sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild

# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild,v 1.8 2004/01/05 18:28:54 scox Exp $

IUSE="build selinux"

# OKV=original kernel version, KV=patched kernel version.  They can be the same.

ETYPE="sources"

inherit kernel

OKV=2.4.20
EXTRAVERSION=-hardened-r3
KV=${OKV}${EXTRAVERSION}
S=${WORKDIR}/linux-${KV}
DESCRIPTION="Special Security Hardened Gentoo Linux Kernel"
SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2
        mirror://gentoo/patches-${KV}.tar.bz2"


HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/hardened/"
KEYWORDS="~x86"
SLOT="${KV}"

src_unpack() {
        unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2
        mv linux-${OKV} linux-${KV} || die

        cd ${KV}
        # We can't use LSM/SELinux and GRSec in the same kernel.  If USE=selinux, we will
        # patch in LSM/SELinux and drop support for GRsec.  Otherwise we will include GRSec.
        if [ "`use selinux`" ]; then
                einfo "Enabling SELinux support.  This will drop GRSec2 support."
                for file in *grsec*; do
                        einfo "Dropping ${file}.."
                        rm -f ${file}
                done
        else
                einfo "Did not find \"selinux\" in use, building with GRSec2 support."
                for file in *lsm* *selinux*; do
                        einfo "Dropping ${file}..."
                        rm -f ${file}
                done
        fi

        epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln"

        kernel_src_unpack
}

src_install() {
        if [ "`use selinux`" ]; then
                insinto /usr/flask
                doins ${S}/security/selinux/flask/access_vectors
                doins ${S}/security/selinux/flask/security_classes
                doins ${S}/security/selinux/flask/initial_sids
                insinto /usr/include/linux/flask
                doins ${S}/security/selinux/include/linux/flask/*.h
                insinto /usr/include/asm/flask
                doins ${S}/security/selinux/include/asm/flask/uninstd.h
        fi

        kernel_src_install
}

pkg_postinst() {
        einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace"
        einfo "Also included are various other performance and security related patches"
        einfo "If you experience problems with this kernel please report them by"
        einfo "assigning bugs on bugs.gentoo.org to frogger@gentoo.org"
}
1	# Copyright 1999-2004 Gentoo Technologies, Inc.
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /home/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.20-r3.ebuild,v 1.8 2004/01/05 18:28:54 scox Exp $
4
5	IUSE="build selinux"
6
7	# OKV=original kernel version, KV=patched kernel version. They can be the same.
8
9	ETYPE="sources"
10
11	inherit kernel
12
13	OKV=2.4.20
14	EXTRAVERSION=-hardened-r3
15	KV=${OKV}${EXTRAVERSION}
16	S=${WORKDIR}/linux-${KV}
17	DESCRIPTION="Special Security Hardened Gentoo Linux Kernel"
18	SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2
19	mirror://gentoo/patches-${KV}.tar.bz2"
20
21
22	HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/hardened/"
23	KEYWORDS="~x86"
24	SLOT="${KV}"
25
26	src_unpack() {
27	unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2
28	mv linux-${OKV} linux-${KV} \|\| die
29
30	cd ${KV}
31	# We can't use LSM/SELinux and GRSec in the same kernel. If USE=selinux, we will
32	# patch in LSM/SELinux and drop support for GRsec. Otherwise we will include GRSec.
33	if [ "`use selinux`" ]; then
34	einfo "Enabling SELinux support. This will drop GRSec2 support."
35	for file in grsec; do
36	einfo "Dropping ${file}.."
37	rm -f ${file}
38	done
39	else
40	einfo "Did not find \"selinux\" in use, building with GRSec2 support."
41	for file in lsm selinux; do
42	einfo "Dropping ${file}..."
43	rm -f ${file}
44	done
45	fi
46
47	epatch ${FILESDIR}/do_brk_fix.patch \|\| die "failed to patch for do_brk vuln"
48
49	kernel_src_unpack
50	}
51
52	src_install() {
53	if [ "`use selinux`" ]; then
54	insinto /usr/flask
55	doins ${S}/security/selinux/flask/access_vectors
56	doins ${S}/security/selinux/flask/security_classes
57	doins ${S}/security/selinux/flask/initial_sids
58	insinto /usr/include/linux/flask
59	doins ${S}/security/selinux/include/linux/flask/*.h
60	insinto /usr/include/asm/flask
61	doins ${S}/security/selinux/include/asm/flask/uninstd.h
62	fi
63
64	kernel_src_install
65	}
66
67	pkg_postinst() {
68	einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace"
69	einfo "Also included are various other performance and security related patches"
70	einfo "If you experience problems with this kernel please report them by"
71	einfo "assigning bugs on bugs.gentoo.org to frogger@gentoo.org"
72	}