1 |
On 170509-01:31+0200, Miroslav Rovis wrote: |
2 |
> On 170508-22:49+0200, Miroslav Rovis wrote: |
3 |
> > ... |
4 |
> > I'll be back with an ebuild to discuss. |
5 |
> > ... |
6 |
> > On 170508-22:07+0200, Mathias Krause wrote: |
7 |
> > > On 8 May 2017 at 20:08, Miroslav Rovis <miro.rovis@××××××××××××××.hr> wrote: |
8 |
> ... |
9 |
> > > > Unofficial forward ports of the last publicly available grsecurity patch |
10 |
> > > > https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec |
11 |
> > > > |
12 |
> > > > which I cloned into my machine. |
13 |
... |
14 |
|
15 |
I managed to install: |
16 |
|
17 |
$ uname -r |
18 |
4.9.27-hardened-unofficial_grsec-170509_14 |
19 |
$ |
20 |
|
21 |
The issues I had were trivial, only some familiarizing with the methods. |
22 |
|
23 |
So far, booting into the new kernel, and deployment, all is fine, |
24 |
absolutely regular (*so far*). |
25 |
|
26 |
If anybody would need it, I can try and make a step by step notes the |
27 |
next time I do the building in my Air-Gapped, which is soon. Much |
28 |
later will be harder to reproduce the steps correctly without actually |
29 |
doing it. |
30 |
|
31 |
Here's my ebuild, and the genpatches and hardened-patches listing, if it |
32 |
helps (often developers discuss here, which is fine, but I'm writing |
33 |
this for users). |
34 |
|
35 |
hardened-sources-4.9.27.ebuild |
36 |
|
37 |
# ls -ABRgo /usr/portage/distfiles/{hardened-patches-4.9.27-1.extras.tar.bz2,genpatches-4.9-27.base.tar.xz} |
38 |
-rw-r--r-- 1 536200 2017-05-09 13:02 /usr/portage/distfiles/genpatches-4.9-27.base.tar.xz |
39 |
-rw-r--r-- 1 1997214 2017-05-09 14:08 /usr/portage/distfiles/hardened-patches-4.9.27-1.extras.tar.bz2 |
40 |
# |
41 |
|
42 |
ls -ABRgo genpatches-4.9-27/ |
43 |
genpatches-4.9-27/: |
44 |
total 2432 |
45 |
-rw-r--r-- 1 5412 2017-04-18 14:29 0000_README |
46 |
-rw-r--r-- 1 114367 2017-04-18 14:29 1000_linux-4.9.1.patch |
47 |
-rw-r--r-- 1 141140 2017-04-18 14:29 1001_linux-4.9.2.patch |
48 |
-rw-r--r-- 1 264856 2017-04-18 14:29 1002_linux-4.9.3.patch |
49 |
-rw-r--r-- 1 58683 2017-04-18 14:29 1003_linux-4.9.4.patch |
50 |
-rw-r--r-- 1 177665 2017-04-18 14:29 1004_linux-4.9.5.patch |
51 |
-rw-r--r-- 1 149694 2017-04-18 14:29 1005_linux-4.9.6.patch |
52 |
-rw-r--r-- 1 71811 2017-04-18 14:29 1006_linux-4.9.7.patch |
53 |
-rw-r--r-- 1 64550 2017-04-18 14:29 1007_linux-4.9.8.patch |
54 |
-rw-r--r-- 1 78333 2017-04-18 14:29 1008_linux-4.9.9.patch |
55 |
-rw-r--r-- 1 73914 2017-04-18 14:29 1009_linux-4.9.10.patch |
56 |
-rw-r--r-- 1 60460 2017-04-18 14:29 1010_linux-4.9.11.patch |
57 |
-rw-r--r-- 1 21015 2017-04-18 14:29 1011_linux-4.9.12.patch |
58 |
-rw-r--r-- 1 34344 2017-04-18 14:29 1012_linux-4.9.13.patch |
59 |
-rw-r--r-- 1 220480 2017-04-18 14:29 1013_linux-4.9.14.patch |
60 |
-rw-r--r-- 1 96906 2017-04-18 14:29 1014_linux-4.9.15.patch |
61 |
-rw-r--r-- 1 52098 2017-04-18 14:29 1015_linux-4.9.16.patch |
62 |
-rw-r--r-- 1 195764 2017-04-18 14:29 1016_linux-4.9.17.patch |
63 |
-rw-r--r-- 1 29223 2017-04-18 14:29 1017_linux-4.9.18.patch |
64 |
-rw-r--r-- 1 101849 2017-04-18 14:29 1018_linux-4.9.19.patch |
65 |
-rw-r--r-- 1 17310 2017-04-18 14:29 1019_linux-4.9.20.patch |
66 |
-rw-r--r-- 1 148261 2017-04-18 14:29 1020_linux-4.9.21.patch |
67 |
-rw-r--r-- 1 207889 2017-04-18 14:29 1021_linux-4.9.22.patch |
68 |
-rw-r--r-- 1 40950 2017-04-18 14:29 1022_linux-4.9.23.patch |
69 |
-rw-r--r-- 1 2369 2017-04-18 14:29 1500_XATTR_USER_PREFIX.patch |
70 |
-rw-r--r-- 1 717 2017-01-12 13:09 1510_fs-enable-link-security-restrictions-by-default.patch |
71 |
-rw-r--r-- 1 3056 2017-04-18 14:29 2300_enable-poweroff-on-Mac-Pro-11.patch |
72 |
-rw-r--r-- 1 1205 2017-04-18 12:46 2900_dev-root-proc-mount-fix.patch |
73 |
|
74 |
ls -ABRgo 4.9.27/ |
75 |
4.9.27/: |
76 |
total 9404 |
77 |
-rw-r--r-- 1 2240 2017-05-09 13:04 0000_README |
78 |
-rw-r--r-- 1 101631 2017-04-22 17:58 1023_linux-4.9.24.patch |
79 |
-rw-r--r-- 1 25435 2017-05-09 14:08 1024_linux-4.9.25.patch |
80 |
-rw-r--r-- 1 57956 2017-05-09 14:08 1025_linux-4.9.26.patch |
81 |
-rw-r--r-- 1 29538 2017-05-09 14:07 1026_linux-4.9.27.patch |
82 |
-rw-r--r-- 1 9352316 2017-05-09 11:57 4420_grsecurity-3.1-4.9.27-201705082100.patch |
83 |
-rw-r--r-- 1 665 2016-11-10 01:55 4425_grsec_remove_EI_PAX.patch |
84 |
-rw-r--r-- 1 1359 2017-01-01 18:15 4426_default_XATTR_PAX_FLAGS.patch |
85 |
-rw-r--r-- 1 1444 2017-02-15 14:14 4427_force_XATTR_PAX_tmpfs.patch |
86 |
-rw-r--r-- 1 303 2015-08-14 08:04 4430_grsec-remove-localversion-grsec.patch |
87 |
-rw-r--r-- 1 1528 2016-08-14 12:16 4435_grsec-mute-warnings.patch |
88 |
-rw-r--r-- 1 641 2015-08-14 08:04 4440_grsec-remove-protected-paths.patch |
89 |
-rw-r--r-- 1 4184 2016-12-14 13:33 4450_grsec-kconfig-default-gids.patch |
90 |
-rw-r--r-- 1 2616 2016-12-14 13:32 4465_selinux-avc_audit-log-curr_ip.patch |
91 |
-rw-r--r-- 1 2553 2017-02-15 14:14 4470_disable-compat_vdso.patch |
92 |
-rw-r--r-- 1 1467 2017-01-16 22:22 4475_emutramp_default_on.patch |
93 |
|
94 |
Regards! |
95 |
-- |
96 |
Miroslav Rovis |
97 |
Zagreb, Croatia |
98 |
https://www.CroatiaFidelis.hr |