From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Qdw2T-0003cp-SF for garchives@archives.gentoo.org; Tue, 05 Jul 2011 03:11:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4FC3221C099; Tue, 5 Jul 2011 03:10:58 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 12BE521C099 for ; Tue, 5 Jul 2011 03:10:58 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 688011B4003 for ; Tue, 5 Jul 2011 03:10:57 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id A601F8003E for ; Tue, 5 Jul 2011 03:10:56 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <25c33a6fb228fd1973e2406a867fd76f04fea600.blueness@gentoo> Subject: [gentoo-commits] dev/blueness:master commit in: sys-kernel/hardened-sources/ X-VCS-Repository: dev/blueness X-VCS-Files: sys-kernel/hardened-sources/ChangeLog sys-kernel/hardened-sources/Manifest sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebuild sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuild sys-kernel/hardened-sources/metadata.xml X-VCS-Directories: sys-kernel/hardened-sources/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 25c33a6fb228fd1973e2406a867fd76f04fea600 Date: Tue, 5 Jul 2011 03:10:56 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: ef8ac54e1ab61268d6b9f6742571e59a commit: 25c33a6fb228fd1973e2406a867fd76f04fea600 Author: Anthony G. Basile gentoo org> AuthorDate: Tue Jul 5 03:10:52 2011 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Tue Jul 5 03:10:52 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Ddev/blueness.git;a= =3Dcommit;h=3D25c33a6f sys-kernel/hardened-sources: testing patchset 20110701 --- sys-kernel/hardened-sources/ChangeLog | 10 ++++ sys-kernel/hardened-sources/Manifest | 14 ++++++ .../hardened-sources-2.6.32-r55.ebuild | 48 ++++++++++++++= ++++++ .../hardened-sources-2.6.39-r5.ebuild | 48 ++++++++++++++= ++++++ sys-kernel/hardened-sources/metadata.xml | 17 +++++++ 5 files changed, 137 insertions(+), 0 deletions(-) diff --git a/sys-kernel/hardened-sources/ChangeLog b/sys-kernel/hardened-= sources/ChangeLog new file mode 100644 index 0000000..e70f275 --- /dev/null +++ b/sys-kernel/hardened-sources/ChangeLog @@ -0,0 +1,10 @@ + + +*hardened-sources-2.6.39-r5 (05 Jul 2011) +*hardened-sources-2.6.32-r55 (05 Jul 2011) + + 05 Jul 2011; Anthony G. Basile + +hardened-sources-2.6.32-r55.ebuild, +hardened-sources-2.6.39-r5.ebuil= d, + +metadata.xml: + testing patchset 20110701 + diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-s= ources/Manifest new file mode 100644 index 0000000..82c69b9 --- /dev/null +++ b/sys-kernel/hardened-sources/Manifest @@ -0,0 +1,14 @@ +DIST deblob-2.6.32 84094 RMD160 394f46ec5b869638a7bc2e87beb118167c9bd6cb= SHA1 1a2a1efb72126609d9e3b9be99ae5be2751efd06 SHA256 de625f0bd221c9c38d4= 453f1b709622f222d86a0ae9350d2b7b0e17795e6de6d +DIST deblob-check-2.6.32 247608 RMD160 840bf8a229ea79810519eee6241edb85b= 78a6562 SHA1 d45a24eb16e5ac956c0fcddbc1ac4d67e326c7b8 SHA256 da1aecdf3ab7= f1207b90642d303e52262ccc2ed9e49739b729512b88950d17f3 +DIST genpatches-2.6.32-39.base.tar.bz2 947073 RMD160 531e72e1284f864bb97= 0759176dab8e14a46f2f3 SHA1 80b701bf2511f7c02b45929511fb884d45e23131 SHA25= 6 0639b3e622652f5316333de4ab6d9b94ce9a80ab26d48dc91ffee7a65a1347e9 +DIST genpatches-2.6.32-39.extras.tar.bz2 24934 RMD160 e3e1d60fb45a3e3c81= 8ddda36b9180d4fc46679e SHA1 d16a34dfa35d163ea4042058b3865c389f3802e9 SHA2= 56 50b70c76461aa52f7f2ad88175e7f08eb555f7f1dfd274759ec0c2a9748bde5e +DIST genpatches-2.6.39-4.base.tar.bz2 79495 RMD160 e6e880cd00636c9830fc9= a3b7c6bdaabdb76c197 SHA1 a4d357b3ab25b2fae7c85a22654039c8da5b4333 SHA256 = 5d9865b2124153cf61d510c2b6c71dff57479f44de90b4631b03e4d16c2b363e +DIST genpatches-2.6.39-4.extras.tar.bz2 17196 RMD160 65c4f86f0dbe6702fb1= f8a4e05e80746093be3dd SHA1 0ddeb37fc69b4c84b01e540a8e3f5d8e03afaf18 SHA25= 6 d804acde9d43abc7439bf8a2cb247e8a124326fdd7f1940897ab9f045d7634e7 +DIST hardened-patches-2.6.32-58.extras.tar.bz2 450575 RMD160 14c0a9272b5= 537cdf94a30a592ad554fab06474e SHA1 717c0d80c44318e0c8e1387322da484c6b9f91= 12 SHA256 13f7d821f9999ff3578d8182d467ea3f39564a93d3a6e65b6eb7ccceaf966c0= b +DIST hardened-patches-2.6.39-6.extras.tar.bz2 518059 RMD160 3c6615f2a825= 4cc4d4b452fad8dded7a6ee32cd5 SHA1 6b1fd19a5e48b923710742559a1e7ea53213366= d SHA256 7a691d9e5676804467bb48c63f7e65113c3f08c72b9a565d8ae8f3100e057f3d +DIST linux-2.6.32.tar.bz2 64424138 RMD160 b93742cbaf8174f2200d2dbef0d47a= 26c618039c SHA1 410b4fc818023bfef60064e973ff0ab46d3bfb19 SHA256 5099786d8= 0b8407d98a619df00209c2353517f22d804fdd9533b362adcb4504e +DIST linux-2.6.39.tar.bz2 76096559 RMD160 feddc516bc15e78f12f611ff184d38= baa4eac4ee SHA1 68518112821e55f4ac1df64f2e0e809cedfcc5ef SHA256 584d17f2a= 3ee18a9501d7ff36907639e538cfdba4529978b8550c461d45c61f6 +EBUILD hardened-sources-2.6.32-r55.ebuild 1758 RMD160 92e7a57d6898345d20= b6354f0e1677803e4e7b09 SHA1 14832cd2b1abce1dad63ed4e46554aeaa9ec6644 SHA2= 56 2d4dd4664bfd2882c5fc9efd085bc1d2b6894874072d39f357c9437564f1a270 +EBUILD hardened-sources-2.6.39-r5.ebuild 1755 RMD160 77a1803bd365fc1d4b2= 75b5e2f8a4f70c1256409 SHA1 fe858c329ce89fa352f48c6c293b036ef14a0123 SHA25= 6 66a91bef493c371a4d7e12ec5e7f12deb938718b8e8244cbd5d3dcd17ec75152 +MISC ChangeLog 264 RMD160 220e8ce2c8511c419d527e4825c97f335b4d759a SHA1 = 0b85f7ef4a6c77ef5745345f8cd4288b2e91a402 SHA256 db277142a705bcc5bd762df8d= 65ec1ee4729f73c813190d797aa0ee269764549 +MISC metadata.xml 578 RMD160 7ea189a37d0f863ae9c52170bb85df27d21686fb SH= A1 4765c25d7770a69f7b9dda2b1accc8ff27b74ad0 SHA256 64140e091b51002a5355d8= fcfd351f2f39ed63da68af3a5751fc2058d0d03813 diff --git a/sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebui= ld b/sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebuild new file mode 100644 index 0000000..ffa2459 --- /dev/null +++ b/sys-kernel/hardened-sources/hardened-sources-2.6.32-r55.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-= sources-2.6.32-r54.ebuild,v 1.1 2011/06/29 16:05:54 blueness Exp $ + +EAPI=3D"4" + +ETYPE=3D"sources" +K_WANT_GENPATCHES=3D"base extras" +K_GENPATCHES_VER=3D"39" + +inherit kernel-2 +detect_version + +HGPV=3D"${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-58" +HGPV_URI=3D"http://dev.gentoo.org/~blueness/hardened-sources/hardened-pa= tches/hardened-patches-${HGPV}.extras.tar.bz2" +SRC_URI=3D"${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" + +UNIPATCH_LIST=3D"${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" +UNIPATCH_EXCLUDE=3D"4200_fbcondecor-0.9.6.patch" + +DESCRIPTION=3D"Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_M= INOR})" +HOMEPAGE=3D"http://www.gentoo.org/proj/en/hardened/" +IUSE=3D"" + +KEYWORDS=3D"~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +pkg_postinst() { + kernel-2_pkg_postinst + + local GRADM_COMPAT=3D"sys-apps/gradm-2.2.2*" + + ewarn + ewarn "Hardened Gentoo provides three different predefined grsecurity l= evel:" + ewarn "[server], [workstation], and [virtualization]." + ewarn + ewarn "Those who intend to use one of these predefined grsecurity level= s" + ewarn "should read the help associated with the level. Users importing= a" + ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32," + ewarn "should review their selected grsecurity/PaX options carefully." + ewarn + ewarn "Users of grsecurity's RBAC system must ensure they are using" + ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." + ewarn "It is strongly recommended that the following command is issued" + ewarn "prior to booting a ${PF} kernel for the first time:" + ewarn + ewarn "emerge -na =3D${GRADM_COMPAT}" + ewarn +} diff --git a/sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuil= d b/sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuild new file mode 100644 index 0000000..24b8516 --- /dev/null +++ b/sys-kernel/hardened-sources/hardened-sources-2.6.39-r5.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-= sources-2.6.39-r4.ebuild,v 1.1 2011/06/29 16:09:57 blueness Exp $ + +EAPI=3D"4" + +ETYPE=3D"sources" +K_WANT_GENPATCHES=3D"base extras" +K_GENPATCHES_VER=3D"4" + +inherit kernel-2 +detect_version + +HGPV=3D"${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-6" +HGPV_URI=3D"http://dev.gentoo.org/~blueness/hardened-sources/hardened-pa= tches/hardened-patches-${HGPV}.extras.tar.bz2" +SRC_URI=3D"${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}" + +UNIPATCH_LIST=3D"${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2" +UNIPATCH_EXCLUDE=3D"4200_fbcondecor-0.9.6.patch" + +DESCRIPTION=3D"Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_M= INOR})" +HOMEPAGE=3D"http://www.gentoo.org/proj/en/hardened/" +IUSE=3D"" + +KEYWORDS=3D"~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +pkg_postinst() { + kernel-2_pkg_postinst + + local GRADM_COMPAT=3D"sys-apps/gradm-2.2.2*" + + ewarn + ewarn "Hardened Gentoo provides three different predefined grsecurity l= evel:" + ewarn "[server], [workstation], and [virtualization]." + ewarn + ewarn "Those who intend to use one of these predefined grsecurity level= s" + ewarn "should read the help associated with the level. Users importing= a" + ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32," + ewarn "should review their selected grsecurity/PaX options carefully." + ewarn + ewarn "Users of grsecurity's RBAC system must ensure they are using" + ewarn "${GRADM_COMPAT}, which is compatible with ${PF}." + ewarn "It is strongly recommended that the following command is issued" + ewarn "prior to booting a ${PF} kernel for the first time:" + ewarn + ewarn "emerge -na =3D${GRADM_COMPAT}" + ewarn +} diff --git a/sys-kernel/hardened-sources/metadata.xml b/sys-kernel/harden= ed-sources/metadata.xml new file mode 100644 index 0000000..6fa414d --- /dev/null +++ b/sys-kernel/hardened-sources/metadata.xml @@ -0,0 +1,17 @@ + + + + kernel + hardened + + blueness@gentoo.org + Anthony G. Basile + + + hardened-sources is based upon genpatches, and adds the grsecurity + patch from http://www.grsecurity.net, which also includes PaX. + + + Remove binary blobs from kernel sources to provi= de libre license compliance. + +