1 |
commit: 25c33a6fb228fd1973e2406a867fd76f04fea600 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jul 5 03:10:52 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jul 5 03:10:52 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=commit;h=25c33a6f |
7 |
|
8 |
sys-kernel/hardened-sources: testing patchset 20110701 |
9 |
|
10 |
--- |
11 |
sys-kernel/hardened-sources/ChangeLog | 10 ++++ |
12 |
sys-kernel/hardened-sources/Manifest | 14 ++++++ |
13 |
.../hardened-sources-2.6.32-r55.ebuild | 48 ++++++++++++++++++++ |
14 |
.../hardened-sources-2.6.39-r5.ebuild | 48 ++++++++++++++++++++ |
15 |
sys-kernel/hardened-sources/metadata.xml | 17 +++++++ |
16 |
5 files changed, 137 insertions(+), 0 deletions(-) |
17 |
|
18 |
diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-sources/ChangeLog |
19 |
new file mode 100644 |
20 |
index 0000000..e70f275 |
21 |
--- /dev/null |
22 |
+++ b/sys-kernel/hardened-sources/ChangeLog |
23 |
@@ -0,0 +1,10 @@ |
24 |
+ |
25 |
+ |
26 |
+*hardened-sources-2.6.39-r5 (05 Jul 2011) |
27 |
+*hardened-sources-2.6.32-r55 (05 Jul 2011) |
28 |
+ |
29 |
+ 05 Jul 2011; Anthony G. Basile <blueness@g.o> |
30 |
+ +hardened-sources-2.6.32-r55.ebuild, +hardened-sources-2.6.39-r5.ebuild, |
31 |
+ +metadata.xml: |
32 |
+ testing patchset 20110701 |
33 |
+ |
34 |
|
35 |
diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest |
36 |
new file mode 100644 |
37 |
index 0000000..82c69b9 |
38 |
--- /dev/null |
39 |
+++ b/sys-kernel/hardened-sources/Manifest |
40 |
@@ -0,0 +1,14 @@ |
41 |
+DIST deblob-2.6.32 84094 RMD160 394f46ec5b869638a7bc2e87beb118167c9bd6cb SHA1 1a2a1efb72126609d9e3b9be99ae5be2751efd06 SHA256 de625f0bd221c9c38d4453f1b709622f222d86a0ae9350d2b7b0e17795e6de6d |
42 |
+DIST deblob-check-2.6.32 247608 RMD160 840bf8a229ea79810519eee6241edb85b78a6562 SHA1 d45a24eb16e5ac956c0fcddbc1ac4d67e326c7b8 SHA256 da1aecdf3ab7f1207b90642d303e52262ccc2ed9e49739b729512b88950d17f3 |
43 |
+DIST genpatches-2.6.32-39.base.tar.bz2 947073 RMD160 531e72e1284f864bb970759176dab8e14a46f2f3 SHA1 80b701bf2511f7c02b45929511fb884d45e23131 SHA256 0639b3e622652f5316333de4ab6d9b94ce9a80ab26d48dc91ffee7a65a1347e9 |
44 |
+DIST genpatches-2.6.32-39.extras.tar.bz2 24934 RMD160 e3e1d60fb45a3e3c818ddda36b9180d4fc46679e SHA1 d16a34dfa35d163ea4042058b3865c389f3802e9 SHA256 50b70c76461aa52f7f2ad88175e7f08eb555f7f1dfd274759ec0c2a9748bde5e |
45 |
+DIST genpatches-2.6.39-4.base.tar.bz2 79495 RMD160 e6e880cd00636c9830fc9a3b7c6bdaabdb76c197 SHA1 a4d357b3ab25b2fae7c85a22654039c8da5b4333 SHA256 5d9865b2124153cf61d510c2b6c71dff57479f44de90b4631b03e4d16c2b363e |
46 |
+DIST genpatches-2.6.39-4.extras.tar.bz2 17196 RMD160 65c4f86f0dbe6702fb1f8a4e05e80746093be3dd SHA1 0ddeb37fc69b4c84b01e540a8e3f5d8e03afaf18 SHA256 d804acde9d43abc7439bf8a2cb247e8a124326fdd7f1940897ab9f045d7634e7 |
47 |
+DIST hardened-patches-2.6.32-58.extras.tar.bz2 450575 RMD160 14c0a9272b5537cdf94a30a592ad554fab06474e SHA1 717c0d80c44318e0c8e1387322da484c6b9f9112 SHA256 13f7d821f9999ff3578d8182d467ea3f39564a93d3a6e65b6eb7ccceaf966c0b |
48 |
+DIST hardened-patches-2.6.39-6.extras.tar.bz2 518059 RMD160 3c6615f2a8254cc4d4b452fad8dded7a6ee32cd5 SHA1 6b1fd19a5e48b923710742559a1e7ea53213366d SHA256 7a691d9e5676804467bb48c63f7e65113c3f08c72b9a565d8ae8f3100e057f3d |
49 |
+DIST linux-2.6.32.tar.bz2 64424138 RMD160 b93742cbaf8174f2200d2dbef0d47a26c618039c SHA1 410b4fc818023bfef60064e973ff0ab46d3bfb19 SHA256 5099786d80b8407d98a619df00209c2353517f22d804fdd9533b362adcb4504e |
50 |
+DIST linux-2.6.39.tar.bz2 76096559 RMD160 feddc516bc15e78f12f611ff184d38baa4eac4ee SHA1 68518112821e55f4ac1df64f2e0e809cedfcc5ef SHA256 584d17f2a3ee18a9501d7ff36907639e538cfdba4529978b8550c461d45c61f6 |
51 |
+EBUILD hardened-sources-2.6.32-r55.ebuild 1758 RMD160 92e7a57d6898345d20b6354f0e1677803e4e7b09 SHA1 14832cd2b1abce1dad63ed4e46554aeaa9ec6644 SHA256 2d4dd4664bfd2882c5fc9efd085bc1d2b6894874072d39f357c9437564f1a270 |
52 |
+EBUILD hardened-sources-2.6.39-r5.ebuild 1755 RMD160 77a1803bd365fc1d4b275b5e2f8a4f70c1256409 SHA1 fe858c329ce89fa352f48c6c293b036ef14a0123 SHA256 66a91bef493c371a4d7e12ec5e7f12deb938718b8e8244cbd5d3dcd17ec75152 |
53 |
+MISC ChangeLog 264 RMD160 220e8ce2c8511c419d527e4825c97f335b4d759a SHA1 0b85f7ef4a6c77ef5745345f8cd4288b2e91a402 SHA256 db277142a705bcc5bd762df8d65ec1ee4729f73c813190d797aa0ee269764549 |
54 |
+MISC metadata.xml 578 RMD160 7ea189a37d0f863ae9c52170bb85df27d21686fb SHA1 4765c25d7770a69f7b9dda2b1accc8ff27b74ad0 SHA256 64140e091b51002a5355d8fcfd351f2f39ed63da68af3a5751fc2058d0d03813 |
55 |
|
56 |
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebuild |
57 |
new file mode 100644 |
58 |
index 0000000..ffa2459 |
59 |
--- /dev/null |
60 |
+++ b/sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebuild |
61 |
@@ -0,0 +1,48 @@ |
62 |
+# Copyright 1999-2011 Gentoo Foundation |
63 |
+# Distributed under the terms of the GNU General Public License v2 |
64 |
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.6.32-r54.ebuild,v 1.1 2011/06/29 16:05:54 blueness Exp $ |
65 |
+ |
66 |
+EAPI="4" |
67 |
+ |
68 |
+ETYPE="sources" |
69 |
+K_WANT_GENPATCHES="base extras" |
70 |
+K_GENPATCHES_VER="39" |
71 |
+ |
72 |
+inherit kernel-2 |
73 |
+detect_version |
74 |
+ |
75 |
+HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-58" |
76 |
+HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-patches-${HGPV}.extras.tar.bz2" |
77 |
+SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" |
78 |
+ |
79 |
+UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" |
80 |
+UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch" |
81 |
+ |
82 |
+DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})" |
83 |
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" |
84 |
+IUSE="" |
85 |
+ |
86 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" |
87 |
+ |
88 |
+pkg_postinst() { |
89 |
+ kernel-2_pkg_postinst |
90 |
+ |
91 |
+ local GRADM_COMPAT="sys-apps/gradm-2.2.2*" |
92 |
+ |
93 |
+ ewarn |
94 |
+ ewarn "Hardened Gentoo provides three different predefined grsecurity level:" |
95 |
+ ewarn "[server], [workstation], and [virtualization]." |
96 |
+ ewarn |
97 |
+ ewarn "Those who intend to use one of these predefined grsecurity levels" |
98 |
+ ewarn "should read the help associated with the level. Users importing a" |
99 |
+ ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32," |
100 |
+ ewarn "should review their selected grsecurity/PaX options carefully." |
101 |
+ ewarn |
102 |
+ ewarn "Users of grsecurity's RBAC system must ensure they are using" |
103 |
+ ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." |
104 |
+ ewarn "It is strongly recommended that the following command is issued" |
105 |
+ ewarn "prior to booting a ${PF} kernel for the first time:" |
106 |
+ ewarn |
107 |
+ ewarn "emerge -na =${GRADM_COMPAT}" |
108 |
+ ewarn |
109 |
+} |
110 |
|
111 |
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuild |
112 |
new file mode 100644 |
113 |
index 0000000..24b8516 |
114 |
--- /dev/null |
115 |
+++ b/sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuild |
116 |
@@ -0,0 +1,48 @@ |
117 |
+# Copyright 1999-2011 Gentoo Foundation |
118 |
+# Distributed under the terms of the GNU General Public License v2 |
119 |
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.6.39-r4.ebuild,v 1.1 2011/06/29 16:09:57 blueness Exp $ |
120 |
+ |
121 |
+EAPI="4" |
122 |
+ |
123 |
+ETYPE="sources" |
124 |
+K_WANT_GENPATCHES="base extras" |
125 |
+K_GENPATCHES_VER="4" |
126 |
+ |
127 |
+inherit kernel-2 |
128 |
+detect_version |
129 |
+ |
130 |
+HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-6" |
131 |
+HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-patches-${HGPV}.extras.tar.bz2" |
132 |
+SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" |
133 |
+ |
134 |
+UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" |
135 |
+UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch" |
136 |
+ |
137 |
+DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})" |
138 |
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/" |
139 |
+IUSE="" |
140 |
+ |
141 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" |
142 |
+ |
143 |
+pkg_postinst() { |
144 |
+ kernel-2_pkg_postinst |
145 |
+ |
146 |
+ local GRADM_COMPAT="sys-apps/gradm-2.2.2*" |
147 |
+ |
148 |
+ ewarn |
149 |
+ ewarn "Hardened Gentoo provides three different predefined grsecurity level:" |
150 |
+ ewarn "[server], [workstation], and [virtualization]." |
151 |
+ ewarn |
152 |
+ ewarn "Those who intend to use one of these predefined grsecurity levels" |
153 |
+ ewarn "should read the help associated with the level. Users importing a" |
154 |
+ ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32," |
155 |
+ ewarn "should review their selected grsecurity/PaX options carefully." |
156 |
+ ewarn |
157 |
+ ewarn "Users of grsecurity's RBAC system must ensure they are using" |
158 |
+ ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." |
159 |
+ ewarn "It is strongly recommended that the following command is issued" |
160 |
+ ewarn "prior to booting a ${PF} kernel for the first time:" |
161 |
+ ewarn |
162 |
+ ewarn "emerge -na =${GRADM_COMPAT}" |
163 |
+ ewarn |
164 |
+} |
165 |
|
166 |
diff --git a/sys-kernel/hardened-sources/metadata.xml b/sys-kernel/hardened-sources/metadata.xml |
167 |
new file mode 100644 |
168 |
index 0000000..6fa414d |
169 |
--- /dev/null |
170 |
+++ b/sys-kernel/hardened-sources/metadata.xml |
171 |
@@ -0,0 +1,17 @@ |
172 |
+<?xml version="1.0" encoding="UTF-8"?> |
173 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
174 |
+<pkgmetadata> |
175 |
+ <herd>kernel</herd> |
176 |
+ <herd>hardened</herd> |
177 |
+ <maintainer> |
178 |
+ <email>blueness@g.o</email> |
179 |
+ <name>Anthony G. Basile</name> |
180 |
+ </maintainer> |
181 |
+ <longdescription> |
182 |
+ hardened-sources is based upon genpatches, and adds the grsecurity |
183 |
+ patch from http://www.grsecurity.net, which also includes PaX. |
184 |
+ </longdescription> |
185 |
+ <use> |
186 |
+ <flag name='deblob'>Remove binary blobs from kernel sources to provide libre license compliance.</flag> |
187 |
+ </use> |
188 |
+</pkgmetadata> |