diff options
author | Kevin F. Quinn <kevquinn@gentoo.org> | 2007-03-07 16:25:54 +0000 |
---|---|---|
committer | Kevin F. Quinn <kevquinn@gentoo.org> | 2007-03-07 16:25:54 +0000 |
commit | 71962ac65702b1f65fbf15e378bdc32e764e9a99 (patch) | |
tree | aa86bce266758cdb9ee9012810c95b22d33567b9 /hardened | |
parent | Rebuild manifests following bump move (diff) | |
download | kevquinn-71962ac65702b1f65fbf15e378bdc32e764e9a99.tar.gz kevquinn-71962ac65702b1f65fbf15e378bdc32e764e9a99.tar.bz2 kevquinn-71962ac65702b1f65fbf15e378bdc32e764e9a99.zip |
Add sys-boot/grub to overlay (bug #168834). Minor tidy-ups in flag-o.
svn path=/; revision=189
Diffstat (limited to 'hardened')
4 files changed, 199 insertions, 13 deletions
diff --git a/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass b/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass index 7dfb2f6..670ca84 100644 --- a/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass +++ b/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass @@ -121,16 +121,18 @@ setup-allowed-flags() { return 0 } +# Internal function for _filter-hardened +# _manage_hardened <flag being filtered> <minispec to use> <cflag to use> _manage-hardened() { - local newspec=$1 - [[ -z $2 ]] && die "Internal flag-o-matic error ($*) - please report" + local filter=$1 newspec=$2 + [[ -z $3 ]] && die "Internal flag-o-matic error ($*) - please report" if _gcc-specs-exists ${newspec}.specs; then [[ -z ${GCC_SPECS} ]] || newspec=":${newspec}" export GCC_SPECS="${GCC_SPECS}${newspec}.specs" - einfo "Hardened compiler filtered $2 - GCC_SPECS set to ${GCC_SPECS}" + einfo "Hardened compiler filtered $1 - GCC_SPECS set to ${GCC_SPECS}" else local oldspec=${GCC_SPECS/*\/} newspec="" - case $1 in + case $2 in "nopie") case ${oldspec} in "" | "hardened.specs") @@ -150,17 +152,19 @@ _manage-hardened() { "noznow" | "nozrelro") newspec="vanilla.specs";; *) - die "Internal flag-o-matic.eclass error - unrecognised hardened filter $1" + die "Internal flag-o-matic.eclass error - unrecognised hardened filter $2" ;; esac if [[ -n ${newspec} ]]; then if _gcc-specs-exists ${newspec}; then export GCC_SPECS="${newspec}" - einfo "Hardened compiler filtered $2 - GCC_SPECS set to ${GCC_SPECS}" + einfo "Hardened compiler filtered $1 - GCC_SPECS set to ${GCC_SPECS}" + else + die "Internal flag-o-matic error ($*) - please report" fi else - _raw_append_flag $2 - einfo "Hardened compiler filtered $2 - CFLAGS set to ${CFLAGS}" + _raw_append_flag $3 + einfo "Hardened compiler filtered $1 - CFLAGS set to ${CFLAGS}" fi fi } @@ -176,19 +180,19 @@ _filter-hardened() { # thinking about -fPIE. -fPIC|-fpic|-fPIE|-fpie|-Wl,pie|-pie) gcc-specs-pie && - _manage-hardened nopie -nopie ;; + _manage-hardened ${f} nopie -nopie ;; -fstack-protector) gcc-specs-ssp && - _manage-hardened nossp -fno-stack-protector ;; + _manage-hardened ${f} nossp -fno-stack-protector ;; -fstack-protector-all) gcc-specs-ssp-to-all && - _manage-hardened nosspall -fno-stack-protector-all ;; + _manage-hardened ${f} nosspall -fno-stack-protector-all ;; -now|-Wl,-z,now) gcc-specs-now && - _manage-hardened noznow -nonow ;; + _manage-hardened ${f} noznow -nonow ;; -relro|-Wl,-z,relro) gcc-specs-now && - _manage-hardened nozrelro -norelro ;; + _manage-hardened ${f} nozrelro -norelro ;; esac done } diff --git a/hardened/toolchain/branches/pieworld/sys-boot/grub/Manifest b/hardened/toolchain/branches/pieworld/sys-boot/grub/Manifest new file mode 100644 index 0000000..24de6ec --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-boot/grub/Manifest @@ -0,0 +1,10 @@ +DIST grub-0.97-patches-1.4.tar.bz2 24693 RMD160 6afefff73b5f3ab5c6d05563c4f67f37dbfce16c SHA1 7c26a941467b58380747c9d1e07c14dfc3998b10 SHA256 290dd96fdeb9471c516f061f4949ccda33f8d03ab81a6e2beb5005b3022e71da +DIST grub-0.97.tar.gz 971783 RMD160 7fb5674edf0c950bd38e94f85ff1e2909aa741f0 SHA1 2580626c4579bd99336d3af4482c346c95dac4fb SHA256 4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b +DIST splash.xpm.gz 33856 RMD160 2fead61f91c368429e80936248bb02af2bdf15ff SHA1 98e679f9698be43426f971f89a088c053e8c804a SHA256 b95600f777331b0dd31d51c68f60f0e846e4c8b628857a41165f4e6b30e6acaf +EBUILD grub-0.97-r3.ebuild 4716 RMD160 76ba5b18b9a7c72f58f931d51b9026ec5c75cef3 SHA1 39eeb8ae832172767b4e658501f06beb3b27f8cb SHA256 b07e9aebac7fea6ba1e8564885ee72f2e87adf28e8105de090c81ac8c814d6c4 +MD5 cbe0f2b7e6dffa4a754628e90663b09e grub-0.97-r3.ebuild 4716 +RMD160 76ba5b18b9a7c72f58f931d51b9026ec5c75cef3 grub-0.97-r3.ebuild 4716 +SHA256 b07e9aebac7fea6ba1e8564885ee72f2e87adf28e8105de090c81ac8c814d6c4 grub-0.97-r3.ebuild 4716 +MD5 95650f97ede7437cc0f34b5a519fafd1 files/digest-grub-0.97-r3 711 +RMD160 f89bb19df1610b09fae5ffed1c4b06572ee38ce9 files/digest-grub-0.97-r3 711 +SHA256 8d0b3d6a65d423c40eb72ac88673e653204c2aa4c579e5284f2c327b6b782342 files/digest-grub-0.97-r3 711 diff --git a/hardened/toolchain/branches/pieworld/sys-boot/grub/files/digest-grub-0.97-r3 b/hardened/toolchain/branches/pieworld/sys-boot/grub/files/digest-grub-0.97-r3 new file mode 100644 index 0000000..26b24df --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-boot/grub/files/digest-grub-0.97-r3 @@ -0,0 +1,9 @@ +MD5 995985c7bd6d9680b36d6efd677fb751 grub-0.97-patches-1.4.tar.bz2 24693 +RMD160 6afefff73b5f3ab5c6d05563c4f67f37dbfce16c grub-0.97-patches-1.4.tar.bz2 24693 +SHA256 290dd96fdeb9471c516f061f4949ccda33f8d03ab81a6e2beb5005b3022e71da grub-0.97-patches-1.4.tar.bz2 24693 +MD5 cd3f3eb54446be6003156158d51f4884 grub-0.97.tar.gz 971783 +RMD160 7fb5674edf0c950bd38e94f85ff1e2909aa741f0 grub-0.97.tar.gz 971783 +SHA256 4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b grub-0.97.tar.gz 971783 +MD5 cdd6c89d48982ecd544c0b4774755afd splash.xpm.gz 33856 +RMD160 2fead61f91c368429e80936248bb02af2bdf15ff splash.xpm.gz 33856 +SHA256 b95600f777331b0dd31d51c68f60f0e846e4c8b628857a41165f4e6b30e6acaf splash.xpm.gz 33856 diff --git a/hardened/toolchain/branches/pieworld/sys-boot/grub/grub-0.97-r3.ebuild b/hardened/toolchain/branches/pieworld/sys-boot/grub/grub-0.97-r3.ebuild new file mode 100644 index 0000000..fd96df3 --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-boot/grub/grub-0.97-r3.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/grub-0.97-r3.ebuild,v 1.7 2007/01/15 01:50:09 metalgod Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" +inherit mount-boot eutils flag-o-matic toolchain-funcs autotools + +PATCHVER="1.4" +DESCRIPTION="GNU GRUB Legacy boot loader" +HOMEPAGE="http://www.gnu.org/software/grub/" +SRC_URI="mirror://gentoo/${P}.tar.gz + ftp://alpha.gnu.org/gnu/${PN}/${P}.tar.gz + mirror://gentoo/splash.xpm.gz + mirror://gentoo/${P}-patches-${PATCHVER}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="static netboot custom-cflags" + +DEPEND=">=sys-libs/ncurses-5.2-r5" +PROVIDE="virtual/bootloader" + +src_unpack() { + unpack ${A} + cd "${S}" + + # patch breaks booting for some people #111885 + rm "${WORKDIR}"/patch/400_* + + if [[ -n ${PATCHVER} ]] ; then + EPATCH_SUFFIX="patch" + epatch "${WORKDIR}"/patch + eautoreconf + fi +} + +src_compile() { + use amd64 && multilib_toolchain_setup x86 + + unset BLOCK_SIZE #73499 + + ### i686-specific code in the boot loader is a bad idea; disabling to ensure + ### at least some compatibility if the hard drive is moved to an older or + ### incompatible system. + + # grub-0.95 added -fno-stack-protector detection, to disable ssp for stage2, + # but the objcopy's (faulty) test fails if -fstack-protector is default. + # create a cache telling configure that objcopy is ok, and add -C to econf + # to make use of the cache. + # + # CFLAGS has to be undefined running econf, else -fno-stack-protector detection fails. + # STAGE2_CFLAGS is not allowed to be used on emake command-line, it overwrites + # -fno-stack-protector detected by configure, removed from netboot's emake. + use custom-cflags || unset CFLAGS + + export grub_cv_prog_objcopy_absolute=yes #79734 + use static && append-ldflags -static + + filter-flags -fPIE -fstack-protector #168834 + + # build the net-bootable grub first, but only if "netboot" is set + if use netboot ; then + econf \ + --libdir=/lib \ + --datadir=/usr/lib/grub \ + --exec-prefix=/ \ + --disable-auto-linux-mem-opt \ + --enable-diskless \ + --enable-{3c{5{03,07,09,29,95},90x},cs89x0,davicom,depca,eepro{,100}} \ + --enable-{epic100,exos205,ni5210,lance,ne2100,ni{50,65}10,natsemi} \ + --enable-{ne,ns8390,wd,otulip,rtl8139,sis900,sk-g16,smc9000,tiara} \ + --enable-{tulip,via-rhine,w89c840} || die "netboot econf failed" + + emake w89c840_o_CFLAGS="-O" || die "making netboot stuff" + + mv -f stage2/{nbgrub,pxegrub} "${S}"/ + mv -f stage2/stage2 stage2/stage2.netboot + + make clean || die "make clean failed" + fi + + # Now build the regular grub + # Note that FFS and UFS2 support are broken for now - stage1_5 files too big + econf \ + --libdir=/lib \ + --datadir=/usr/lib/grub \ + --exec-prefix=/ \ + --disable-auto-linux-mem-opt || die "econf failed" + emake || die "making regular stuff" +} + +src_test() { + # non-default block size also give false pass/fails. + unset BLOCK_SIZE + make check || die "make check failed" +} + +src_install() { + make DESTDIR="${D}" install || die + if use netboot ; then + exeinto /usr/lib/grub/${CHOST} + doexe nbgrub pxegrub stage2/stage2.netboot || die "netboot install" + fi + + insinto /boot/grub + doins "${DISTDIR}"/splash.xpm.gz + newins docs/menu.lst grub.conf.sample + + dodoc AUTHORS BUGS ChangeLog NEWS README THANKS TODO + newdoc docs/menu.lst grub.conf.sample +} + +setup_boot_dir() { + local dir="${1}" + + [[ ! -e ${dir} ]] && die "${dir} does not exist!" + [[ ! -e ${dir}/grub ]] && mkdir "${dir}/grub" + + # change menu.lst to grub.conf + if [[ ! -e ${dir}/grub/grub.conf ]] && [[ -e ${dir}/grub/menu.lst ]] ; then + mv -f "${dir}"/grub/menu.lst "${dir}"/grub/grub.conf + ewarn + ewarn "*** IMPORTANT NOTE: menu.lst has been renamed to grub.conf" + ewarn + fi + + if [[ ! -e ${dir}/grub/menu.lst ]]; then + einfo "Linking from new grub.conf name to menu.lst" + ln -snf grub.conf "${dir}"/grub/menu.lst + fi + + [[ -e ${dir}/grub/stage2 ]] && mv "${dir}"/grub/stage2{,.old} + + einfo "Copying files from /lib/grub and /usr/lib/grub to "${dir}"" + for x in /lib*/grub/*/* /usr/lib*/grub/*/* ; do + [[ -f ${x} ]] && cp -p ${x} "${dir}"/grub/ + done + + if [[ -e ${dir}/grub/grub.conf ]] ; then + egrep \ + -v '^[[:space:]]*(#|$|default|fallback|initrd|password|splashimage|timeout|title)' \ + "${dir}"/grub/grub.conf | \ + /sbin/grub --batch \ + --device-map="${dir}"/grub/device.map \ + > /dev/null + fi +} + +pkg_postinst() { + [[ ${ROOT} != "/" ]] && return 0 + setup_boot_dir /boot + einfo "To install grub files to another device (like a usb stick), just run:" + einfo " emerge --config =${PF}" +} + +pkg_config() { + local dir + einfo "Enter the directory where you want to setup grub:" + read dir + setup_boot_dir ${dir} +} |