diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2012-05-08 01:01:12 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-05-08 01:01:21 +0200 |
| commit | 53edd1c867918427bf640c600e3f0becc4ea70e1 (patch) | |
| tree | c67838ba0d27f5392e2aab123db9a328b2da200c | |
| parent | Initial skeleton. (diff) | |
| download | exheres-53edd1c867918427bf640c600e3f0becc4ea70e1.tar.xz exheres-53edd1c867918427bf640c600e3f0becc4ea70e1.zip | |
Add the grsecurity and pax utilities.
| -rw-r--r-- | metadata/categories.conf | 1 | ||||
| -rw-r--r-- | packages/sys-apps/gradm/files/gradm-2.9.201202232055.patch | 32 | ||||
| -rw-r--r-- | packages/sys-apps/gradm/gradm-2.9.201202232055.exheres-0 | 43 | ||||
| -rw-r--r-- | packages/sys-apps/pax-utils/pax-utils-0.4.exheres-0 | 28 | ||||
| -rw-r--r-- | packages/sys-apps/paxctl/paxctl-0.7.exheres-0 | 16 |
5 files changed, 120 insertions, 0 deletions
diff --git a/metadata/categories.conf b/metadata/categories.conf index e69de29..a70619b 100644 --- a/metadata/categories.conf +++ b/metadata/categories.conf @@ -0,0 +1 @@ +sys-apps diff --git a/packages/sys-apps/gradm/files/gradm-2.9.201202232055.patch b/packages/sys-apps/gradm/files/gradm-2.9.201202232055.patch new file mode 100644 index 0000000..cd878ee --- /dev/null +++ b/packages/sys-apps/gradm/files/gradm-2.9.201202232055.patch @@ -0,0 +1,32 @@ +diff -Naur gradm2.orig/Makefile gradm2/Makefile +--- gradm2.orig/Makefile 2011-03-26 14:46:14.000000000 -0400 ++++ gradm2/Makefile 2011-03-27 11:11:36.000000000 -0400 +@@ -18,16 +18,16 @@ + BISON=/usr/bin/bison + #YACC := $(shell if [ -x $(BYACC) ]; then echo $(BYACC); else echo $(BISON); fi) + YACC=$(BISON) +-MKNOD=/bin/mknod ++MKNOD=true + #for dietlibc + #CC=/usr/bin/diet /usr/bin/gcc + CC=/usr/bin/gcc + FIND=/usr/bin/find +-STRIP=/usr/bin/strip ++STRIP=true + LIBS := $(shell if [ "`uname -m`" != "sparc64" -a "`uname -m`" != "x86_64" ]; then echo "-lfl" ; else echo "" ; fi) + OPT_FLAGS := $(shell if [ "`uname -m`" != "sparc64" ] && [ "`uname -m`" != "x86_64" ]; then echo "-O2" ; else echo "-O2 -m64" ; fi) +-CFLAGS := $(OPT_FLAGS) -Wcast-qual -DGRSEC_DIR=\"$(GRSEC_DIR)\" -D_LARGEFILE64_SOURCE +-LDFLAGS= ++CFLAGS := $(OPT_FLAGS) -Wcast-qual -DGRSEC_DIR=\"$(GRSEC_DIR)\" -D_LARGEFILE64_SOURCE $(CFLAGS) ++LDFLAGS+= + INSTALL = /usr/bin/install -c + + # FHS +@@ -134,6 +134,7 @@ + $(MKNOD) -m 0622 $(DESTDIR)/dev/grsec c 1 13 ; \ + fi \ + fi ++ @mkdir -p $(DESTDIR)/etc/udev/rules.d + @if [ -d $(DESTDIR)/etc/udev/rules.d ] ; then \ + echo "ACTION!=\"add|change\", GOTO=\"permissions_end\"" > $(DESTDIR)/etc/udev/rules.d/80-grsec.rules ; \ + echo "KERNEL==\"grsec\", MODE=\"0622\"" >> $(DESTDIR)/etc/udev/rules.d/80-grsec.rules ; \ diff --git a/packages/sys-apps/gradm/gradm-2.9.201202232055.exheres-0 b/packages/sys-apps/gradm/gradm-2.9.201202232055.exheres-0 new file mode 100644 index 0000000..c173865 --- /dev/null +++ b/packages/sys-apps/gradm/gradm-2.9.201202232055.exheres-0 @@ -0,0 +1,43 @@ +# Copyright 2012 Jason A. Donenfeld <Jason@zx2c4.com> +# Distributed under the terms of the GNU General Public License v2 + +SUMMARY="Administrative interface for the grsecurity Role Based Access Control system." +HOMEPAGE="http://www.grsecurity.net/" +MY_PV="$(ever replace 2 - ${PV})" +DOWNLOADS="http://grsecurity.net/test/${PN}-${MY_PV}.tar.gz" + +LICENCES="GPL-2" +SLOT="0" +PLATFORMS="~amd64 ~x86" +MYOPTIONS="pam" + +DEPENDENCIES=" + build: + sys-devel/bison + sys-devel/flex + build+run: + sys-fs/udev + pam? ( sys-libs/pam ) + recommendation: + sys-apps/paxctl +" + +WORK="${WORKBASE}/${PN}2" + +DEFAULT_SRC_PREPARE_PATCHES=( "${FILES}/${PNV}.patch" ) + +src_compile() { + emake $(option pam || echo nopam) CC="${CC}" OPT_FLAGS="${CFLAGS}" +} + +src_install() { + default + edo chmod 711 "${IMAGE}/sbin/gradm" + edo rmdir "${IMAGE}/dev" +} + +pkg_postinst() { + esandbox allow_net --connect "unix:/run/udev/control" + edo udevadm control --reload-rules && edo udevadm trigger --action=add --sysname-match=grsec + ewarn "Be sure to set a password with 'gradm -P' before enabling learning mode." +} diff --git a/packages/sys-apps/pax-utils/pax-utils-0.4.exheres-0 b/packages/sys-apps/pax-utils/pax-utils-0.4.exheres-0 new file mode 100644 index 0000000..aab1e01 --- /dev/null +++ b/packages/sys-apps/pax-utils/pax-utils-0.4.exheres-0 @@ -0,0 +1,28 @@ +# Copyright 2008-2012 Wulf C. Krueger +# Distributed under the terms of the GNU General Public License v2 + +SUMMARY="Utilities for ELF binaries (e. g. scanelf)" +HOMEPAGE="http://hardened.gentoo.org/${PN}.xml" +DOWNLOADS="mirror://gentoo/${PNV}.tar.xz" + +LICENCES="GPL-2" +SLOT="0" +PLATFORMS="~amd64 ~x86" +MYOPTIONS="caps" + +DEPENDENCIES=" + build: + app-arch/xz + build+run: + caps? ( sys-libs/libcap ) +" + +src_compile() { + emake CC="${CC}" USE_CAP=$(option caps && echo yes || echo no) +} + +src_install() { + default + + edo rm -r "${IMAGE}"/usr/share/doc/${PN} +} diff --git a/packages/sys-apps/paxctl/paxctl-0.7.exheres-0 b/packages/sys-apps/paxctl/paxctl-0.7.exheres-0 new file mode 100644 index 0000000..1f222ac --- /dev/null +++ b/packages/sys-apps/paxctl/paxctl-0.7.exheres-0 @@ -0,0 +1,16 @@ +# Copyright 2012 Jason A. Donenfeld <Jason@zx2c4.com> +# Distributed under the terms of the GNU General Public License v2 + +SUMMARY="Manages various PaX related program header flags for Elf32, Elf64, and a.out binaries." +HOMEPAGE="http://pax.grsecurity.net" +DOWNLOADS="http://pax.grsecurity.net/${PNV}.tar.bz2" + +LICENCES="GPL-2" +SLOT="0" +PLATFORMS="~amd64 ~x86" +MYOPTIONS="" + +DEPENDENCIES=" + build: + sys-devel/binutils +" |