summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-grsec/linux-libre-grsec.install
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@lavabit.com>2012-11-21 00:09:00 -0200
committerAndré Fabian Silva Delgado <emulatorman@lavabit.com>2012-11-21 00:09:00 -0200
commitfe5202f246d8188869dc5a6262f9f9e9b9e7e763 (patch)
tree98b4bda2ca5c222cf32b32b6375d1a6bad1c0b8b /kernels/linux-libre-grsec/linux-libre-grsec.install
parentabdbc40260696149ba955f1cef74c0f6cce3e0ec (diff)
downloadabslibre-fe5202f246d8188869dc5a6262f9f9e9b9e7e763.tar.gz
abslibre-fe5202f246d8188869dc5a6262f9f9e9b9e7e763.tar.bz2
abslibre-fe5202f246d8188869dc5a6262f9f9e9b9e7e763.zip
linux-libre-grsec: adding new package to [kernels] repo
Diffstat (limited to 'kernels/linux-libre-grsec/linux-libre-grsec.install')
-rwxr-xr-xkernels/linux-libre-grsec/linux-libre-grsec.install109
1 files changed, 109 insertions, 0 deletions
diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install
new file mode 100755
index 000000000..73ba6c417
--- /dev/null
+++ b/kernels/linux-libre-grsec/linux-libre-grsec.install
@@ -0,0 +1,109 @@
+# arg 1: the new package version
+# arg 2: the old package version
+
+KERNEL_NAME=-grsec
+KERNEL_VERSION=3.6.7-1-LIBRE-GRSEC
+
+_fix_permissions() {
+ /usr/bin/linux-pax-flags
+
+ echo
+ echo You can repeat this process after updating or installing affected
+ echo binaries by running "linux-pax-flags".
+}
+
+_add_trusted_group() {
+ if ! getent group grsec-trusted >/dev/null; then
+ useradd -g 9999 -r grsec-trusted
+ fi
+}
+
+_help() {
+ echo
+ echo For group grsec-trusted, Trusted Path Execution is disabled and
+ echo information about all processes from /proc is visible. Think carefully
+ echo before adding a normal user to this group.
+ echo
+ echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\".
+ echo
+ echo There is an extensive wikibook on grsecurity:
+ echo http://en.wikibooks.org/wiki/Grsecurity
+}
+
+# set a sane PATH to ensure that critical utils like depmod will be found
+export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+
+post_install () {
+ # updating module dependencies
+ echo ">>> Updating module dependencies. Please wait ..."
+ depmod ${KERNEL_VERSION}
+ if command -v mkinitcpio 2>&1 > /dev/null; then
+ echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
+ mkinitcpio -p linux-libre${KERNEL_NAME}
+ fi
+
+ # compat symlinks for the official kernels only
+ if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-grsec" ]; then
+ loaders="$(find /boot -name syslinux.cfg -or -name extlinux.conf -or -name grub.cfg -or -name menu.lst)"
+ [ -f /etc/lilo.conf ] && loaders="$loaders /etc/lilo.conf"
+ if [ -n "${loaders}" ] && grep -q -e vmlinuz26 -e kernel26.img -e kernel26-fallback.img $loaders; then
+ # add compat symlinks for the initramfs images
+ ln -sf initramfs-linux-libre${KERNEL_NAME}.img boot/kernel26${KERNEL_NAME}.img
+ ln -sf initramfs-linux-libre${KERNEL_NAME}-fallback.img \
+ boot/kernel26${KERNEL_NAME}-fallback.img
+ ln -sf vmlinuz-linux-libre${KERNEL_NAME} /boot/vmlinuz26${KERNEL_NAME}
+ fi
+ fi
+
+ _add_trusted_group
+ _fix_permissions
+
+ _help
+}
+
+post_upgrade() {
+ pacman -Q grub &>/dev/null
+ hasgrub=$?
+ pacman -Q grub-common &>/dev/null
+ hasgrub2=$?
+ pacman -Q lilo &>/dev/null
+ haslilo=$?
+ # reminder notices
+ if [ $haslilo -eq 0 ]; then
+ echo ">>>"
+ if [ $hasgrub -eq 0 -o $hasgrub2 -eq 0 ]; then
+ echo ">>> If you use the LILO bootloader, you should run 'lilo' before rebooting."
+ else
+ echo ">>> You appear to be using the LILO bootloader. You should run"
+ echo ">>> 'lilo' before rebooting."
+ fi
+ echo ">>>"
+ fi
+
+ if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then
+ echo "WARNING: /boot appears to be a separate partition but is not mounted."
+ fi
+
+ # updating module dependencies
+ echo ">>> Updating module dependencies. Please wait ..."
+ depmod ${KERNEL_VERSION}
+ if command -v mkinitcpio 2>&1 > /dev/null; then
+ echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
+ mkinitcpio -p linux-libre${KERNEL_NAME}
+ fi
+
+ _add_trusted_group
+ _fix_permissions
+
+ _help
+}
+
+post_remove() {
+ # also remove the compat symlinks
+ rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img
+ rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img
+
+ if getent group grsec-trusted >/dev/null; then
+ groupdel grsec-trusted
+ fi
+}