* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-04-08 19:59 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-04-08 19:59 UTC (permalink / raw
To: gentoo-commits
commit: e4393f651576637ce32d85264261144e6c82eb71
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 8 19:57:40 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Apr 8 19:57:40 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=e4393f65
tools-hardened/desktop: centralizes common code for build scripts
---
tools-hardened/desktop/fluxbox-run.sh | 135 ++---------------------------
tools-hardened/desktop/gnome3-run.sh | 126 ++-------------------------
tools-hardened/desktop/make.sh | 4 +-
tools-hardened/desktop/run-base.sh | 142 +++++++++++++++++++++++++++++++
tools-hardened/desktop/xfce4-run.sh | 155 +++++-----------------------------
5 files changed, 179 insertions(+), 383 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index 1be294d..82a7669 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -8,102 +8,12 @@ STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
+MAKE_BASE="xfce4"
+KEYWORDS_BASE="gnome"
+USE_BASE="xfce4"
+WORLD_BASE="fluxbox"
-unpack_stage3() {
- mkdir "${ROOTFS}"
- tar -x -C "${ROOTFS}" -f "${STAGE3}"
-}
-
-mount_dirs() {
- mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
-}
-
-populate_etc() {
- cp -f files/fstab "${ROOTFS}"/etc/fstab
- cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
-
- rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
- cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
- cp -f files/portage/package.gnome.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
- cp -f files/portage/package.xfce4.use "${ROOTFS}"/etc/portage/package.use
- cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
- cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
-}
-
-rebuild_toolchain() {
- cp -f toolchain.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/toolchain.sh
- rm -f "${ROOTFS}"/tmp/toolchain.sh
-}
-
-rebuild_world() {
- cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
- cp -f files/fluxbox-world "${ROOTFS}"/var/lib/portage/world
- cp -f rebuild.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/rebuild.sh
- rm -f "${ROOTFS}"/tmp/rebuild.sh
-}
-
-
-update_world() {
- cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
- cp -f update.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/update.sh
- rm -f "${ROOTFS}"/tmp/update.sh
-}
-
-build_kernel() {
- local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
- mkdir -p "${ROOTFS}"/boot
-
- genkernel \
- --kernel-config=files/kernel-config \
- --makeopts=-j9 \
- --static \
- --symlink \
- --no-mountboot \
- --kerneldir="${KERNEL_SOURCE}" \
- --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
- all
-
- #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
- # objcopy --strip-unneeded $i
- #done
- rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
- wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
- tar -x -C "${PWD}"/files -f th-boot.tar.gz
- cp -Rf files/th-boot/grub "${ROOTFS}"/boot
- rm -f "${PWD}"/th-boot.tar.gz
-}
-
-setup_initrc() {
- ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
- chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add alsasound boot
- chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
- chroot "${ROOTFS}"/ rc-update add device-mapper boot
- chroot "${ROOTFS}"/ rc-update add lvm boot
- chroot "${ROOTFS}"/ rc-update add udev boot
- chroot "${ROOTFS}"/ rc-update add cupsd default
- chroot "${ROOTFS}"/ rc-update add cronie default
- chroot "${ROOTFS}"/ rc-update add net.eth0 default
- chroot "${ROOTFS}"/ rc-update add postfix default
- chroot "${ROOTFS}"/ rc-update add sshd default
- chroot "${ROOTFS}"/ rc-update add xdm default
- chroot "${ROOTFS}"/ rc-update add avahi-daemon default
- chroot "${ROOTFS}"/ rc-update add dbus default
- chroot "${ROOTFS}"/ rc-update add samba default
- chroot "${ROOTFS}"/ rc-update add syslog-ng default
- chroot "${ROOTFS}"/ rc-update add udev-postmount default
- chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
- chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
-}
+source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
@@ -124,8 +34,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
- sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
- cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
+ sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
@@ -136,6 +45,7 @@ setup_usergroups() {
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
+ cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
}
setup_confs() {
@@ -160,36 +70,7 @@ setup_confs() {
chroot "${ROOTFS}"/ eselect locale set 3
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
- # NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
- #sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
-}
-
-cleanup_dirs() {
- rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/var/cache/*
- rm -rf "${ROOTFS}"/var/log/*
- rm -rf "${ROOTFS}"/var/tmp/*
- rm -rf "${ROOTFS}"/etc/resolv.conf
- rm -rf "${ROOTFS}"/etc/ssh/*key*
- rm -rf "${ROOTFS}"/root/.viminfo
- for i in ${ROOTFS}/root/.bash_history ; do >$i; done
- find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
-}
-
-unmount_dirs() {
- umount "${ROOTFS}"/sys/
- umount "${ROOTFS}"/dev/shm
- umount "${ROOTFS}"/dev/pts/
- umount "${ROOTFS}"/dev/
- umount "${ROOTFS}"/proc/
- umount "${ROOTFS}"/usr/portage/
-
- mkdir "${ROOTFS}"/usr/portage/profiles/
- echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
-}
-
-make_iso() {
- MYROOT="${ROOTFS}" ./make.sh
+ sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index 6b9b842..5dbf9e2 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -4,103 +4,17 @@ ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-gnome"
PWD="$(pwd)"
-STAGE3="/var/tmp/catalyst/builds/hardened/amd64/stage3-amd64-hardened-latest.tar.bz2"
+STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
+BASE="gnome"
+MAKE_BASE="${BASE}"
+KEYWORDS_BASE="${BASE}"
+USE_BASE="${BASE}"
+WORLD_BASE="${BASE}"
-unpack_stage3() {
- mkdir "${ROOTFS}"
- tar -x -C "${ROOTFS}" -f "${STAGE3}"
-}
-
-mount_dirs() {
- mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
-}
-
-populate_etc() {
- cp -f files/fstab "${ROOTFS}"/etc/fstab
- cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
-
- rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
- cp -f files/portage/make.gnome.1 "${ROOTFS}"/etc/portage/make.conf
-
- cp -f files/portage/package.gnome.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
- cp -f files/portage/package.gnome.use "${ROOTFS}"/etc/portage/package.use
- cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
- cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
-}
-
-rebuild_toolchain() {
- cp -f toolchain.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/toolchain.sh
- rm -f "${ROOTFS}"/tmp/toolchain.sh
-}
-
-rebuild_world() {
- cp -f files/gnome-world "${ROOTFS}"/var/lib/portage/world
- cp -f rebuild.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/rebuild.sh
- rm -f "${ROOTFS}"/tmp/rebuild.sh
-}
-
-
-update_world() {
- cp -f files/portage/make.gnome.2 "${ROOTFS}"/etc/portage/make.conf
-
- cp -f update.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/update.sh
- rm -f "${ROOTFS}"/tmp/update.sh
-}
-
-build_kernel() {
- local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
- mkdir -p "${ROOTFS}"/boot
-
- genkernel \
- --kernel-config=files/kernel-config \
- --makeopts=-j9 \
- --static \
- --symlink \
- --no-mountboot \
- --kerneldir="${KERNEL_SOURCE}" \
- --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
- all
-
- #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
- # objcopy --strip-unneeded $i
- # done
- rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
- wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
- tar -x -C "${PWD}"/files -f th-boot.tar.gz
- cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
- rm -f "${PWD}"/th-boot.tar.gz
-}
-
-setup_systemd() {
- ln -sf /proc/self/mounts /etc/mtab
- sed -i -e 's/# GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
- chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
- chroot "${ROOTFS}"/ systemctl enable bluetooth.service
- chroot "${ROOTFS}"/ systemctl enable cups.service
- chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
- chroot "${ROOTFS}"/ systemctl enable cronie.service
- chroot "${ROOTFS}"/ systemctl enable gdm.service
- chroot "${ROOTFS}"/ systemctl enable metalog.service
- chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
- chroot "${ROOTFS}"/ systemctl enable postfix.service
- chroot "${ROOTFS}"/ systemctl enable smbd.service
- chroot "${ROOTFS}"/ systemctl enable sshd.service
- #chroot "${ROOTFS}"/ systemctl enable udev.service
- #chroot "${ROOTFS}"/ systemctl enable udev-settle.service
- #chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
-}
+source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
@@ -147,31 +61,7 @@ setup_confs() {
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
- # NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
- #sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
-}
-
-cleanup_dirs() {
- rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/var/log/*
- rm -rf "${ROOTFS}"/var/tmp/*
- rm -rf "${ROOTFS}"/etc/resolv.conf
-}
-
-unmount_dirs() {
- umount -l "${ROOTFS}"/sys/
- umount -l "${ROOTFS}"/dev/shm
- umount -l "${ROOTFS}"/dev/pts/
- umount -l "${ROOTFS}"/dev/
- umount -l "${ROOTFS}"/proc/
- umount -l "${ROOTFS}"/usr/portage/
-
- mkdir "${ROOTFS}"/usr/portage/profiles/
- echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
-}
-
-make_iso() {
- MYROOT="${ROOTFS}" ./make.sh
+ sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
diff --git a/tools-hardened/desktop/make.sh b/tools-hardened/desktop/make.sh
index 1df4681..aae8565 100755
--- a/tools-hardened/desktop/make.sh
+++ b/tools-hardened/desktop/make.sh
@@ -2,7 +2,7 @@
WORKING=$(pwd)
CHROOTS=${CHROOTS:-"${WORKING}"}
-MYROOT=${MYROOT:-"desktop-amd64-hardened-ramdisk"}
+MYROOT=${MYROOT:-""}
cleanup()
{
@@ -60,7 +60,7 @@ mkiso()
nameit()
{
DATE=$(date +%Y%m%d)
- NAME="${MYROOT}-${DATE}.iso"
+ NAME="${MYROOT}-${DATE}.iso"
[ -f ramdisk.iso ] && mv ramdisk.iso $NAME || echo "Can't name ramdisk.iso, I didn't find it."
}
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
new file mode 100755
index 0000000..b9178c8
--- /dev/null
+++ b/tools-hardened/desktop/run-base.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+
+unpack_stage3() {
+ mkdir "${ROOTFS}"
+ tar -x -C "${ROOTFS}" -f "${STAGE3}"
+}
+
+mount_dirs() {
+ mkdir "${ROOTFS}"/usr/portage/
+ mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
+ mount --bind /proc/ "${ROOTFS}"/proc/
+ mount --bind /dev/ "${ROOTFS}"/dev/
+ mount --bind /dev/pts "${ROOTFS}"/dev/pts/
+ mount -t tmpfs shm "${ROOTFS}"/dev/shm
+ mount --bind /sys/ "${ROOTFS}"/sys/
+}
+
+populate_etc() {
+ cp -f files/fstab "${ROOTFS}"/etc/fstab
+ cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
+
+ rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
+ cp -f files/portage/make."${MAKE_BASE}".1 "${ROOTFS}"/etc/portage/make.conf
+ cp -f files/portage/package."${KEYWORDS_BASE}".accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
+ cp -f files/portage/package."${USE_BASE}".use "${ROOTFS}"/etc/portage/package.use
+ cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
+ cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
+}
+
+rebuild_toolchain() {
+ cp -f toolchain.sh "${ROOTFS}"/tmp/
+ chroot "${ROOTFS}"/ /tmp/toolchain.sh
+ rm -f "${ROOTFS}"/tmp/toolchain.sh
+}
+
+rebuild_world() {
+ cp -f files/"${WORLD_BASE}"-world "${ROOTFS}"/var/lib/portage/world
+ cp -f rebuild.sh "${ROOTFS}"/tmp/
+ chroot "${ROOTFS}"/ /tmp/rebuild.sh
+ rm -f "${ROOTFS}"/tmp/rebuild.sh
+}
+
+update_world() {
+ cp -f files/portage/make."${MAKE_BASE}".2 "${ROOTFS}"/etc/portage/make.conf
+ cp -f update.sh "${ROOTFS}"/tmp/
+ chroot "${ROOTFS}"/ /tmp/update.sh
+ rm -f "${ROOTFS}"/tmp/update.sh
+}
+
+build_kernel() {
+ local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
+ mkdir -p "${ROOTFS}"/boot
+
+ genkernel \
+ --kernel-config=files/kernel-config \
+ --makeopts=-j9 \
+ --static \
+ --symlink \
+ --no-mountboot \
+ --kerneldir="${KERNEL_SOURCE}" \
+ --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
+ all
+
+ #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
+ # objcopy --strip-unneeded $i
+ #done
+ rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
+ wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
+ tar -x -C "${PWD}"/files -f th-boot.tar.gz
+ cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
+ rm -f "${PWD}"/th-boot.tar.gz
+}
+
+setup_initrc() {
+ ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
+ chroot "${ROOTFS}"/ rc-update add acpid boot
+ chroot "${ROOTFS}"/ rc-update add alsasound boot
+ chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
+ chroot "${ROOTFS}"/ rc-update add device-mapper boot
+ chroot "${ROOTFS}"/ rc-update add lvm boot
+ chroot "${ROOTFS}"/ rc-update add udev boot
+ chroot "${ROOTFS}"/ rc-update add cupsd default
+ chroot "${ROOTFS}"/ rc-update add cronie default
+ chroot "${ROOTFS}"/ rc-update add net.eth0 default
+ chroot "${ROOTFS}"/ rc-update add postfix default
+ chroot "${ROOTFS}"/ rc-update add sshd default
+ chroot "${ROOTFS}"/ rc-update add xdm default
+ chroot "${ROOTFS}"/ rc-update add avahi-daemon default
+ chroot "${ROOTFS}"/ rc-update add dbus default
+ chroot "${ROOTFS}"/ rc-update add samba default
+ chroot "${ROOTFS}"/ rc-update add syslog-ng default
+ chroot "${ROOTFS}"/ rc-update add udev-postmount default
+ chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
+ chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
+}
+
+setup_systemd() {
+ ln -sf /proc/self/mounts /etc/mtab
+ sed -i -e 's/# GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
+ chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
+ chroot "${ROOTFS}"/ systemctl enable bluetooth.service
+ chroot "${ROOTFS}"/ systemctl enable cups.service
+ chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
+ chroot "${ROOTFS}"/ systemctl enable cronie.service
+ chroot "${ROOTFS}"/ systemctl enable gdm.service
+ chroot "${ROOTFS}"/ systemctl enable metalog.service
+ chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
+ chroot "${ROOTFS}"/ systemctl enable postfix.service
+ chroot "${ROOTFS}"/ systemctl enable smbd.service
+ chroot "${ROOTFS}"/ systemctl enable sshd.service
+ #chroot "${ROOTFS}"/ systemctl enable udev.service
+ #chroot "${ROOTFS}"/ systemctl enable udev-settle.service
+ #chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
+}
+
+cleanup_dirs() {
+ rm -rf "${ROOTFS}"/tmp/*
+ rm -rf "${ROOTFS}"/var/cache/*
+ rm -rf "${ROOTFS}"/var/log/*
+ rm -rf "${ROOTFS}"/var/tmp/*
+ rm -rf "${ROOTFS}"/etc/resolv.conf
+ rm -rf "${ROOTFS}"/etc/ssh/*key*
+ rm -rf "${ROOTFS}"/root/.viminfo
+ for i in ${ROOTFS}/root/.bash_history ; do >$i; done
+ find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
+}
+
+unmount_dirs() {
+ umount "${ROOTFS}"/sys/
+ umount "${ROOTFS}"/dev/shm
+ umount "${ROOTFS}"/dev/pts/
+ umount "${ROOTFS}"/dev/
+ umount "${ROOTFS}"/proc/
+ umount "${ROOTFS}"/usr/portage/
+
+ mkdir "${ROOTFS}"/usr/portage/profiles/
+ echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
+}
+
+make_iso() {
+ MYROOT="${ROOTFS}" ./make.sh
+}
diff --git a/tools-hardened/desktop/xfce4-run.sh b/tools-hardened/desktop/xfce4-run.sh
index 80ea87e..0d5bafc 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -8,101 +8,13 @@ STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
+BASE="xfce4"
+MAKE_BASE="${BASE}"
+KEYWORDS_BASE="${BASE}"
+USE_BASE="${BASE}"
+WORLD_BASE="${BASE}"
-unpack_stage3() {
- mkdir "${ROOTFS}"
- tar -x -C "${ROOTFS}" -f "${STAGE3}"
-}
-
-mount_dirs() {
- mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
-}
-
-populate_etc() {
- cp -f files/fstab "${ROOTFS}"/etc/fstab
- cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
-
- rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
- cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
- cp -f files/portage/package.xfce4.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
- cp -f files/portage/package.xfce4.use "${ROOTFS}"/etc/portage/package.use
- cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
- cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
-}
-
-rebuild_toolchain() {
- cp -f toolchain.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/toolchain.sh
- rm -f "${ROOTFS}"/tmp/toolchain.sh
-}
-
-rebuild_world() {
- cp -f files/xfce4-world "${ROOTFS}"/var/lib/portage/world
- cp -f rebuild.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/rebuild.sh
- rm -f "${ROOTFS}"/tmp/rebuild.sh
-}
-
-
-update_world() {
- cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
- cp -f update.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/update.sh
- rm -f "${ROOTFS}"/tmp/update.sh
-}
-
-build_kernel() {
- local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
- mkdir -p "${ROOTFS}"/boot
-
- genkernel \
- --kernel-config=files/kernel-config \
- --makeopts=-j9 \
- --static \
- --symlink \
- --no-mountboot \
- --kerneldir="${KERNEL_SOURCE}" \
- --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
- all
-
- #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
- # objcopy --strip-unneeded $i
- #done
- rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
- wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
- tar -x -C "${PWD}"/files -f th-boot.tar.gz
- cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
- rm -f "${PWD}"/th-boot.tar.gz
-}
-
-setup_initrc() {
- ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
- chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add alsasound boot
- chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
- chroot "${ROOTFS}"/ rc-update add device-mapper boot
- chroot "${ROOTFS}"/ rc-update add lvm boot
- chroot "${ROOTFS}"/ rc-update add udev boot
- chroot "${ROOTFS}"/ rc-update add cupsd default
- chroot "${ROOTFS}"/ rc-update add cronie default
- chroot "${ROOTFS}"/ rc-update add net.eth0 default
- chroot "${ROOTFS}"/ rc-update add postfix default
- chroot "${ROOTFS}"/ rc-update add sshd default
- chroot "${ROOTFS}"/ rc-update add xdm default
- chroot "${ROOTFS}"/ rc-update add avahi-daemon default
- chroot "${ROOTFS}"/ rc-update add dbus default
- chroot "${ROOTFS}"/ rc-update add samba default
- chroot "${ROOTFS}"/ rc-update add syslog-ng default
- chroot "${ROOTFS}"/ rc-update add udev-postmount default
- chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
- chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
-}
+source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
@@ -156,52 +68,23 @@ setup_confs() {
chroot "${ROOTFS}"/ eselect locale set 3
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
- # NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
- #sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
-}
-
-cleanup_dirs() {
- rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/var/cache/*
- rm -rf "${ROOTFS}"/var/log/*
- rm -rf "${ROOTFS}"/var/tmp/*
- rm -rf "${ROOTFS}"/etc/resolv.conf
- rm -rf "${ROOTFS}"/etc/ssh/*key*
- rm -rf "${ROOTFS}"/root/.viminfo
- for i in ${ROOTFS}/root/.bash_history ; do >$i; done
- find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
-}
-
-unmount_dirs() {
- umount "${ROOTFS}"/sys/
- umount "${ROOTFS}"/dev/shm
- umount "${ROOTFS}"/dev/pts/
- umount "${ROOTFS}"/dev/
- umount "${ROOTFS}"/proc/
- umount "${ROOTFS}"/usr/portage/
-
- mkdir "${ROOTFS}"/usr/portage/profiles/
- echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
-}
-
-make_iso() {
- MYROOT="${ROOTFS}" ./make.sh
+ sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
- #unpack_stage3
- #mount_dirs
- #populate_etc
- #rebuild_toolchain
- #rebuild_world
- #update_world
+ unpack_stage3
+ mount_dirs
+ populate_etc
+ rebuild_toolchain
+ rebuild_world
+ update_world
build_kernel
- #setup_initrc
- #setup_usergroups
- #setup_confs
- #cleanup_dirs
- #unmount_dirs
- #make_iso
+ setup_initrc
+ setup_usergroups
+ setup_confs
+ cleanup_dirs
+ unmount_dirs
+ make_iso
}
main > xfce4-"${ARCH}"-build.log 2>&1 &
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-04-26 3:01 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-04-26 3:01 UTC (permalink / raw
To: gentoo-commits
commit: 7c08f8405310c283dbcd4197dc224fe2abda9d57
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 26 02:56:49 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sat Apr 26 02:56:49 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=7c08f840
README: Added detail to kernel requirements.
The build scripts use genkernel to build the kernel and look for the
kernel in /usr/src/linux-tinhat. This detail has been added to make
it clearer for build script users.
---
tools-hardened/desktop/README | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index 86f0dc4..c3d7c83 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -5,6 +5,10 @@ On the host system, these two packages need to be installed:
* sys-kernel/hardened-sources-3.13.5
* sys-kernel/linux-firmware-20131230
+* sys-kernel/genkernel
+
+Once you emerge these things, create a symbolic link of the hardened-sources
+to point to "/usr/src/linux-tinhat".
To run:
=======
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-05-06 19:32 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-05-06 19:32 UTC (permalink / raw
To: gentoo-commits
commit: 226680c9b393702b043ff518bfa0f717fb00baac
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue May 6 19:28:55 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue May 6 19:28:55 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=226680c9
tools-hardened/desktop/fluxbox-run.sh: Fixes fluxbox config file issue.
The Fluxbox menu can either be a standard default or a custom file. While
there is already a custom menu file in existance under files/usermenu, it
was not previously being copied over prior to the creation of the ISO. This
caused the user to not have a custom menu file upon boot. To fix this, a line
has been added to the script which creates the .fluxbox directory prior to
building the image.
---
tools-hardened/desktop/fluxbox-run.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index 82a7669..c6c85ad 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -45,6 +45,7 @@ setup_usergroups() {
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
+ mkdir -p "${ROOTFS}"/home/thuser/.fluxbox
cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
}
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-07-23 3:31 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-07-23 3:31 UTC (permalink / raw
To: gentoo-commits
commit: c8e37168b7a94377e03ef994bea2cd3c6f647940
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 23 03:31:42 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Wed Jul 23 03:31:42 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=c8e37168
README: Modifies requirements text
---
tools-hardened/desktop/README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index 349f49d..97a990b 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -1,7 +1,7 @@
Kernel Requirements:
====================
-On the host system, these two packages need to be installed:
+On the host system, these packages need to be installed:
* sys-kernel/hardened-sources-3.14.2-r1
* sys-kernel/linux-firmware-20131230
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-08-18 21:59 Robin H. Johnson
0 siblings, 0 replies; 35+ messages in thread
From: Robin H. Johnson @ 2014-08-18 21:59 UTC (permalink / raw
To: gentoo-commits
commit: c8e37168b7a94377e03ef994bea2cd3c6f647940
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 23 03:31:42 2014 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Wed Jul 23 03:31:42 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=c8e37168
README: Modifies requirements text
---
tools-hardened/desktop/README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index 349f49d..97a990b 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -1,7 +1,7 @@
Kernel Requirements:
====================
-On the host system, these two packages need to be installed:
+On the host system, these packages need to be installed:
* sys-kernel/hardened-sources-3.14.2-r1
* sys-kernel/linux-firmware-20131230
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-10-09 20:38 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-10-09 20:38 UTC (permalink / raw
To: gentoo-commits
commit: 301b3bcf25835815c5ea93a8f7f962ce943daabc
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 6 17:50:02 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Oct 7 17:32:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=301b3bcf
tools-hardened/desktop: Adds KERNEL_DIR env var to emerge calls
It is important that when emerging packages no kernel configuration
is taken from the running kernel, to fix this all calls to emerge
have been prepended with the KERNEL_DIR env var which includes the
kernel src dir that emerge should look at inside the chroot.
---
tools-hardened/desktop/rebuild.sh | 4 +++-
tools-hardened/desktop/toolchain.sh | 8 +++++---
tools-hardened/desktop/update.sh | 3 ++-
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/tools-hardened/desktop/rebuild.sh b/tools-hardened/desktop/rebuild.sh
index 20d52bd..f136502 100755
--- a/tools-hardened/desktop/rebuild.sh
+++ b/tools-hardened/desktop/rebuild.sh
@@ -1,5 +1,7 @@
#!/bin/bash -l
+kernel_dir="/usr/src/linux-tinhat"
+
source /etc/profile
env-update
-emerge -evq --keep-going --with-bdeps=y world
+KERNEL_DIR="${kernel_dir}" emerge -evq --keep-going --with-bdeps=y world
diff --git a/tools-hardened/desktop/toolchain.sh b/tools-hardened/desktop/toolchain.sh
index c189a28..2ffefcf 100755
--- a/tools-hardened/desktop/toolchain.sh
+++ b/tools-hardened/desktop/toolchain.sh
@@ -1,11 +1,13 @@
#!/bin/bash -l
+kernel_dir="/usr/src/linux-tinhat"
+
source /etc/profile
env-update
-emerge -1q binutils
+KERNEL_DIR="${kernel_dir}" emerge -1q binutils
source /etc/profile
env-update
-emerge -1q gcc
+KERNEL_DIR="${kernel_dir}" emerge -1q gcc
source /etc/profile
env-update
-emerge -1q glibc
+KERNEL_DIR="${kernel_dir}" emerge -1q glibc
diff --git a/tools-hardened/desktop/update.sh b/tools-hardened/desktop/update.sh
index 4d8f4d0..48b8bf9 100755
--- a/tools-hardened/desktop/update.sh
+++ b/tools-hardened/desktop/update.sh
@@ -1,5 +1,6 @@
#!/bin/bash -l
+kernel_dir="/usr/src/linux-tinhat"
#Right now we're commenting out the cairo
#rebuild to see if it works in glibc.
#hacky - for some reason cairo fails to rebuild
@@ -12,4 +13,4 @@ env-update
#env-update
#emerge -1q x11-libs/cairo
-emerge -uvNDq --keep-going --with-bdeps=y world
+KERNEL_DIR="${kernel_dir}" emerge -uvNDq --keep-going --with-bdeps=y world
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-10-09 20:38 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-10-09 20:38 UTC (permalink / raw
To: gentoo-commits
commit: e35587b117197615902a50077af628fb746d3b15
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 6 17:41:41 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Oct 7 17:32:51 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=e35587b1
tools-hardened/desktop: Adds kernel source population in chroot
In order to make the building of the ISO non-reliant on any sort of
external settings from the build system, the kernel source for needs
to be populated into the chroot, along with the pre-made kernel config.
---
tools-hardened/desktop/fluxbox-run.sh | 1 +
tools-hardened/desktop/gnome3-run.sh | 1 +
tools-hardened/desktop/run-base.sh | 7 +++++++
tools-hardened/desktop/xfce4-run.sh | 1 +
4 files changed, 10 insertions(+)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index a429aad..28bbe50 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -80,6 +80,7 @@ setup_confs() {
main() {
unpack_stage3
mount_dirs
+ populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index 1280520..8b6bc73 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -71,6 +71,7 @@ setup_confs() {
main() {
unpack_stage3
mount_dirs
+ populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 12a0ee5..24326b3 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -15,6 +15,12 @@ mount_dirs() {
mount --bind /sys/ "${ROOTFS}"/sys/
}
+populate_kernel_src()
+{
+ cp -f files/kernel-config "${KERNEL_SOURCE}"
+ cp -Rf "${KERNEL_SOURCE}"/ "${ROOTFS}"/usr/src/
+}
+
populate_etc() {
cp -f files/fstab "${ROOTFS}"/etc/fstab
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
@@ -117,6 +123,7 @@ setup_systemd() {
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
+ rm -rf "${ROOTFS}"/usr/src/*
rm -rf "${ROOTFS}"/var/cache/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
diff --git a/tools-hardened/desktop/xfce4-run.sh b/tools-hardened/desktop/xfce4-run.sh
index 0d5bafc..951dab0 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -74,6 +74,7 @@ setup_confs() {
main() {
unpack_stage3
mount_dirs
+ populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-10-09 20:38 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-10-09 20:38 UTC (permalink / raw
To: gentoo-commits
commit: ecc729aa55e0e4424daa20d6471b8cbcf305c99a
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 9 20:35:17 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Oct 9 20:35:17 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=ecc729aa
tools-hardened/desktop: Modifies un/mounting for run-base.sh
---
tools-hardened/desktop/run-base.sh | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 24326b3..89e9618 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -7,12 +7,10 @@ unpack_stage3() {
mount_dirs() {
mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
+ mount --rbind /usr/portage/ "${ROOTFS}"/usr/portage/
+ mount --rbind /proc/ "${ROOTFS}"/proc/
+ mount --rbind /dev/ "${ROOTFS}"/dev/
+ mount --rbind /sys/ "${ROOTFS}"/sys/
}
populate_kernel_src()
@@ -135,12 +133,10 @@ cleanup_dirs() {
}
unmount_dirs() {
- umount "${ROOTFS}"/sys/
- umount "${ROOTFS}"/dev/shm
- umount "${ROOTFS}"/dev/pts/
- umount "${ROOTFS}"/dev/
- umount "${ROOTFS}"/proc/
- umount "${ROOTFS}"/usr/portage/
+ umount -l "${ROOTFS}"/sys/
+ umount -l "${ROOTFS}"/dev/
+ umount -l "${ROOTFS}"/proc/
+ umount -l "${ROOTFS}"/usr/portage/
mkdir "${ROOTFS}"/usr/portage/profiles/
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-10-23 14:47 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-10-23 14:47 UTC (permalink / raw
To: gentoo-commits
commit: d78366a1102d91568e9412d5b847d12a3443c7c3
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 23 14:34:52 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Oct 23 14:47:08 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=d78366a1
tools-hardened/desktop/*-run.sh: Explicitly sets locale to en_US.utf8
---
tools-hardened/desktop/fluxbox-run.sh | 2 +-
tools-hardened/desktop/gnome3-run.sh | 2 +-
tools-hardened/desktop/xfce4-run.sh | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index 28bbe50..8e793cc 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -71,7 +71,7 @@ setup_confs() {
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
chroot "${ROOTFS}"/ locale-gen
- chroot "${ROOTFS}"/ eselect locale set 3
+ chroot "${ROOTFS}"/ eselect locale set en_US.utf8
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index 8b6bc73..ab782e2 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -62,7 +62,7 @@ setup_confs() {
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
chroot "${ROOTFS}"/ locale-gen
-
+ chroot "${ROOTFS}"/ eselect locale set en_US.utf8
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
diff --git a/tools-hardened/desktop/xfce4-run.sh b/tools-hardened/desktop/xfce4-run.sh
index 951dab0..c8a5a17 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -65,7 +65,7 @@ setup_confs() {
cp -a files/locale/locale.gen "${ROOTFS}"/etc/
chroot "${ROOTFS}"/ locale-gen
- chroot "${ROOTFS}"/ eselect locale set 3
+ chroot "${ROOTFS}"/ eselect locale set en_US.utf8
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-12-09 2:42 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-12-09 2:42 UTC (permalink / raw
To: gentoo-commits
commit: 6e3fef7991e59a7bfc8fe124b6abd7ed03bfae0a
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 9 02:42:23 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Dec 9 02:42:23 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=6e3fef79
run-base.sh: Enables systemd-resolved service in setup_systemd()
---
tools-hardened/desktop/run-base.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 6a61dbf..97da707 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -110,6 +110,7 @@ setup_systemd() {
chroot "${ROOTFS}"/ systemctl enable gdm.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
+ chroot "${ROOTFS}"/ systemctl enable systemd-resolved
chroot "${ROOTFS}"/ systemctl enable postfix.service
chroot "${ROOTFS}"/ systemctl disable gdm
chroot "${ROOTFS}"/ systemctl enable slim
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-12-11 22:29 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-12-11 22:29 UTC (permalink / raw
To: gentoo-commits
commit: 9deede6fb934424d811e66ad2a799c7a9cad6c5f
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 11 22:29:18 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Dec 11 22:29:18 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=9deede6f
tools-hardened/desktop: Updates README to reflect recent changes and needed packages
---
tools-hardened/desktop/README | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index c271694..fa8526f 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -4,7 +4,7 @@ Kernel Requirements:
On the host system, these packages need to be installed:
* sys-kernel/hardened-sources-3.15.8
-* sys-kernel/linux-firmware-20131230
+* >=sys-kernel/linux-firmware-20131230
* sys-kernel/genkernel
Once you emerge these things, create a symbolic link of the hardened-sources
@@ -12,12 +12,12 @@ to point to "/usr/src/linux-tinhat".
After this you need to apply the Loop-AES patch by doing the following:
-* cp ./config/loop-AES-kernel-3.14.patch /usr/src/linux-tinhat/
+* cp ./config/loop-AES-kernel.patch /usr/src/linux-tinhat/
Then apply the patch:
* rm -f drivers/block/loop.c include/linux/loop.h
-* patch -p1 < loop-AES-kernel-3.14.patch
+* patch -p1 < loop-AES-kernel.patch
To run:
=======
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-12-11 23:20 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-12-11 23:20 UTC (permalink / raw
To: gentoo-commits
commit: 8453184f38fa317f973adefa3120640106b039e8
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 11 23:20:26 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Dec 11 23:20:26 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=8453184f
tools-hardened/desktop: Updates README to include information about the stage3 tarball
---
tools-hardened/desktop/README | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index fa8526f..139124a 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -19,10 +19,21 @@ Then apply the patch:
* rm -f drivers/block/loop.c include/linux/loop.h
* patch -p1 < loop-AES-kernel.patch
+Stage 3 tarball:
+================
+TinHat relies on a stage 3 tarball as it's seed to begin the chroot.
+By default, it expects to see the tarball in:
+"/var/tmp/catalyst/builds/hardened/amd64/stage3-amd64-hardened-latest.tar.bz2"
+You can however inform TinHat of your own location of choice by passing it
+as an environment variable: "STAGE3".
+
To run:
=======
+ex.) STAGE3="/ministry/of/silly/walks/evil-rabbit.tar.bz2" ./<DM>-run.sh
+
+or without the STAGE3 environment variable.
-Execute ./<DM>-run.sh
+ex.) ./<DM-run.sh
Where <DM> is a desktop manager of three flavors of choice:
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-12-15 20:33 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-12-15 20:33 UTC (permalink / raw
To: gentoo-commits
commit: 811ad4b3066b9d04b697de01b789dfa6b71a3f9f
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 15 20:33:13 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Mon Dec 15 20:33:13 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=811ad4b3
tools-hardened/desktop: Updates *-run.sh files to allow the STAGE3 variable to be set as env var
---
tools-hardened/desktop/fluxbox-run.sh | 2 +-
tools-hardened/desktop/gnome3-run.sh | 2 +-
tools-hardened/desktop/xfce4-run.sh | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index 8e793cc..25fc09d 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -4,7 +4,7 @@ ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-fluxbox"
PWD="$(pwd)"
-STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
+STAGE3=${STAGE3:-"/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"}
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index ab782e2..3bffe0c 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -4,7 +4,7 @@ ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-gnome"
PWD="$(pwd)"
-STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
+STAGE3=${STAGE3:-"/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"}
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
diff --git a/tools-hardened/desktop/xfce4-run.sh b/tools-hardened/desktop/xfce4-run.sh
index c8a5a17..06268aa 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -4,7 +4,7 @@ ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-xfce4"
PWD="$(pwd)"
-STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
+STAGE3=${STAGE3:-"/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"}
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2014-12-18 5:34 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2014-12-18 5:34 UTC (permalink / raw
To: gentoo-commits
commit: 0ebe0bf3263623164d0661d056e273362946b215
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 18 05:34:09 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Dec 18 05:34:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=0ebe0bf3
tools-hardened/desktop: Makes slight spell check correction in README
---
tools-hardened/desktop/README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index 139124a..1b097d9 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -12,7 +12,7 @@ to point to "/usr/src/linux-tinhat".
After this you need to apply the Loop-AES patch by doing the following:
-* cp ./config/loop-AES-kernel.patch /usr/src/linux-tinhat/
+* cp ./configs/loop-AES-kernel.patch /usr/src/linux-tinhat/
Then apply the patch:
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-01-02 4:45 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-01-02 4:45 UTC (permalink / raw
To: gentoo-commits
commit: 778d69698e8f12efebb886535c434f3f8621df90
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 2 04:37:37 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Fri Jan 2 04:37:40 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=778d6969
tools-hardened/desktop: Code cleanup for build scripts
Code cleanup is simply replacements of spaces to tabs to make all
lines coincide with one another.
---
tools-hardened/desktop/fluxbox-run.sh | 2 +-
tools-hardened/desktop/gnome3-run.sh | 2 +-
tools-hardened/desktop/run-base.sh | 4 ++--
tools-hardened/desktop/xfce4-run.sh | 4 ++--
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index 25fc09d..3d11091 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -80,7 +80,7 @@ setup_confs() {
main() {
unpack_stage3
mount_dirs
- populate_kernel_src
+ populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index 3bffe0c..1ec109d 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -71,7 +71,7 @@ setup_confs() {
main() {
unpack_stage3
mount_dirs
- populate_kernel_src
+ populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 120f153..4b4b929 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -110,7 +110,7 @@ setup_systemd() {
chroot "${ROOTFS}"/ systemctl enable gdm.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
- chroot "${ROOTFS}"/ systemctl enable systemd-resolved
+ chroot "${ROOTFS}"/ systemctl enable systemd-resolved
chroot "${ROOTFS}"/ systemctl enable postfix.service
chroot "${ROOTFS}"/ systemctl disable gdm
chroot "${ROOTFS}"/ systemctl enable slim
@@ -123,7 +123,7 @@ setup_systemd() {
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/usr/src/*
+ rm -rf "${ROOTFS}"/usr/src/*
rm -rf "${ROOTFS}"/var/cache/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
diff --git a/tools-hardened/desktop/xfce4-run.sh b/tools-hardened/desktop/xfce4-run.sh
index 06268aa..9ed5cfd 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -33,7 +33,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
- sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/startxfce4/' "${ROOTFS}"/home/thuser//.xinitrc
+ sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/startxfce4/' "${ROOTFS}"/home/thuser//.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
@@ -74,7 +74,7 @@ setup_confs() {
main() {
unpack_stage3
mount_dirs
- populate_kernel_src
+ populate_kernel_src
populate_etc
rebuild_toolchain
rebuild_world
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-02-10 3:28 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-02-10 3:28 UTC (permalink / raw
To: gentoo-commits
commit: 06e3a6e61c8dd572d8bc9f015802271e78a8cfed
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 10 03:28:47 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Feb 10 03:28:47 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=06e3a6e6
tools-hardened/desktop: run-base.sh - Moves udev service to sysinit openRC runlevel
---
tools-hardened/desktop/run-base.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 4b4b929..df33685 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -83,7 +83,7 @@ setup_initrc() {
chroot "${ROOTFS}"/ rc-update add cpupower boot
chroot "${ROOTFS}"/ rc-update add device-mapper boot
chroot "${ROOTFS}"/ rc-update add lvm boot
- chroot "${ROOTFS}"/ rc-update add udev boot
+ chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cupsd default
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-02-11 20:25 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-02-11 20:25 UTC (permalink / raw
To: gentoo-commits
commit: 4e3e7310d23b0c33090626d8a8ad28cc3a5f48b4
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 11 20:24:44 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Wed Feb 11 20:24:44 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=4e3e7310
tools-hardened/desktop/fluxbox-run.sh: Adds setting of background in .xinitrc file
---
tools-hardened/desktop/fluxbox-run.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index 3d11091..d297cfa 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -28,6 +28,7 @@ setup_usergroups() {
cp -f files/usermenu "${ROOTFS}"/usr/share/fluxbox/
cp -f files/fluxbox-startup "${ROOTFS}"/usr/share/fluxbox/startup
+ sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/backgrounds.jpg' "${ROOTFS}"/etc/skel/.xinitrc
sed -i 's/^\/usr\/*.*/exec startfluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf,.fluxbox}
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-02-14 4:13 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-02-14 4:13 UTC (permalink / raw
To: gentoo-commits
commit: de943032fe0e2ae7c831ee7685a7b78c431c1c9f
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 14 04:12:49 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sat Feb 14 04:12:49 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=de943032
fluxbox-run.sh: Moves background setting sed lower down in setup_usergroups () function
---
tools-hardened/desktop/fluxbox-run.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index d297cfa..bf66e73 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -28,8 +28,8 @@ setup_usergroups() {
cp -f files/usermenu "${ROOTFS}"/usr/share/fluxbox/
cp -f files/fluxbox-startup "${ROOTFS}"/usr/share/fluxbox/startup
- sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/backgrounds.jpg' "${ROOTFS}"/etc/skel/.xinitrc
sed -i 's/^\/usr\/*.*/exec startfluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
+ sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/etc/skel/.xinitrc
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf,.fluxbox}
chmod 700 "${ROOTFS}"/etc/skel/.ssh
@@ -39,6 +39,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
sed -i -e 's/^\/usr\/*.*/exec startfluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
+ sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/etc/skel/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf,.fluxbox}
@@ -49,7 +50,6 @@ setup_usergroups() {
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
- sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
}
setup_confs() {
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-02-15 19:37 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-02-15 19:37 UTC (permalink / raw
To: gentoo-commits
commit: 02f2f98747eacf7ea9af25bf4fbcbbfd52b013a7
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 15 19:21:00 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sun Feb 15 19:21:05 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=02f2f987
fluxbox-run.sh: Modifies sed location to /home/thusr/.xinitrc
In order to set the background for user "thuser" on login a sed
needed to be done to insert the fbsetbg command in the .xinitrc
in the "thuser" home dir.
---
tools-hardened/desktop/fluxbox-run.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index bf66e73..e0d34e1 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -39,7 +39,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
sed -i -e 's/^\/usr\/*.*/exec startfluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
- sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/etc/skel/.xinitrc
+ sed -i '2 i\fbsetbg \/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/home/thuser/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf,.fluxbox}
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-02-15 19:56 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-02-15 19:56 UTC (permalink / raw
To: gentoo-commits
commit: 2223a7307080bb25732245d61aaddb5731c38df2
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 15 19:56:16 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sun Feb 15 19:56:16 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=2223a730
gnome3-run.sh: Adds background setting in .xinitrc file
---
tools-hardened/desktop/gnome3-run.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index 1ec109d..4fd834e 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -25,6 +25,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/etc/skel
cp -a thuser "${ROOTFS}"/etc/skel
+ sed -i '2 i\gsettings set org.gnome.desktop.background picture-uri file:\/\/\/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/etc/skel/.xinitrc
mkdir -p "${ROOTFS}"/etc/skel/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
chmod 700 "${ROOTFS}"/etc/skel/.ssh
wget -O "${ROOTFS}"/etc/skel/.config/dconf/user "${DCONF_LOCAL}"
@@ -32,6 +33,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
+ sed -i '2 i\gsettings set org.gnome.desktop.background picture-uri file:\/\/\/usr\/share\/backgrounds\/background.jpg' "${ROOTFS}"/home/thuser/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_xfce4_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-11 21:26 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-11 21:26 UTC (permalink / raw
To: gentoo-commits
commit: a42fa793b0f64e7ed311253f4500484181c07067
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 11 21:26:49 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Wed Mar 11 21:26:49 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=a42fa793
tools-hardened/desktop run-base.sh: Removes incorrect whitespace in setup_systemd sed
tools-hardened/desktop/run-base.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index df33685..2275452 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -101,7 +101,7 @@ setup_initrc() {
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
- sed -i -e 's/# GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
+ sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
chroot "${ROOTFS}"/ systemctl enable bluetooth.service
chroot "${ROOTFS}"/ systemctl enable cups.service
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-12 2:23 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-12 2:23 UTC (permalink / raw
To: gentoo-commits
commit: 995c972da71e7599c0ab78a561d705391f7a0863
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 12 02:19:57 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Mar 12 02:22:45 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=995c972d
tools-hardened/desktop run-base.sh: setup_initrc() cleans up init services
This commit cleans up the services to reflect the services listed at:
http://tinhat.sourceforge.net/?q=technical
tools-hardened/desktop/run-base.sh | 5 -----
1 file changed, 5 deletions(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 2275452..d79469a 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -79,20 +79,15 @@ build_kernel() {
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add alsasound boot
- chroot "${ROOTFS}"/ rc-update add cpupower boot
chroot "${ROOTFS}"/ rc-update add device-mapper boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
- chroot "${ROOTFS}"/ rc-update add cupsd default
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
chroot "${ROOTFS}"/ rc-update add postfix default
chroot "${ROOTFS}"/ rc-update add sshd default
chroot "${ROOTFS}"/ rc-update add xdm default
- chroot "${ROOTFS}"/ rc-update add avahi-daemon default
chroot "${ROOTFS}"/ rc-update add dbus default
- chroot "${ROOTFS}"/ rc-update add samba default
chroot "${ROOTFS}"/ rc-update add syslog-ng default
chroot "${ROOTFS}"/ rc-update add udev-postmount default
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-12 2:28 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-12 2:28 UTC (permalink / raw
To: gentoo-commits
commit: 0b4a7da25051c864ab5ecb23fd869dd6ede7af0a
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 12 02:27:31 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Mar 12 02:27:48 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=0b4a7da2
tools-hardened/desktop run-base.sh: setup_systemd() cleans up services
This commit cleans up the services to reflect the services listed at:
http://tinhat.sourceforge.net/?q=technical
tools-hardened/desktop/run-base.sh | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index d79469a..7cd525b 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -97,9 +97,6 @@ setup_initrc() {
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
- chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
- chroot "${ROOTFS}"/ systemctl enable bluetooth.service
- chroot "${ROOTFS}"/ systemctl enable cups.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable gdm.service
@@ -109,11 +106,10 @@ setup_systemd() {
chroot "${ROOTFS}"/ systemctl enable postfix.service
chroot "${ROOTFS}"/ systemctl disable gdm
chroot "${ROOTFS}"/ systemctl enable slim
- chroot "${ROOTFS}"/ systemctl enable smbd.service
chroot "${ROOTFS}"/ systemctl enable sshd.service
- #chroot "${ROOTFS}"/ systemctl enable udev.service
- #chroot "${ROOTFS}"/ systemctl enable udev-settle.service
- #chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
+ chroot "${ROOTFS}"/ systemctl disable avahi-daemon.service
+ chroot "${ROOTFS}"/ systemctl disable bluetooth.serivce
+ chroot "${ROOTFS}"/ systemctl disable cups.service
}
cleanup_dirs() {
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-15 19:12 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-15 19:12 UTC (permalink / raw
To: gentoo-commits
commit: 4f564bfd7101c97dd46d5df4359b57b07fdf8c4e
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 15 19:12:10 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sun Mar 15 19:12:10 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=4f564bfd
tools-hardened/desktop run-base.sh: Disables MPROTECT on gnome-shell for gnome variant
tools-hardened/desktop/run-base.sh | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 7cd525b..f73726b 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -50,6 +50,13 @@ update_world() {
cp -f update.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/update.sh
rm -f "${ROOTFS}"/tmp/update.sh
+
+ if [ "${WORLD_BASE}" == "gnome" ];
+ then
+ gnome_shell_loc=`chroot "${ROOTFS}"/ which gnome-shell`
+ chroot "${ROOTFS}"/ paxctl-ng -vm "${gnome_shell_loc}"
+ unset gnome_shell_loc
+ fi
}
build_kernel() {
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-15 19:15 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-15 19:15 UTC (permalink / raw
To: gentoo-commits
commit: 8914b1f9c99e6d108f183c1c598ec9fa77bc0a34
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 15 19:15:14 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sun Mar 15 19:15:14 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=8914b1f9
tools-hardened/desktop run-base.sh: Removes unnecessary enabling of gdm systemd service
tools-hardened/desktop/run-base.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index f73726b..a326424 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -106,7 +106,6 @@ setup_systemd() {
sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
- chroot "${ROOTFS}"/ systemctl enable gdm.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
chroot "${ROOTFS}"/ systemctl enable systemd-resolved
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-15 19:22 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-15 19:22 UTC (permalink / raw
To: gentoo-commits
commit: 6b03011ea2d14a5743c07e6591d60d364acf1112
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 15 19:20:12 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sun Mar 15 19:20:15 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=6b03011e
tools-hardened/desktop Cleans up code of .sh files
This clean-up includes removing trailing white-spaces and ensuring
function structure consistency.
tools-hardened/desktop/fluxbox-run.sh | 2 +-
tools-hardened/desktop/make.sh | 14 +++++---------
tools-hardened/desktop/run-base.sh | 3 +--
tools-hardened/desktop/xfce4-run.sh | 4 ++--
4 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh b/tools-hardened/desktop/fluxbox-run.sh
index e0d34e1..c2f058a 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -54,7 +54,7 @@ setup_usergroups() {
setup_confs() {
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
-
+
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1slim/' "${ROOTFS}"/etc/conf.d/xdm
sed -i 's/^\(login.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# login_cmd.*Xsession/ a\login_cmd exec /bin/bash -login ~/.xinitrc' "${ROOTFS}"/etc/slim.conf
diff --git a/tools-hardened/desktop/make.sh b/tools-hardened/desktop/make.sh
index aae8565..73671a9 100755
--- a/tools-hardened/desktop/make.sh
+++ b/tools-hardened/desktop/make.sh
@@ -4,8 +4,7 @@ WORKING=$(pwd)
CHROOTS=${CHROOTS:-"${WORKING}"}
MYROOT=${MYROOT:-""}
-cleanup()
-{
+cleanup() {
cd ${WORKING}
rm -f ramdisk.iso
rm -f tinhat.igz
@@ -14,8 +13,7 @@ cleanup()
}
-mkinitramfs()
-{
+mkinitramfs() {
local BUSYBOX="http://dev.gentoo.org/~twitch153/tinhat/busybox"
cd ${WORKING}
@@ -27,7 +25,7 @@ mkinitramfs()
wget -O ${WORKING}/init/bin/busybox "${BUSYBOX}"
cp ../configs/init .
chmod 755 bin/busybox
- chmod 755 init
+ chmod 755 init
chroot . /bin/busybox --install -s
@@ -38,8 +36,7 @@ mkinitramfs()
}
-mkiso()
-{
+mkiso() {
cd ${WORKING}
mkdir -p iso/boot/grub
@@ -57,8 +54,7 @@ mkiso()
}
-nameit()
-{
+nameit() {
DATE=$(date +%Y%m%d)
NAME="${MYROOT}-${DATE}.iso"
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index a326424..593e93e 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -13,8 +13,7 @@ mount_dirs() {
mount --rbind /sys/ "${ROOTFS}"/sys/
}
-populate_kernel_src()
-{
+populate_kernel_src() {
cp -f files/kernel-config "${KERNEL_SOURCE}"
cp -Rf "${KERNEL_SOURCE}"/ "${ROOTFS}"/usr/src/
}
diff --git a/tools-hardened/desktop/xfce4-run.sh b/tools-hardened/desktop/xfce4-run.sh
index 9ed5cfd..6a9cfba 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -48,7 +48,7 @@ setup_usergroups() {
setup_confs() {
local IMAGE="http://dev.gentoo.org/~blueness/lilblue/gentoo1600x1200.jpg"
-
+
sed -i 's/^\(DISPLAYMANAGER="\)xdm/\1slim/' "${ROOTFS}"/etc/conf.d/xdm
sed -i 's/^\(login.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# login_cmd.*Xsession/ a\login_cmd exec /bin/bash -login ~/.xinitrc' "${ROOTFS}"/etc/slim.conf
@@ -67,7 +67,7 @@ setup_confs() {
chroot "${ROOTFS}"/ locale-gen
chroot "${ROOTFS}"/ eselect locale set en_US.utf8
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
- # In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
+ # In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-19 21:12 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-19 21:12 UTC (permalink / raw
To: gentoo-commits
commit: f2b3eb3d3499d9a14fea15f02abfdbb8f4eb0a8e
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 19 20:34:07 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Thu Mar 19 20:34:07 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=f2b3eb3d
tools-hardened/desktop gnome3-run.sh: Adds check for background dir existance
tools-hardened/desktop/gnome3-run.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools-hardened/desktop/gnome3-run.sh b/tools-hardened/desktop/gnome3-run.sh
index 4fd834e..96f0a77 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -54,6 +54,11 @@ setup_confs() {
sed -i 's/^\(sessiondir.*\)/# \1/' "${ROOTFS}"/etc/slim.conf
sed -i '/# sessiondir.*/ a\sessiondir /etc/X11/Sessions' "${ROOTFS}"/etc/slim.conf
+ if [ ! -d "${ROOTFS}/usr/share/backgrounds" ];
+ then
+ mkdir -p "${ROOTFS}"/usr/share/backgrounds
+ fi
+
wget -O "${ROOTFS}"/usr/share/backgrounds/background.jpg "${IMAGE}"
sed -i '/^SYNC/d' "${ROOTFS}"/etc/portage/make.conf
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-03-24 2:19 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-03-24 2:19 UTC (permalink / raw
To: gentoo-commits
commit: e2e80483e05d28f6179794cbdb3772fe711981ae
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 24 02:18:43 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Mar 24 02:18:43 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=e2e80483
tools-hardened/desktop run-base.sh: Removes device-mapper from rc services
tools-hardened/desktop/run-base.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 593e93e..6c9ce9f 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -85,7 +85,6 @@ build_kernel() {
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add device-mapper boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cronie default
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-13 17:50 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-13 17:50 UTC (permalink / raw
To: gentoo-commits
commit: e51b4857c8aa71878bda715aa8872ff2a7c78203
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 13 17:50:06 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Sat Jun 13 17:50:06 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=e51b4857
tools-hardened/desktop: README - Updates required kernel sources
tools-hardened/desktop/README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index 3a9474c..1dcc735 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -3,7 +3,7 @@ Kernel Requirements:
On the host system, these packages need to be installed:
-* sys-kernel/hardened-sources-3.17.7-r1
+* sys-kernel/hardened-sources-4.0.4-r2
* >=sys-kernel/linux-firmware-20131230
* sys-kernel/genkernel
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-16 21:04 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-16 21:04 UTC (permalink / raw
To: gentoo-commits
commit: 858dbcf70ae154eb198f6cb84ae87a29e544bb06
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 21:04:43 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 21:04:43 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=858dbcf7
tools-hardened/desktop: README - Adds directions to cd to kernel dir before attempting to apply patch
tools-hardened/desktop/README | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index 1dcc735..c498b74 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -16,6 +16,7 @@ After this you need to apply the Loop-AES patch by doing the following:
Then apply the patch:
+* cd /usr/src/linux-tinhat
* rm -f drivers/block/loop.c include/linux/loop.h
* patch -p1 < loop-AES-kernel.patch
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-16 21:17 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-16 21:17 UTC (permalink / raw
To: gentoo-commits
commit: 542ff13bcb95bf35401713ceb7c106d4739754ff
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 21:17:45 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 21:17:45 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=542ff13b
tools-hardened/desktop: README - Directs users where to find a proper stage3 tarball
tools-hardened/desktop/README | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools-hardened/desktop/README b/tools-hardened/desktop/README
index c498b74..d3463fa 100644
--- a/tools-hardened/desktop/README
+++ b/tools-hardened/desktop/README
@@ -28,6 +28,9 @@ By default, it expects to see the tarball in:
You can however inform TinHat of your own location of choice by passing it
as an environment variable: "STAGE3".
+Feel free to grab a hardened amd64 stage3 of your choice at:
+http://distfiles.gentoo.org/releases/amd64/autobuilds/
+
To run:
=======
ex.) STAGE3="/ministry/of/silly/walks/evil-rabbit.tar.bz2" ./<DM>-run.sh
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-16 22:02 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-16 22:02 UTC (permalink / raw
To: gentoo-commits
commit: 88d07e784c5236b3d26b88d8feb84b62afc07454
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 22:02:25 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 22:02:25 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=88d07e78
tools-hardened/desktop: run-base.sh - Adds bluetooth to openRC init services
tools-hardened/desktop/run-base.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 1d16995..847d8d5 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -85,7 +85,8 @@ build_kernel() {
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add atd boot
+ chroot "${ROOTFS}"/ rc-update add atd boot
+ chroot "${ROOTFS}"/ rc-update add bluetooth default
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cronie default
@@ -103,7 +104,7 @@ setup_initrc() {
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
- chroot "${ROOTFS}"/ systemctl enable atd.service
+ chroot "${ROOTFS}"/ systemctl enable atd.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-16 22:02 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-16 22:02 UTC (permalink / raw
To: gentoo-commits
commit: a12a5304a657ba5849fee61993785c2566d39855
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 22:00:26 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 22:00:26 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=a12a5304
tools-hardened/desktop: run-base.sh - Adds atd to enabled init services
tools-hardened/desktop/run-base.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 6c9ce9f..1d16995 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -85,6 +85,7 @@ build_kernel() {
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
+ chroot "${ROOTFS}"/ rc-update add atd boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cronie default
@@ -102,6 +103,7 @@ setup_initrc() {
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
+ chroot "${ROOTFS}"/ systemctl enable atd.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-16 22:09 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-16 22:09 UTC (permalink / raw
To: gentoo-commits
commit: d2a717d443ff8ff2f2816298e97eb77a74c87041
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 22:00:26 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 22:09:25 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=d2a717d4
tools-hardened/desktop: run-base.sh - Adds atd to enabled init services
tools-hardened/desktop/run-base.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 6c9ce9f..2a16a9d 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -85,6 +85,7 @@ build_kernel() {
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
+ chroot "${ROOTFS}"/ rc-update add atd boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cronie default
@@ -102,6 +103,7 @@ setup_initrc() {
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/#GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
+ chroot "${ROOTFS}"/ systemctl enable atd.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/
@ 2015-06-16 22:15 Devan Franchini
0 siblings, 0 replies; 35+ messages in thread
From: Devan Franchini @ 2015-06-16 22:15 UTC (permalink / raw
To: gentoo-commits
commit: 4bde7b7dd134aea85d69da6cef325b66832bd26e
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 22:15:17 2015 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 22:15:17 2015 +0000
URL: https://gitweb.gentoo.org/proj/releng.git/commit/?id=4bde7b7d
tools-hardened/desktop: run-base.sh - Removes lvm to openRC init services
tools-hardened/desktop/run-base.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools-hardened/desktop/run-base.sh b/tools-hardened/desktop/run-base.sh
index 2a16a9d..6250f68 100755
--- a/tools-hardened/desktop/run-base.sh
+++ b/tools-hardened/desktop/run-base.sh
@@ -86,7 +86,6 @@ setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
chroot "${ROOTFS}"/ rc-update add atd boot
- chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev sysinit
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
^ permalink raw reply related [flat|nested] 35+ messages in thread
end of thread, other threads:[~2015-06-16 22:15 UTC | newest]
Thread overview: 35+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-10 3:28 [gentoo-commits] proj/releng:master commit in: tools-hardened/desktop/ Devan Franchini
-- strict thread matches above, loose matches on Subject: below --
2015-06-16 22:15 Devan Franchini
2015-06-16 22:09 Devan Franchini
2015-06-16 22:02 Devan Franchini
2015-06-16 22:02 Devan Franchini
2015-06-16 21:17 Devan Franchini
2015-06-16 21:04 Devan Franchini
2015-06-13 17:50 Devan Franchini
2015-03-24 2:19 Devan Franchini
2015-03-19 21:12 Devan Franchini
2015-03-15 19:22 Devan Franchini
2015-03-15 19:15 Devan Franchini
2015-03-15 19:12 Devan Franchini
2015-03-12 2:28 Devan Franchini
2015-03-12 2:23 Devan Franchini
2015-03-11 21:26 Devan Franchini
2015-02-15 19:56 Devan Franchini
2015-02-15 19:37 Devan Franchini
2015-02-14 4:13 Devan Franchini
2015-02-11 20:25 Devan Franchini
2015-01-02 4:45 Devan Franchini
2014-12-18 5:34 Devan Franchini
2014-12-15 20:33 Devan Franchini
2014-12-11 23:20 Devan Franchini
2014-12-11 22:29 Devan Franchini
2014-12-09 2:42 Devan Franchini
2014-10-23 14:47 Devan Franchini
2014-10-09 20:38 Devan Franchini
2014-10-09 20:38 Devan Franchini
2014-10-09 20:38 Devan Franchini
2014-08-18 21:59 Robin H. Johnson
2014-07-23 3:31 Devan Franchini
2014-05-06 19:32 Devan Franchini
2014-04-26 3:01 Devan Franchini
2014-04-08 19:59 Devan Franchini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox