diff options
| author |   Ned Ludd <solar@gentoo.org> | 2004-07-22 22:07:08 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2004-07-22 22:07:08 +0000 |
| commit | 52dba768107655f5ac99eb9f5e1ca81e76d67569 (patch) | |
| tree | 326d31a2be154d163f03d2a30170b36c0c99433e /sys-apps/chpax | |
| parent | Moved from app-gnustep/gridlock to gnustep-apps/gridlock. (diff) | |
| download | gentoo-2-52dba768107655f5ac99eb9f5e1ca81e76d67569.tar.gz gentoo-2-52dba768107655f5ac99eb9f5e1ca81e76d67569.tar.bz2 gentoo-2-52dba768107655f5ac99eb9f5e1ca81e76d67569.zip | |
version bump, now with bubble gum flavor and support for more arches
Diffstat (limited to 'sys-apps/chpax')
| -rw-r--r-- | sys-apps/chpax/ChangeLog | 8 | ||||
| -rw-r--r-- | sys-apps/chpax/Manifest | 8 | ||||
| -rw-r--r-- | sys-apps/chpax/chpax-0.7.ebuild | 43 | ||||
| -rw-r--r-- | sys-apps/chpax/files/digest-chpax-0.7 | 1 | ||||
| -rw-r--r-- | sys-apps/chpax/files/pax-conf.d | 54 | ||||
| -rw-r--r-- | sys-apps/chpax/files/pax-init.d | 7 |
6 files changed, 89 insertions, 32 deletions
diff --git a/sys-apps/chpax/ChangeLog b/sys-apps/chpax/ChangeLog index f2c57b3562e5..59967922042c 100644 --- a/sys-apps/chpax/ChangeLog +++ b/sys-apps/chpax/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-apps/chpax # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/chpax/ChangeLog,v 1.24 2004/06/30 14:37:12 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/chpax/ChangeLog,v 1.25 2004/07/22 22:07:08 solar Exp $ + +*chpax-0.7 (22 Jul 2004) + + 22 Jul 2004; <solar@gentoo.org> chpax-0.7.ebuild, files/pax-conf.d, + files/pax-init.d: + version bump, now with bubble gum flavor and support for more arches 30 Jun 2004; Aron Griffis <agriffis@gentoo.org> chpax-0.6.1.ebuild: sync IUSE (-static), add sed-4 dep diff --git a/sys-apps/chpax/Manifest b/sys-apps/chpax/Manifest index 24b660ae89ab..1f98999742f0 100644 --- a/sys-apps/chpax/Manifest +++ b/sys-apps/chpax/Manifest @@ -1,8 +1,10 @@ MD5 500e97cad2617303e752918cc5915e33 chpax-0.6.1.ebuild 1090 MD5 e5d1d71f964cd590fbf1e02a2a76714a chpax-0.5.ebuild 942 -MD5 b7d911fef77aa40176ffa54bf7e12efa ChangeLog 3285 +MD5 54801d9267ff884a9c63c24c59a3d59d chpax-0.7.ebuild 1082 +MD5 8437490c28ec2885f2b628d6fc891927 ChangeLog 3427 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 MD5 d95ac8cbc92ddd4a9e401455d79571f7 files/digest-chpax-0.5 59 +MD5 add5e23e35065b6f32d1221f41b4b986 files/digest-chpax-0.7 59 MD5 1ae95ccec87f81057389495cbc6bb641 files/digest-chpax-0.6.1 62 -MD5 24b8ee0e3532d4c35c6931da32decfba files/pax-conf.d 2343 -MD5 73f010c86882124c94cd06789cdf8e0e files/pax-init.d 2347 +MD5 5ac7eb1f87916457273ecbd01128793d files/pax-conf.d 2738 +MD5 df4d315c373f67ff56d66d5bc3dbbe8e files/pax-init.d 2436 diff --git a/sys-apps/chpax/chpax-0.7.ebuild b/sys-apps/chpax/chpax-0.7.ebuild new file mode 100644 index 000000000000..410d789f8f28 --- /dev/null +++ b/sys-apps/chpax/chpax-0.7.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/chpax/chpax-0.7.ebuild,v 1.1 2004/07/22 22:07:08 solar Exp $ + +inherit flag-o-matic gcc + +DESCRIPTION="Manages various PaX related flags for ELF32, ELF64, and a.out binaries." +HOMEPAGE="http://pax.grsecurity.net/" +SRC_URI="mirror://chpax-${PV}.tar.gz + http://pax.grsecurity.net/${P}.tar.gz" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~x86 ~ppc ~ppc64 ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64" +IUSE="" + +DEPEND="virtual/libc + >=sys-apps/sed-4" + +src_unpack() { + unpack ${A} + cd ${S} + sed -i -e "s|-Wall|${CFLAGS}|" Makefile +} + +src_compile() { + # use static && append-ldflags -static ; # breaks with current ssp. + emake CC="$(gcc-getCC)" TARGET="chpax ${LDFLAGS:0}" || die "Parallel Make Failed" +} + +src_install() { + into / + dosbin chpax || die + fperms 711 /sbin/chpax + + dodoc Changelog README + doman chpax.1 + + insinto /etc/conf.d + newins ${FILESDIR}/pax-conf.d chpax + exeinto /etc/init.d + newexe ${FILESDIR}/pax-init.d chpax +} diff --git a/sys-apps/chpax/files/digest-chpax-0.7 b/sys-apps/chpax/files/digest-chpax-0.7 new file mode 100644 index 000000000000..f8fae8c7cba0 --- /dev/null +++ b/sys-apps/chpax/files/digest-chpax-0.7 @@ -0,0 +1 @@ +MD5 6a0aac11abf1a40c50704c7f93bc8953 chpax-0.7.tar.gz 5255 diff --git a/sys-apps/chpax/files/pax-conf.d b/sys-apps/chpax/files/pax-conf.d index 60469f9a4c44..a65a208b9e87 100644 --- a/sys-apps/chpax/files/pax-conf.d +++ b/sys-apps/chpax/files/pax-conf.d @@ -1,7 +1,7 @@ #################################################################### # Copyright 1999-2004 Gentoo Foundation # # Distributed under the terms of the GNU General Public License v2 # -#################################################################### +################################################################### # chpax prefix description # p PE do not enforce paging based non-executable pages # E ET emulate trampolines @@ -9,52 +9,56 @@ # m ME do not restrict mprotect() # s SE do not enforce segmentation based non-executable pages # x XE do not randomize ET_EXEC base [ELF only] +# psem PSE same as PE + SE + ME, or -psem # NOTE: PS_EXEC_EXEMPT is {PAGE,SEGM}_EXEC_EXEMPT. For executables # with BOTH, you should use this, as it enables -e and -m, to make # sure that pax doesn't cry about odd flag settings in softmode -# "blkdwn_java" would be blackdown-jdk or blackdown-jre - # chpax command. If using multiple tools, can separate by spaces. # This one hits BOTH chpax and paxctl CHPAX="/sbin/chpax /sbin/paxctl" -#CHPAX="/sbin/paxctl" -#CHPAX="/sbin/chpax" # yes to be annoyed -VERBOSE="no" +#VERBOSE="yes" -PSE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}} -# Shotgun java, because stuff breaks -#PSE_java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{,_vm,c},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv,*} -PSE_java=/opt/*-{jdk-*/{,jre/},jre-*/}bin/* -PSE_openoffice=/opt/OpenOffice.org*/program/soffice.bin -PSE_misc="/usr/X11R6/bin/XFree86 /usr/bin/blender /usr/bin/gxine \ - /usr/bin/xine /usr/bin/totem /usr/bin/acme /usr/bin/gnome-sound-recorder \ - /usr/games/bin/bzflag /usr/bin/xfce4-panel /usr/bin/{g,}xine" +######################################################################### +# Here's some basic apps we'll use, that we have to apply much stuff to # +######################################################################## -RE_java="${PSE_java}" -RE_misc="/usr/X11R6/bin/XFree86" +# I'm debating if I should do the eval here or in the actual script; I'm +# currently opting for doing it in the init.d script. +# +# To do it here, set things ="`eval echo /path/to/{some,binaries}`" -ME_java="${PSE_java}" -# or plug-ins don't work -ME_misc="/usr/lib/MozillaFirefox/firefox{,-bin} /usr/bin/xmms" +#java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{,_vm,c},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv,*} +java="/opt/*-{jdk-*/{,jre/},jre-*/}bin/*" +wine="/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}}" +x11="/usr/X11R6/bin/{XFree86,Xorg}" +xine="/usr/bin/{g,}xine" +openoffice="/opt/OpenOffice.org*/program/soffice.bin" +mozilla="/usr/lib/MozillaFirefox/firefox-bin /usr/lib/mozilla/mozilla-bin" +xmms="/usr/bin/xmms" +mplayer="/usr/bin/{g,}mplayer" -XE_java="${PSE_java} /usr/X11R6/bin/XFree86" +##################################################### +# Miscillaneous things that need each of these tags # +#################################################### +PSE_misc="/usr/bin/blender /usr/bin/totem /usr/bin/acme \ + /usr/bin/gnome-sound-recorder /usr/games/bin/bzflag /usr/bin/xfce4-panel" #################################### # Settings are really applied here # -#################################### +################################### -PS_EXEC_EXEMPT="${PSE_misc} ${PSE_wine} ${PSE_java} ${PSE_openoffice}" +PS_EXEC_EXEMPT="${PSE_misc} ${x11} ${xine} ${wine} ${java} ${openoffice} ${mplayer}" PAGEEXEC_EXEMPT="" TRAMPOLINE_EXEMPT="" -MPROTECT_EXEMPT="${ME_java} ${ME_misc}" -RANDMMAP_EXEMPT="${RE_java} ${RE_misc}" +MPROTECT_EXEMPT="${java} ${mozilla} ${xmms}" +RANDMMAP_EXEMPT="${java} ${x11}" SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}" -RANDEXEC_EXEMPT="${XE_java}" +RANDEXEC_EXEMPT="${java} ${x11}" # when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop #ZERO_FLAG_MASK="yes" diff --git a/sys-apps/chpax/files/pax-init.d b/sys-apps/chpax/files/pax-init.d index 665dd3fb15d1..ad40b5fdcae3 100644 --- a/sys-apps/chpax/files/pax-init.d +++ b/sys-apps/chpax/files/pax-init.d @@ -1,5 +1,5 @@ #!/sbin/runscript -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 depend() { @@ -31,11 +31,12 @@ chpax_flag() { for i in $CHPAX; do #einfo " with $i" # nonverbose is ultraquiet - if [ "$VERBOSE" = "yes" ]; then + if [ "$VERBOSE" = "yes" -a -x ${fname} ]; then + einfo "-${flag} flagging ${fname} with $i" $i -$flag ${fname} [ $? != 0 ] && eerror "error: $i -$flag ${fname}" else - $i -$flag ${fname} 2>/dev/null >/dev/null + [ -x ${fname} ] && $i -$flag ${fname} 2>/dev/null >/dev/null fi done #fi |