diff options
4 files changed, 96 insertions, 2 deletions
diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-sources/ChangeLog index 7d2ac4638d81..96a4f6fac5f1 100644 --- a/sys-kernel/hardened-sources/ChangeLog +++ b/sys-kernel/hardened-sources/ChangeLog @@ -1,9 +1,31 @@ # ChangeLog for sys-kernel/hardened-sources # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.6 2003/04/13 02:57:26 frogger Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/ChangeLog,v 1.7 2003/04/23 19:57:13 frogger Exp $ *hardened-sources-2.4.20-r1 (09 Apr 2003) + 23 Apr 2003; Matthew Rickard <frogger@gentoo.org> Manifest: + Initial import of hardened-sources-r2. This new + ebuild includes many new performance and security + related patches. As in -r1, it will patch in + LSM/SELinux if "selinux" is in USE, otherwise it + will patch in GRSecurity. The following patches + are included in this revision: + - O(1) Scheduler, Low Latency, and Preempt + (pulled from the base CK patch) + - ptrace exploit patch for the LSM kernel + (the GRSec patch already fixes this) + - LSM 2.4-2003040709 + - SELinux 2.4-2003040709 + - Systrace v1.2 + - IPTables patch-o-matic base patches - 20030107 + - CryptoAPI 2.4.20.1 w/ loop-jari patch + - Super FreeS/WAN 1.99.6.1 + - GRSecurity 1.9.9g + - MPPE + - EXT3 data journal fix + - CIPE 1.5.4 + 12 Apr 2003; Matthew Rickard <frogger@gentoo.org> hardened-sources-2.4.20-r1.ebuild, manifest: Updated to install flask components correctly for selinux diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest index 3831bf456ea1..14cda11fbeeb 100644 --- a/sys-kernel/hardened-sources/Manifest +++ b/sys-kernel/hardened-sources/Manifest @@ -1,6 +1,6 @@ MD5 f9d67e9ab9bee46794e59cb76b070248 hardened-sources-2.4.20.ebuild 1141 MD5 c2a32ffa86f6966ba06140c940af1b96 hardened-sources-2.4.20-r1.ebuild 2017 -MD5 665d4cf4a27605a7b99eb1e44d689e72 ChangeLog 2031 +MD5 faf274c54759d56258bc099e1763d448 ChangeLog 2031 MD5 0f50017379be51bfb2906b195648d3e1 hardened-sources-2.4.20-r2.ebuild 2099 MD5 af924609b3daad940a82ce31f516779a files/digest-hardened-sources-2.4.20-r1 146 MD5 e8b051baa93e07c4185474fb0e94e3af files/digest-hardened-sources-2.4.20-r2 147 diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.20-r2 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.20-r2 new file mode 100644 index 000000000000..9888c4b09bc7 --- /dev/null +++ b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.20-r2 @@ -0,0 +1,2 @@ +MD5 c439d5c93d7fc9a1480a90842465bb97 linux-2.4.20.tar.bz2 27421046 +MD5 e38b0c9ec1f71a90beec7571257874d7 patches-2.4.20-hardened-r2.tar.bz2 1629013 diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild new file mode 100644 index 000000000000..b8a503d8e002 --- /dev/null +++ b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 + +IUSE="build selinux" + +# OKV=original kernel version, KV=patched kernel version. They can be the same. + +ETYPE="sources" + +inherit kernel || die + +OKV=2.4.20 +EXTRAVERSION=-hardened-r2 +KV=${OKV}${EXTRAVERSION} +S=${WORKDIR}/linux-${KV} +DESCRIPTION="Special Security Hardened Gentoo Kernel (don't use this yet, it isn't ready)" +SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2 + mirror://gentoo/patches-${KV}.tar.bz2" + + +HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/hardened/" +KEYWORDS="~x86" +SLOT="${KV}" + +src_unpack() { + unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2 + mv linux-${OKV} linux-${KV} || die + + cd ${KV} + # We can't use LSM/SELinux and GRSec in the same kernel. If USE=selinux, we will + # patch in LSM/SELinux and drop support for GRsec. Otherwise we will include GRSec. + if [ "`use selinux`" ]; then + einfo "Enabling SELinux support. This will drop GRSec support." + for file in *grsec*; do + einfo "Dropping ${file}.." + rm -f ${file} + done + else + einfo "Did not find \"selinux\" in use, building with GRSec support." + for file in *lsm* *selinux*; do + einfo "Dropping ${file}..." + rm -f ${file} + done + fi + + kernel_src_unpack +} + +src_install() { + if [ "`use selinux`" ]; then + insinto /usr/flask + doins ${S}/security/selinux/flask/access_vectors + doins ${S}/security/selinux/flask/security_classes + doins ${S}/security/selinux/flask/initial_sids + insinto /usr/include/linux/flask + doins ${S}/security/selinux/include/linux/flask/*.h + insinto /usr/include/asm/flask + doins ${S}/security/selinux/include/asm/flask/uninstd.h + fi + + kernel_src_install +} + +pkg_postinst() { + einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace" + einfo "Also included are various other performance and security related patches" + einfo "This is not yet a production ready kernel. If you experience problems with" + einfo "this kernel please report them by assigning bugs on bugs.gentoo.org to" + einfo "frogger@gentoo.org" +} |