bfef60064e973ff0ab46d3bfb19 SHA256 5099786d80b8407d98a619df00209c2353517f22d804fdd9533b362adcb4504e |
60 |
+DIST linux-3.2.tar.bz2 78147838 RMD160 15eb022305dfc8b0e1d59e396911fa86eb9c3bdf SHA1 3460afa971049aa79b8f914e1bfd619eedd19f55 SHA256 c881fc2b53cf0da7ca4538aa44623a7de043a41f76fd5d0f51a31f6ed699d463 |
61 |
+EBUILD hardened-sources-2.6.32-r90.ebuild 1891 RMD160 fc22b227346b660b55716842af9d94a06d5b883c SHA1 c080daa2c08705db93ab0ed890448808803d8e3e SHA256 0c6d4110dcdff9df7f8fd67b46ae2171de5cde561a798873c95d9d94f57117ae |
62 |
+EBUILD hardened-sources-3.2.4.ebuild 1887 RMD160 bac69fa49947f452d4046ef58b260b59dc49f845 SHA1 6ff173241f598dfb6500a365bac139a9827cf72f SHA256 d5bca11bf754ec9bd44f57c59e9a19fc0039e378c67c5831e82bae9681f4091c |
63 |
+MISC ChangeLog 14732 RMD160 3382c73e83bbb6a4dc7e20f261ea73495147dc57 SHA1 08af21abd7245cbb5f079472b5702d58fa72d21f SHA256 ce189e3326793b2b84fa379e28f9ec52167eec71f32b8a14b831c0fd8aec7dac |
64 |
+MISC metadata.xml 651 RMD160 bd2f856b7c5aea29652610491cd60135e1e9b9f1 SHA1 1741d5fc80ad8f934fa7ad177b4662d1993d8584 SHA256 614ce0d6e8cfcf0b4dbf344b2758f25375afdaadccbfa4f68c3f8f058218f0a6 |
65 |
-----BEGIN PGP SIGNATURE----- |
66 |
Version: GnuPG v2.0.17 (GNU/Linux) |
67 |
|
68 |
-iEYEAREIAAYFAk8jip8ACgkQl5yvQNBFVTXLygCfTC8Q8zBodwW/xhs0qE+0lyy/ |
69 |
-ygEAoKWEVnyTzNNKrN63XF45vL2GddM7 |
70 |
-=Ka0T |
71 |
+iEYEAREIAAYFAk8uxEYACgkQl5yvQNBFVTWGDQCfTEWMqfoQppkmoLUgCxZncnDN |
72 |
+bCIAnRUX33At9qTIgkHrELURi1Bj1Flb |
73 |
+=5TjY |
74 |
-----END PGP SIGNATURE----- |
75 |
|
76 |
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.6.32-r90.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.6.32-r90.ebuild |
77 |
new file mode 100644 |
78 |
index 0000000..332907f |
79 |
--- /dev/null |
80 |
+++ b/sys-kernel/hardened-sources/hardened-sources-2.6.32-r90.ebuild |
81 |
@@ -0,0 +1,52 @@ |
82 |
+# Copyright 1999-2012 Gentoo Foundation |
83 |
+# Distributed under the terms of the GNU General Public License v2 |
84 |
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.6.32-r89.ebuild,v 1.2 2012/01/29 14:34:15 blueness Exp $ |
85 |
+ |
86 |
+EAPI="4" |
87 |
+ |
88 |
+ETYPE="sources" |
89 |
+K_WANT_GENPATCHES="base extras" |
90 |
+K_GENPATCHES_VER="48" |
91 |
+K_DEBLOB_AVAILABLE="1" |
92 |
+ |
93 |
+inherit kernel-2 |
94 |
+detect_version |
95 |
+ |
96 |
+HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-92" |
97 |
+HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-patches-${HGPV}.extras.tar.bz2" |
98 |
+SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" |
99 |
+ |
100 |
+UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" |
101 |
+UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch" |
102 |
+! use xtpax && UNIPATCH_EXCLUDE+=" 4425_grsec_enable_xtpax.patch" |
103 |
+ |
104 |
+DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})" |
105 |
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" |
106 |
+IUSE="deblob -xtpax" |
107 |
+ |
108 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" |
109 |
+ |
110 |
+RDEPEND=">=sys-devel/gcc-4.5" |
111 |
+ |
112 |
+pkg_postinst() { |
113 |
+ kernel-2_pkg_postinst |
114 |
+ |
115 |
+ local GRADM_COMPAT="sys-apps/gradm-2.2.2*" |
116 |
+ |
117 |
+ ewarn |
118 |
+ ewarn "Hardened Gentoo provides three different predefined grsecurity level:" |
119 |
+ ewarn "[server], [workstation], and [virtualization]." |
120 |
+ ewarn |
121 |
+ ewarn "Those who intend to use one of these predefined grsecurity levels" |
122 |
+ ewarn "should read the help associated with the level. Users importing a" |
123 |
+ ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32," |
124 |
+ ewarn "should review their selected grsecurity/PaX options carefully." |
125 |
+ ewarn |
126 |
+ ewarn "Users of grsecurity's RBAC system must ensure they are using" |
127 |
+ ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." |
128 |
+ ewarn "It is strongly recommended that the following command is issued" |
129 |
+ ewarn "prior to booting a ${PF} kernel for the first time:" |
130 |
+ ewarn |
131 |
+ ewarn "emerge -na =${GRADM_COMPAT}" |
132 |
+ ewarn |
133 |
+} |
134 |
|
135 |
diff --git a/sys-kernel/hardened-sources/hardened-sources-3.2.4.ebuild b/sys-kernel/hardened-sources/hardened-sources-3.2.4.ebuild |
136 |
new file mode 100644 |
137 |
index 0000000..a86f1d7 |
138 |
--- /dev/null |
139 |
+++ b/sys-kernel/hardened-sources/hardened-sources-3.2.4.ebuild |
140 |
@@ -0,0 +1,51 @@ |
141 |
+# Copyright 1999-2012 Gentoo Foundation |
142 |
+# Distributed under the terms of the GNU General Public License v2 |
143 |
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-3.2.2-r1.ebuild,v 1.2 2012/01/29 14:34:15 blueness Exp $ |
144 |
+ |
145 |
+EAPI="4" |
146 |
+ |
147 |
+ETYPE="sources" |
148 |
+K_WANT_GENPATCHES="base extras" |
149 |
+K_GENPATCHES_VER="6" |
150 |
+K_DEBLOB_AVAILABLE="1" |
151 |
+ |
152 |
+inherit kernel-2 |
153 |
+detect_version |
154 |
+ |
155 |
+HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-1" |
156 |
+HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-patches-${HGPV}.extras.tar.bz2" |
157 |
+SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" |
158 |
+ |
159 |
+UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" |
160 |
+UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch" |
161 |
+! use xtpax && UNIPATCH_EXCLUDE+=" 4425_grsec_enable_xtpax.patch" |
162 |
+ |
163 |
+DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})" |
164 |
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" |
165 |
+IUSE="deblob -xtpax" |
166 |
+ |
167 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" |
168 |
+ |
169 |
+RDEPEND=">=sys-devel/gcc-4.5" |
170 |
+ |
171 |
+pkg_postinst() { |
172 |
+ kernel-2_pkg_postinst |
173 |
+ |
174 |
+ local GRADM_COMPAT="sys-apps/gradm-2.2.2*" |
175 |
+ |
176 |
+ ewarn |
177 |
+ ewarn "Hardened Gentoo provides three different predefined grsecurity level:" |
178 |
+ ewarn "[server], [workstation], and [virtualization]. Those who intend to" |
179 |
+ ewarn "use one of these predefined grsecurity levels should read the help" |
180 |
+ ewarn "associated with the level. Because some options require >=gcc-4.5," |
181 |
+ ewarn "users with more, than one version of gcc installed should use gcc-config" |
182 |
+ ewarn "to select a compatible version." |
183 |
+ ewarn |
184 |
+ ewarn "Users of grsecurity's RBAC system must ensure they are using" |
185 |
+ ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." |
186 |
+ ewarn "It is strongly recommended that the following command is issued" |
187 |
+ ewarn "prior to booting a ${PF} kernel for the first time:" |
188 |
+ ewarn |
189 |
+ ewarn "emerge -na =${GRADM_COMPAT}" |
190 |
+ ewarn |
191 |
+} |
192 |
|
193 |
diff --git a/sys-kernel/hardened-sources/metadata.xml b/sys-kernel/hardened-sources/metadata.xml |
194 |
index 6fa414d..c3372a9 100644 |
195 |
--- a/sys-kernel/hardened-sources/metadata.xml |
196 |
+++ b/sys-kernel/hardened-sources/metadata.xml |
197 |
@@ -13,5 +13,6 @@ |
198 |
</longdescription> |
199 |
<use> |
200 |
<flag name='deblob'>Remove binary blobs from kernel sources to provide libre license compliance.</flag> |
201 |
- </use> |
202 |
+ <flag name='xtpax'>Enable XATTR_PAX_FLAGS support (EXPERIMENTAL).</flag> |
203 |
+ </use> |
204 |
</pkgmetadata> |