New hardened-sources with additional patches

3 files changed, 73 insertions, 1 deletions

diff --git a/sys-kernel/hardened-sources/Manifest b/sys-kernel/hardened-sources/Manifest
index 3831bf456ea1..14cda11fbeeb 100644
--- a/sys-kernel/hardened-sources/Manifest
+++ b/sys-kernel/hardened-sources/Manifest
@@ -1,6 +1,6 @@
 MD5 f9d67e9ab9bee46794e59cb76b070248 hardened-sources-2.4.20.ebuild 1141
 MD5 c2a32ffa86f6966ba06140c940af1b96 hardened-sources-2.4.20-r1.ebuild 2017
-MD5 665d4cf4a27605a7b99eb1e44d689e72 ChangeLog 2031
+MD5 faf274c54759d56258bc099e1763d448 ChangeLog 2031
 MD5 0f50017379be51bfb2906b195648d3e1 hardened-sources-2.4.20-r2.ebuild 2099
 MD5 af924609b3daad940a82ce31f516779a files/digest-hardened-sources-2.4.20-r1 146
 MD5 e8b051baa93e07c4185474fb0e94e3af files/digest-hardened-sources-2.4.20-r2 147
diff --git a/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.20-r2 b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.20-r2
new file mode 100644
index 000000000000..9888c4b09bc7
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/digest-hardened-sources-2.4.20-r2
@@ -0,0 +1,2 @@
+MD5 c439d5c93d7fc9a1480a90842465bb97 linux-2.4.20.tar.bz2 27421046
+MD5 e38b0c9ec1f71a90beec7571257874d7 patches-2.4.20-hardened-r2.tar.bz2 1629013
diff --git a/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild
new file mode 100644
index 000000000000..b8a503d8e002
--- /dev/null
+++ b/sys-kernel/hardened-sources/hardened-sources-2.4.20-r2.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+IUSE="build selinux"
+
+# OKV=original kernel version, KV=patched kernel version.  They can be the same.
+
+ETYPE="sources"
+
+inherit kernel || die
+
+OKV=2.4.20
+EXTRAVERSION=-hardened-r2
+KV=${OKV}${EXTRAVERSION}
+S=${WORKDIR}/linux-${KV}
+DESCRIPTION="Special Security Hardened Gentoo Kernel (don't use this yet, it isn't ready)"
+SRC_URI="http://www.kernel.org/pub/linux/kernel/v2.4/linux-${OKV}.tar.bz2
+ 	 mirror://gentoo/patches-${KV}.tar.bz2"
+
+
+HOMEPAGE="http://www.kernel.org/ http://www.gentoo.org/hardened/"
+KEYWORDS="~x86"
+SLOT="${KV}"
+
+src_unpack() {
+	unpack linux-${OKV}.tar.bz2 patches-${KV}.tar.bz2
+	mv linux-${OKV} linux-${KV} || die
+	
+	cd ${KV}
+	# We can't use LSM/SELinux and GRSec in the same kernel.  If USE=selinux, we will
+	# patch in LSM/SELinux and drop support for GRsec.  Otherwise we will include GRSec.
+	if [ "`use selinux`" ]; then
+		einfo "Enabling SELinux support.  This will drop GRSec support."
+		for file in *grsec*; do
+			einfo "Dropping ${file}.."
+			rm -f ${file}
+		done
+	else
+		einfo "Did not find \"selinux\" in use, building with GRSec support."
+		for file in *lsm* *selinux*; do
+			einfo "Dropping ${file}..."
+			rm -f ${file}
+		done
+	fi
+	
+	kernel_src_unpack
+}
+
+src_install() {
+	if [ "`use selinux`" ]; then
+		insinto /usr/flask
+		doins ${S}/security/selinux/flask/access_vectors
+		doins ${S}/security/selinux/flask/security_classes
+		doins ${S}/security/selinux/flask/initial_sids
+		insinto /usr/include/linux/flask
+		doins ${S}/security/selinux/include/linux/flask/*.h
+		insinto /usr/include/asm/flask
+		doins ${S}/security/selinux/include/asm/flask/uninstd.h
+	fi
+
+	kernel_src_install
+}
+
+pkg_postinst() {
+	einfo "This kernel contains LSM/SElinux or GRSecurity, and Systrace"
+	einfo "Also included are various other performance and security related patches"
+	einfo "This is not yet a production ready kernel.  If you experience problems with"
+	einfo "this kernel please report them by assigning bugs on bugs.gentoo.org to"
+	einfo "frogger@gentoo.org"
+}