sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild

# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild,v 1.5 2004/04/12 16:36:22 aliz Exp $

IUSE="build selinux"

# OKV=original kernel version, KV=patched kernel version.  They can be the same.

ETYPE="sources"

inherit kernel eutils

OKV=2.4.22
EXTRAVERSION=-hardened
KV=${OKV}${EXTRAVERSION}
S=${WORKDIR}/linux-${KV}
DESCRIPTION="Special Security Hardened Gentoo Linux Kernel"
SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2
        mirror://gentoo/patches-${KV}.tar.bz2"


HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/proj/en/hardened/"
KEYWORDS="~x86 ~ppc"
SLOT="${KV}"

src_unpack() {
        unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2
        mv linux-${OKV} linux-${KV} || die

        cd ${KV}
        # We can't use LSM/SELinux and GRSec in the same kernel.  If USE=selinux, we will
        # patch in LSM/SELinux and drop support for GRsec.  Otherwise we will include GRSec.
        if [ "`use selinux`" ]; then
                einfo "Enabling SELinux support.  This will drop GRSec2 support."
                for file in *grsec*; do
                        einfo "Dropping ${file}.."
                        rm -f ${file}
                done
        else
                einfo "Did not find \"selinux\" in use, building with GRSec2 support."
                for file in *lsm* *selinux*; do
                        einfo "Dropping ${file}..."
                        rm -f ${file}
                done
        fi

        kernel_src_unpack

        cd ${S}
        epatch ${FILESDIR}/do_brk_fix.patch || die "failed to patch for do_brk vuln"
        epatch ${FILESDIR}/mremap-CAN-2003-0985.patch || die "failed to patch for mremap vuln"
        epatch ${FILESDIR}/rtc_fix.patch || die "failed to patch for rtc vuln"
}

pkg_postinst() {
        einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace"
        einfo "Also included are various other performance and security related patches"
        einfo "If you experience problems with this kernel please report them by"
        einfo "assigning bugs on bugs.gentoo.org to frogger@gentoo.org"
        if [ "`use selinux`" ]; then
                einfo ""
                einfo "Warning!  This kernel contains the new SELinux API and currently"
                einfo "does not support ReiserFS.  If you need ReiserFS support, and are"
                einfo "using SELinux, then do not use this kernel."
                einfo ""
                einfo "The new SELinux API contains many changes from the previous API,"
                einfo "including new userspace utilities.  Please see "
                einfo "http://www.gentoo.org/proj/en/hardened/selinux for more info."
        fi
}

1	# Copyright 1999-2004 Gentoo Technologies, Inc.
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /home/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-2.4.22-r2.ebuild,v 1.5 2004/04/12 16:36:22 aliz Exp $
4
5	IUSE="build selinux"
6
7	# OKV=original kernel version, KV=patched kernel version. They can be the same.
8
9	ETYPE="sources"
10
11	inherit kernel eutils
12
13	OKV=2.4.22
14	EXTRAVERSION=-hardened
15	KV=${OKV}${EXTRAVERSION}
16	S=${WORKDIR}/linux-${KV}
17	DESCRIPTION="Special Security Hardened Gentoo Linux Kernel"
18	SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2
19	mirror://gentoo/patches-${KV}.tar.bz2"
20
21
22	HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/proj/en/hardened/"
23	KEYWORDS="~x86 ~ppc"
24	SLOT="${KV}"
25
26	src_unpack() {
27	unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2
28	mv linux-${OKV} linux-${KV} \|\| die
29
30	cd ${KV}
31	# We can't use LSM/SELinux and GRSec in the same kernel. If USE=selinux, we will
32	# patch in LSM/SELinux and drop support for GRsec. Otherwise we will include GRSec.
33	if [ "`use selinux`" ]; then
34	einfo "Enabling SELinux support. This will drop GRSec2 support."
35	for file in grsec; do
36	einfo "Dropping ${file}.."
37	rm -f ${file}
38	done
39	else
40	einfo "Did not find \"selinux\" in use, building with GRSec2 support."
41	for file in lsm selinux; do
42	einfo "Dropping ${file}..."
43	rm -f ${file}
44	done
45	fi
46
47	kernel_src_unpack
48
49	cd ${S}
50	epatch ${FILESDIR}/do_brk_fix.patch \|\| die "failed to patch for do_brk vuln"
51	epatch ${FILESDIR}/mremap-CAN-2003-0985.patch \|\| die "failed to patch for mremap vuln"
52	epatch ${FILESDIR}/rtc_fix.patch \|\| die "failed to patch for rtc vuln"
53	}
54
55	pkg_postinst() {
56	einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace"
57	einfo "Also included are various other performance and security related patches"
58	einfo "If you experience problems with this kernel please report them by"
59	einfo "assigning bugs on bugs.gentoo.org to frogger@gentoo.org"
60	if [ "`use selinux`" ]; then
61	einfo ""
62	einfo "Warning! This kernel contains the new SELinux API and currently"
63	einfo "does not support ReiserFS. If you need ReiserFS support, and are"
64	einfo "using SELinux, then do not use this kernel."
65	einfo ""
66	einfo "The new SELinux API contains many changes from the previous API,"
67	einfo "including new userspace utilities. Please see "
68	einfo "http://www.gentoo.org/proj/en/hardened/selinux for more info."
69	fi
70	}
71