[gentoo-commits] proj/hardened-dev:XT_PAX commit in: /, sys-boot/grub/files/, sys-boot/grub/

[gentoo-commits] proj/hardened-dev:XT_PAX commit in: /, sys-boot/grub/files/, sys-boot/grub/

[Anthony G. Basile]

commit:     09bfa95d154e09442f43e948c7b2823f27bf700c
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 28 23:40:58 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Nov 28 23:40:58 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=09bfa95d

sys-boot/grub: workaround for no xattr support in portage's movefile.py

---
 HOWTO.txt                            |   28 ++--
 sys-boot/grub/ChangeLog              |    2 +
 sys-boot/grub/files/grub.conf.gentoo |   16 ++
 sys-boot/grub/grub-0.97-r11.ebuild   |  292 ++++++++++++++++++++++++++++++++++
 sys-boot/grub/metadata.xml           |   13 ++
 5 files changed, 341 insertions(+), 10 deletions(-)

diff --git a/HOWTO.txt b/HOWTO.txt
index 8408ef4..b88816e 100644
--- a/HOWTO.txt
+++ b/HOWTO.txt
@@ -37,25 +37,34 @@ The goodies are in a branch of the hardened-development overlay:
 	git checkout XT_PAX				# switch branches
 	git pull origin XT_PAX				# and pull
 
-2. We need to override portage's pax-utils.eclass with the overlay's eclass.
+2. We need to override portage's pax-utils.eclass with the overlay's eclass, and
+make sure that we've added extended attribute support to our use flags:
 
-cat << EOF >> /etc/portage/repos.conf
-[DEFAULT]
-eclass-overrides = hardened-dev
-EOF
+	cat << EOF >> /etc/portage/repos.conf
+	[DEFAULT]
+	eclass-overrides = hardened-dev
+	EOF
+
+	echo "USE=\"\${USE} xattr\"" >> /etc/make.conf
+
+There is still a problem with portage preserving xattrs, so the eclass's pax-mark
+only works when called from pkg_postinst(), but we're working on fixing this!  That's
+what our hacked up grub does in the next step.
 
 3. Now let's emerge the stuff we'll need later:
 
 	emerge =sys-devel/binutils-2.21.1-r2 \		# these are all masked so
 		=sys-kernel/xtpax-sources-3.1.1 \	# we'll have to unmask them
 		=sys-apps/elfix-0.3.2 \
+		=sys-boot/grub-0.97-r11 \
 		--autounmask-write
 
 	etc-update					# accept changes the changes
 
 	emerge =sys-devel/binutils-2.21.1-r2 \		# these are unmasked, so emerge
 		=sys-kernel/xtpax-sources-3.1.1 \
-		=sys-apps/elfix-0.3.2
+		=sys-apps/elfix-0.3.2 \
+		=sys-boot/grub-0.97-r11 \
 
 	source /etc/profile				# for binutils, if we keep using
 							# the same shell
@@ -144,15 +153,14 @@ you want to use.  I also recommend xattr support on tmpfs:
 		...
 
 3. Compile the kernel and boot.  If you didn't install grub on the MBR before the
-migration, do so now, but be extra careful to make sure it was properly pax marked
-before runnign it from the command line.  paxctl-ng -v /sbin/grub should give
+migration, do so now.  Make sure it was properly pax marked before running it from
+the command line.  paxctl-ng -v /sbin/grub should give
 
 /sbin/grub:
 	PT_PAX: not found
 	XT_PAX: --me-x
 
-If it doesn't that may be because the eclass didn't properly pax mark it!  Do so
-manually if need be:
+If it doesn't, then manually mark it using:
 
 	paxctl-ng -cv /sbin/grub	# To create the XT_PAX field
 	paxctl-ng -mexv /sbin/grub	# To properly mark it

diff --git a/sys-boot/grub/ChangeLog b/sys-boot/grub/ChangeLog
new file mode 100644
index 0000000..139597f
--- /dev/null
+++ b/sys-boot/grub/ChangeLog
@@ -0,0 +1,2 @@
+
+

diff --git a/sys-boot/grub/files/grub.conf.gentoo b/sys-boot/grub/files/grub.conf.gentoo
new file mode 100644
index 0000000..0027099
--- /dev/null
+++ b/sys-boot/grub/files/grub.conf.gentoo
@@ -0,0 +1,16 @@
+# This is a sample grub.conf for use with Genkernel, per the Gentoo handbook
+# http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=10#doc_chap2
+# If you are not using Genkernel and you need help creating this file, you
+# should consult the handbook. Alternatively, consult the grub.conf.sample that
+# is included with the Grub documentation.
+
+default 0
+timeout 30
+#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
+
+#title Gentoo Linux 2.6.24-r5
+#root (hd0,0)
+#kernel /boot/kernel-genkernel-x86-2.6.24-gentoo-r5 root=/dev/ram0 real_root=/dev/sda3
+#initrd /boot/initramfs-genkernel-x86-2.6.24-gentoo-r5
+
+# vim:ft=conf:

diff --git a/sys-boot/grub/grub-0.97-r11.ebuild b/sys-boot/grub/grub-0.97-r11.ebuild
new file mode 100644
index 0000000..9bc167d
--- /dev/null
+++ b/sys-boot/grub/grub-0.97-r11.ebuild
@@ -0,0 +1,292 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/grub-0.97-r10.ebuild,v 1.11 2011/09/10 02:33:59 dirtyepic Exp $
+
+# XXX: we need to review menu.lst vs grub.conf handling.  We've been converting
+#      all systems to grub.conf (and symlinking menu.lst to grub.conf), but
+#      we never updated any of the source code (it still all wants menu.lst),
+#      and there is no indication that upstream is making the transition.
+
+# If you need to roll a new grub-static distfile, here is how.
+# - Robin H. Johnson <robbat2@gentoo.org> - 29 Nov 2010
+# USE='static -ncurses -netboot -custom-cflags' \
+# GRUB_STATIC_PACKAGE_BUILDING=1 ebuild \
+# grub-${PVR}.ebuild package && \
+# cp -f ${PKGDIR}/${CAT}/${PF}.tbz2 ${DISTDIR}/grub-static-${PVR}.tar.bz2
+
+inherit mount-boot eutils flag-o-matic toolchain-funcs autotools linux-info pax-utils
+
+PATCHVER="1.11" # Should match the revision ideally
+DESCRIPTION="GNU GRUB Legacy boot loader"
+HOMEPAGE="http://www.gnu.org/software/grub/"
+SRC_URI="mirror://gentoo/${P}.tar.gz
+	ftp://alpha.gnu.org/gnu/${PN}/${P}.tar.gz
+	mirror://gentoo/splash.xpm.gz
+	mirror://gentoo/${P}-patches-${PATCHVER}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="custom-cflags ncurses netboot static"
+
+RDEPEND="ncurses? (
+		>=sys-libs/ncurses-5.2-r5
+		amd64? ( app-emulation/emul-linux-x86-baselibs )
+	)"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+	local arch="$(tc-arch)"
+	case ${arch} in
+		amd64) CONFIG_CHECK='~IA32_EMULATION' check_extra_config ;;
+	esac
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# patch breaks booting for some people #111885
+	rm "${WORKDIR}"/patch/400_*reiser4*
+
+	# Grub will not handle a kernel larger than EXTENDED_MEMSIZE Mb as
+	# discovered in bug 160801. We can change this, however, using larger values
+	# for this variable means that Grub needs more memory to run and boot. For a
+	# kernel of size N, Grub needs (N+1)*2.  Advanced users should set a custom
+	# value in make.conf, it is possible to make kernels ~16Mb in size, but it
+	# needs the kitchen sink built-in.
+	local t="custom"
+	if [[ -z ${GRUB_MAX_KERNEL_SIZE} ]] ; then
+		case $(tc-arch) in
+			amd64) GRUB_MAX_KERNEL_SIZE=9 ;;
+			x86)   GRUB_MAX_KERNEL_SIZE=5 ;;
+		esac
+		t="default"
+	fi
+	einfo "Grub will support the ${t} maximum kernel size of ${GRUB_MAX_KERNEL_SIZE} Mb (GRUB_MAX_KERNEL_SIZE)"
+
+	sed -i \
+		-e "/^#define.*EXTENDED_MEMSIZE/s,3,${GRUB_MAX_KERNEL_SIZE},g" \
+		"${S}"/grub/asmstub.c \
+		|| die "Failed to hack memory size"
+
+	if [[ -n ${PATCHVER} ]] ; then
+		EPATCH_SUFFIX="patch"
+		epatch "${WORKDIR}"/patch
+		eautoreconf
+	fi
+}
+
+src_compile() {
+	filter-flags -fPIE #168834
+
+	use amd64 && multilib_toolchain_setup x86
+
+	unset BLOCK_SIZE #73499
+
+	### i686-specific code in the boot loader is a bad idea; disabling to ensure
+	### at least some compatibility if the hard drive is moved to an older or
+	### incompatible system.
+
+	# grub-0.95 added -fno-stack-protector detection, to disable ssp for stage2,
+	# but the objcopy's (faulty) test fails if -fstack-protector is default.
+	# create a cache telling configure that objcopy is ok, and add -C to econf
+	# to make use of the cache.
+	#
+	# CFLAGS has to be undefined running econf, else -fno-stack-protector detection fails.
+	# STAGE2_CFLAGS is not allowed to be used on emake command-line, it overwrites
+	# -fno-stack-protector detected by configure, removed from netboot's emake.
+	use custom-cflags || unset CFLAGS
+
+	export grub_cv_prog_objcopy_absolute=yes #79734
+	use static && append-ldflags -static
+
+	# Per bug 216625, the emul packages do not provide .a libs for performing
+	# suitable static linking
+	if use amd64 && use static ; then
+		if [ -z "${GRUB_STATIC_PACKAGE_BUILDING}" ]; then
+			die "You must use the grub-static package if you want a static Grub on amd64!"
+		else
+			eerror "You have set GRUB_STATIC_PACKAGE_BUILDING. This"
+			eerror "is specifically intended for building the tarballs for the"
+			eerror "grub-static package via USE='static -ncurses'."
+			eerror "All bets are now off."
+			ebeep 10
+		fi
+	fi
+
+	# build the net-bootable grub first, but only if "netboot" is set
+	if use netboot ; then
+		econf \
+		--libdir=/lib \
+		--datadir=/usr/lib/grub \
+		--exec-prefix=/ \
+		--disable-auto-linux-mem-opt \
+		--enable-diskless \
+		--enable-{3c{5{03,07,09,29,95},90x},cs89x0,davicom,depca,eepro{,100}} \
+		--enable-{epic100,exos205,ni5210,lance,ne2100,ni{50,65}10,natsemi} \
+		--enable-{ne,ns8390,wd,otulip,rtl8139,sis900,sk-g16,smc9000,tiara} \
+		--enable-{tulip,via-rhine,w89c840} || die "netboot econf failed"
+
+		emake w89c840_o_CFLAGS="-O" || die "making netboot stuff"
+
+		mv -f stage2/{nbgrub,pxegrub} "${S}"/
+		mv -f stage2/stage2 stage2/stage2.netboot
+
+		make clean || die "make clean failed"
+	fi
+
+	# Now build the regular grub
+	# Note that FFS and UFS2 support are broken for now - stage1_5 files too big
+	econf \
+		--libdir=/lib \
+		--datadir=/usr/lib/grub \
+		--exec-prefix=/ \
+		--disable-auto-linux-mem-opt \
+		$(use_with ncurses curses) \
+		|| die "econf failed"
+
+	# sanity check due to common failure
+	use ncurses && ! grep -qs "HAVE_LIBCURSES.*1" config.h && die "USE=ncurses but curses not found"
+
+	emake || die "making regular stuff"
+}
+
+src_test() {
+	# non-default block size also give false pass/fails.
+	unset BLOCK_SIZE
+	make check || die "make check failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+	if use netboot ; then
+		exeinto /usr/lib/grub/${CHOST}
+		doexe nbgrub pxegrub stage2/stage2.netboot || die "netboot install"
+	fi
+
+	dodoc AUTHORS BUGS ChangeLog NEWS README THANKS TODO
+	newdoc docs/menu.lst grub.conf.sample
+	dodoc "${FILESDIR}"/grub.conf.gentoo
+	prepalldocs
+
+	[ -n "${GRUB_STATIC_PACKAGE_BUILDING}" ] && \
+		mv \
+		"${D}"/usr/share/doc/${PF} \
+		"${D}"/usr/share/doc/grub-static-${PF/grub-}
+
+	insinto /usr/share/grub
+	doins "${DISTDIR}"/splash.xpm.gz
+}
+
+setup_boot_dir() {
+	local boot_dir=$1
+	local dir=${boot_dir}
+
+	mkdir -p "${dir}"
+	[[ ! -L ${dir}/boot ]] && ln -s . "${dir}/boot"
+	dir="${dir}/grub"
+	if [[ ! -e ${dir} ]] ; then
+		mkdir "${dir}" || die "${dir} does not exist!"
+	fi
+
+	# change menu.lst to grub.conf
+	if [[ ! -e ${dir}/grub.conf ]] && [[ -e ${dir}/menu.lst ]] ; then
+		mv -f "${dir}"/menu.lst "${dir}"/grub.conf
+		ewarn
+		ewarn "*** IMPORTANT NOTE: menu.lst has been renamed to grub.conf"
+		ewarn
+	fi
+
+	if [[ ! -e ${dir}/menu.lst ]]; then
+		einfo "Linking from new grub.conf name to menu.lst"
+		ln -snf grub.conf "${dir}"/menu.lst
+	fi
+
+	if [[ -e ${dir}/stage2 ]] ; then
+		mv "${dir}"/stage2{,.old}
+		ewarn "*** IMPORTANT NOTE: you must run grub and install"
+		ewarn "the new version's stage1 to your MBR.  Until you do,"
+		ewarn "stage1 and stage2 will still be the old version, but"
+		ewarn "later stages will be the new version, which could"
+		ewarn "cause problems such as an unbootable system."
+		ewarn "This means you must use either grub-install or perform"
+		ewarn "root/setup manually! For more help, see the handbook:"
+		ewarn "http://www.gentoo.org/doc/en/handbook/handbook-${ARCH}.xml?part=1&chap=10#grub-install-auto"
+		ebeep
+	fi
+
+	einfo "Copying files from /lib/grub, /usr/lib/grub and /usr/share/grub to ${dir}"
+	for x in \
+		"${ROOT}"/lib*/grub/*/* \
+		"${ROOT}"/usr/lib*/grub/*/* \
+		"${ROOT}"/usr/share/grub/* ; do
+		[[ -f ${x} ]] && cp -p "${x}" "${dir}"/
+	done
+
+	if [[ ! -e ${dir}/grub.conf ]] ; then
+		s="${ROOT}/usr/share/doc/${PF}/grub.conf.gentoo"
+		[[ -e "${s}" ]] && cat "${s}" >${dir}/grub.conf
+		[[ -e "${s}.gz" ]] && zcat "${s}.gz" >${dir}/grub.conf
+		[[ -e "${s}.bz2" ]] && bzcat "${s}.bz2" >${dir}/grub.conf
+	fi
+
+	# Per bug 218599, we support grub.conf.install for users that want to run a
+	# specific set of Grub setup commands rather than the default ones.
+	grub_config=${dir}/grub.conf.install
+	[[ -e ${grub_config} ]] || grub_config=${dir}/grub.conf
+	if [[ -e ${grub_config} ]] ; then
+		egrep \
+			-v '^[[:space:]]*(#|$|default|fallback|initrd|password|splashimage|timeout|title)' \
+			"${grub_config}" | \
+		/sbin/grub --batch \
+			--device-map="${dir}"/device.map \
+			> /dev/null
+	fi
+
+	# the grub default commands silently piss themselves if
+	# the default file does not exist ahead of time
+	if [[ ! -e ${dir}/default ]] ; then
+		grub-set-default --root-directory="${boot_dir}" default
+	fi
+	einfo "Grub has been installed to ${boot_dir} successfully."
+}
+
+pkg_postinst() {
+	mount-boot_mount_boot_partition
+
+	# bug 330745
+	# must be pax-marked before setup_boot_dir
+	pax-mark -m "${D}"/sbin/grub
+
+	if [[ -n ${DONT_MOUNT_BOOT} ]]; then
+		elog "WARNING: you have DONT_MOUNT_BOOT in effect, so you must apply"
+		elog "the following instructions for your /boot!"
+		elog "Neglecting to do so may cause your system to fail to boot!"
+		elog
+	else
+		setup_boot_dir "${ROOT}"/boot
+		# Trailing output because if this is run from pkg_postinst, it gets mixed into
+		# the other output.
+		einfo ""
+	fi
+	elog "To interactively install grub files to another device such as a USB"
+	elog "stick, just run the following and specify the directory as prompted:"
+	elog "   emerge --config =${PF}"
+	elog "Alternately, you can export GRUB_ALT_INSTALLDIR=/path/to/use to tell"
+	elog "grub where to install in a non-interactive way."
+
+	# needs to be after we call setup_boot_dir
+	mount-boot_pkg_postinst
+}
+
+pkg_config() {
+	local dir
+	if [ ! -d "${GRUB_ALT_INSTALLDIR}" ]; then
+		einfo "Enter the directory where you want to setup grub:"
+		read dir
+	else
+		dir="${GRUB_ALT_INSTALLDIR}"
+	fi
+	setup_boot_dir "${dir}"
+}

diff --git a/sys-boot/grub/metadata.xml b/sys-boot/grub/metadata.xml
new file mode 100644
index 0000000..dca555e
--- /dev/null
+++ b/sys-boot/grub/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>base-system</herd>
+<use>
+	<flag name='device-mapper'>
+		Enable support for <pkg>sys-fs/device-mapper</pkg>
+	</flag>
+	<flag name='efiemu'>
+		Build and install the efiemu runtimes
+	</flag>
+</use>
+</pkgmetadata>