summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install')
-rw-r--r--kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install125
1 files changed, 0 insertions, 125 deletions
diff --git a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
deleted file mode 100644
index 05662cb18..000000000
--- a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install
+++ /dev/null
@@ -1,125 +0,0 @@
-# arg 1: the new package version
-# arg 2: the old package version
-
-KERNEL_NAME=-lts-grsec
-KERNEL_VERSION=3.2.35-2-LIBRE-LTS-GRSEC
-
-_fix_permissions() {
- /usr/bin/paxutils
-
- echo
- echo You can repeat this process after updating or installing affected
- echo binaries by running "paxutils".
-}
-
-_add_proc_group() {
- if ! getent group proc-trusted >/dev/null; then
- groupadd -g 9998 -r proc-trusted
- useradd -g 9998 -r proc-trusted
- fi
-}
-
-_add_tpe_group() {
- if getent group grsec-trusted >/dev/null; then
- groupmod -n tpe-trusted grsec-trusted
- fi
-
- if ! getent group tpe-trusted >/dev/null; then
- groupadd -g 9999 -r tpe-trusted
- useradd -g 9999 -r tpe-trusted
- fi
-}
-
-_help() {
- echo
- echo For group tpe-trusted, Trusted Path Execution is disabled. For group
- echo proc-trusted, the access to /proc is not restricted. Think carefully
- echo before adding a normal user to this group.
- echo
- echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\".
- echo
- echo There is an extensive wikibook on grsecurity:
- echo http://en.wikibooks.org/wiki/Grsecurity
-}
-
-# set a sane PATH to ensure that critical utils like depmod will be found
-export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
-
-post_install () {
- # updating module dependencies
- echo ">>> Updating module dependencies. Please wait ..."
- depmod ${KERNEL_VERSION}
- if command -v mkinitcpio 2>&1 > /dev/null; then
- echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
- mkinitcpio -p linux-libre${KERNEL_NAME}
- fi
-
- # compat symlinks for the official kernels only
- if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-lts-grsec" ]; then
- loaders="$(find /boot -name syslinux.cfg -or -name extlinux.conf -or -name grub.cfg -or -name menu.lst)"
- [ -f /etc/lilo.conf ] && loaders="$loaders /etc/lilo.conf"
- if [ -n "${loaders}" ] && grep -q -e vmlinuz26 -e kernel26.img -e kernel26-fallback.img $loaders; then
- # add compat symlinks for the initramfs images
- ln -sf initramfs-linux-libre${KERNEL_NAME}.img boot/kernel26${KERNEL_NAME}.img
- ln -sf initramfs-linux-libre${KERNEL_NAME}-fallback.img \
- boot/kernel26${KERNEL_NAME}-fallback.img
- ln -sf vmlinuz-linux-libre${KERNEL_NAME} /boot/vmlinuz26${KERNEL_NAME}
- fi
- fi
-
- _add_proc_group
- _add_tpe_group
- _fix_permissions
-
- _help
-}
-
-post_upgrade() {
- pacman -Q grub &>/dev/null
- hasgrub=$?
- pacman -Q grub-common &>/dev/null
- hasgrub2=$?
- pacman -Q lilo &>/dev/null
- haslilo=$?
- # reminder notices
- if [ $haslilo -eq 0 ]; then
- echo ">>>"
- if [ $hasgrub -eq 0 -o $hasgrub2 -eq 0 ]; then
- echo ">>> If you use the LILO bootloader, you should run 'lilo' before rebooting."
- else
- echo ">>> You appear to be using the LILO bootloader. You should run"
- echo ">>> 'lilo' before rebooting."
- fi
- echo ">>>"
- fi
-
- if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then
- echo "WARNING: /boot appears to be a separate partition but is not mounted."
- fi
-
- # updating module dependencies
- echo ">>> Updating module dependencies. Please wait ..."
- depmod ${KERNEL_VERSION}
- if command -v mkinitcpio 2>&1 > /dev/null; then
- echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..."
- mkinitcpio -p linux-libre${KERNEL_NAME}
- fi
-
- _add_proc_group
- _add_tpe_group
- _fix_permissions
-
- _help
-}
-
-post_remove() {
- # also remove the compat symlinks
- rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img
- rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img
-
- for group in grsec-trusted proc-trusted tpe-trusted; do
- if getent group $group >/dev/null; then
- groupdel $group
- fi
- done
-}