diff options
author | Qian Lei <qianl.fnst@cn.fujitsu.com> | 2014-12-18 14:01:33 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2015-01-05 13:23:41 +0100 |
commit | 538ca692e824fe36bf60de1a476ce748072b5f89 (patch) | |
tree | b6e32bc3825c25e1c77797e78387f8285c8e84d8 /meta-oe/recipes-support/gradm | |
parent | 1bed3fb3eb437f1aa082e27edc51bc7d38462087 (diff) | |
download | meta-openembedded-538ca692e824fe36bf60de1a476ce748072b5f89.tar.gz |
gradm: Add new recipe
gradm is the userspace RBAC parsing and authentication program for
grsecurity. grsecurity aims to be a complete security system. gradm
performs several tasks for the RBAC system including authenticated
via a password to the kernel and parsing rules to be passed to the
kernel.
Signed-off-by: Qian Lei <qianl.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/gradm')
-rw-r--r-- | meta-oe/recipes-support/gradm/gradm/0001-Makefile-remove-strip.patch | 61 | ||||
-rw-r--r-- | meta-oe/recipes-support/gradm/gradm_3.0.bb | 50 |
2 files changed, 111 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/gradm/gradm/0001-Makefile-remove-strip.patch b/meta-oe/recipes-support/gradm/gradm/0001-Makefile-remove-strip.patch new file mode 100644 index 000000000..f0c697c7b --- /dev/null +++ b/meta-oe/recipes-support/gradm/gradm/0001-Makefile-remove-strip.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From fbf7b9e5a8e2978acd5b0a7a8311912a080ee9b9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Qian Lei <qianl.fnst@cn.fujitsu.com> | ||
3 | Date: Thu, 18 Dec 2014 11:09:01 +0800 | ||
4 | Subject: [PATCH] Makefile: remove strip | ||
5 | |||
6 | Avoid QA error by removing strip from Makefile | ||
7 | |||
8 | [...] | ||
9 | ERROR: QA Issue: File '/sbin/gradm' from gradm was already stripped, | ||
10 | this will prevent future debugging! [already-stripped] | ||
11 | ERROR: QA Issue: File '/sbin/grlearn' from gradm was already stripped, | ||
12 | this will prevent future debugging! [already-stripped] | ||
13 | [...] | ||
14 | |||
15 | Upstream-Status: Pending | ||
16 | |||
17 | Signed-off-by: Qian Lei <qianl.fnst@cn.fujitsu.com> | ||
18 | |||
19 | --- | ||
20 | Makefile | 7 ++----- | ||
21 | 1 file changed, 2 insertions(+), 5 deletions(-) | ||
22 | |||
23 | diff --git a/Makefile b/Makefile | ||
24 | index 6c33fee..3570a4e 100644 | ||
25 | --- a/Makefile | ||
26 | +++ b/Makefile | ||
27 | @@ -24,7 +24,6 @@ MKNOD=/bin/mknod | ||
28 | #CC=/usr/bin/diet /usr/bin/gcc | ||
29 | CC=/usr/bin/gcc | ||
30 | FIND=/usr/bin/find | ||
31 | -STRIP=/usr/bin/strip | ||
32 | LIBS := $(shell if [ "`uname -m`" != "sparc64" -a "`uname -m`" != "x86_64" ]; then echo "-lfl" ; else echo "" ; fi) | ||
33 | OPT_FLAGS := -O2 | ||
34 | # for older versions of grsecurity, comment the above line and uncomment the below: | ||
35 | @@ -140,15 +139,12 @@ install: $(GRADM_BIN) gradm.8 policy grlearn | ||
36 | @mkdir -p $(DESTDIR)/sbin | ||
37 | @echo "Installing gradm..." | ||
38 | @$(INSTALL) -m 0755 $(GRADM_BIN) $(DESTDIR)/sbin | ||
39 | - @$(STRIP) $(DESTDIR)/sbin/$(GRADM_BIN) | ||
40 | @if [ -f $(GRADM_PAM) ] ; then \ | ||
41 | echo "Installing gradm_pam..." ; \ | ||
42 | $(INSTALL) -m 4755 $(GRADM_PAM) $(DESTDIR)/sbin ; \ | ||
43 | - $(STRIP) $(DESTDIR)/sbin/$(GRADM_PAM) ; \ | ||
44 | fi | ||
45 | @echo "Installing grlearn..." | ||
46 | @$(INSTALL) -m 0700 grlearn $(DESTDIR)/sbin | ||
47 | - @$(STRIP) $(DESTDIR)/sbin/grlearn | ||
48 | @mkdir -p -m 700 $(DESTDIR)$(GRSEC_DIR) | ||
49 | @if [ ! -f $(DESTDIR)$(GRSEC_DIR)/policy ] ; then \ | ||
50 | if [ -f $(DESTDIR)$(GRSEC_DIR)/acl ] ; then \ | ||
51 | @@ -168,6 +164,7 @@ install: $(GRADM_BIN) gradm.8 policy grlearn | ||
52 | $(MKNOD) -m 0622 $(DESTDIR)/dev/grsec c 1 13 ; \ | ||
53 | fi \ | ||
54 | fi | ||
55 | + @mkdir -p $(DESTDIR)/etc/udev/rules.d | ||
56 | @if [ -d $(DESTDIR)/etc/udev/rules.d ] ; then \ | ||
57 | echo "ACTION!=\"add|change\", GOTO=\"permissions_end\"" > $(DESTDIR)/etc/udev/rules.d/80-grsec.rules ; \ | ||
58 | echo "KERNEL==\"grsec\", MODE=\"0622\"" >> $(DESTDIR)/etc/udev/rules.d/80-grsec.rules ; \ | ||
59 | -- | ||
60 | 1.8.3.1 | ||
61 | |||
diff --git a/meta-oe/recipes-support/gradm/gradm_3.0.bb b/meta-oe/recipes-support/gradm/gradm_3.0.bb new file mode 100644 index 000000000..2f1d39d99 --- /dev/null +++ b/meta-oe/recipes-support/gradm/gradm_3.0.bb | |||
@@ -0,0 +1,50 @@ | |||
1 | SUMMARY = "Administration program for the grsecurity RBAC syste" | ||
2 | DESCRIPTION = "\ | ||
3 | gradm is the userspace RBAC parsing and authentication program for \ | ||
4 | grsecurity grsecurity aims to be a complete security system. gradm \ | ||
5 | performs several tasks for the RBAC system including authenticated \ | ||
6 | via a password to the kernel and parsing rules to be passed to the \ | ||
7 | kernel" | ||
8 | HOMEPAGE = "http://grsecurity.net/index.php" | ||
9 | SECTION = "admin" | ||
10 | LICENSE = "GPL-2.0" | ||
11 | LIC_FILES_CHKSUM = "file://LICENSE;md5=4641e94ec96f98fabc56ff9cc48be14b" | ||
12 | DEPENDS = "flex-native bison-native ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | ||
13 | |||
14 | SRC_URI = "http://grsecurity.net/stable/${BP}-201408301734.tar.gz \ | ||
15 | file://0001-Makefile-remove-strip.patch" | ||
16 | SRC_URI[md5sum] = "79ec912e6544c5e58753f658623763f9" | ||
17 | SRC_URI[sha256sum] = "b190e5afecdf3ac5020a4e5e4b698645f1c01b20d036129dd8b609c4bd0c319c" | ||
18 | |||
19 | S = "${WORKDIR}/gradm" | ||
20 | |||
21 | inherit autotools-brokensep | ||
22 | |||
23 | do_compile() { | ||
24 | oe_runmake 'CC=${CC}' \ | ||
25 | 'OPT_FLAGS=${CFLAGS}' \ | ||
26 | 'LLEX=${STAGING_BINDIR_NATIVE}/lex' \ | ||
27 | 'FLEX=${STAGING_BINDIR_NATIVE}/flex' \ | ||
28 | 'BISON=${STAGING_BINDIR_NATIVE}/bison' \ | ||
29 | ${@base_contains('DISTRO_FEATURES', 'pam', ' ', 'nopam', d)} | ||
30 | } | ||
31 | |||
32 | do_install() { | ||
33 | oe_runmake 'CC=${CC}' \ | ||
34 | 'DESTDIR=${D}' \ | ||
35 | 'LLEX=${STAGING_BINDIR_NATIVE}/lex' \ | ||
36 | 'FLEX=${STAGING_BINDIR_NATIVE}/flex' \ | ||
37 | 'BISON=${STAGING_BINDIR_NATIVE}/bison' \ | ||
38 | install | ||
39 | |||
40 | # The device nodes are generated by postinstall or udev | ||
41 | rm -rf ${D}/dev | ||
42 | } | ||
43 | |||
44 | pkg_postinst_${PN}() { | ||
45 | # make sure running on the target | ||
46 | if [ x"$D" != "x" ]; then | ||
47 | exit 1 | ||
48 | fi | ||
49 | /bin/mknod -m 0622 /dev/grsec c 1 13 | ||
50 | } | ||