diff options
Diffstat (limited to 'kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install')
-rw-r--r-- | kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install b/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install deleted file mode 100644 index 05662cb18..000000000 --- a/kernels/linux-libre-lts-grsec/linux-libre-lts-grsec.install +++ /dev/null @@ -1,125 +0,0 @@ -# arg 1: the new package version -# arg 2: the old package version - -KERNEL_NAME=-lts-grsec -KERNEL_VERSION=3.2.35-2-LIBRE-LTS-GRSEC - -_fix_permissions() { - /usr/bin/paxutils - - echo - echo You can repeat this process after updating or installing affected - echo binaries by running "paxutils". -} - -_add_proc_group() { - if ! getent group proc-trusted >/dev/null; then - groupadd -g 9998 -r proc-trusted - useradd -g 9998 -r proc-trusted - fi -} - -_add_tpe_group() { - if getent group grsec-trusted >/dev/null; then - groupmod -n tpe-trusted grsec-trusted - fi - - if ! getent group tpe-trusted >/dev/null; then - groupadd -g 9999 -r tpe-trusted - useradd -g 9999 -r tpe-trusted - fi -} - -_help() { - echo - echo For group tpe-trusted, Trusted Path Execution is disabled. For group - echo proc-trusted, the access to /proc is not restricted. Think carefully - echo before adding a normal user to this group. - echo - echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\". - echo - echo There is an extensive wikibook on grsecurity: - echo http://en.wikibooks.org/wiki/Grsecurity -} - -# set a sane PATH to ensure that critical utils like depmod will be found -export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' - -post_install () { - # updating module dependencies - echo ">>> Updating module dependencies. Please wait ..." - depmod ${KERNEL_VERSION} - if command -v mkinitcpio 2>&1 > /dev/null; then - echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." - mkinitcpio -p linux-libre${KERNEL_NAME} - fi - - # compat symlinks for the official kernels only - if [ -z "${KERNEL_NAME}" -o "${KERNEL_NAME}" = "-lts-grsec" ]; then - loaders="$(find /boot -name syslinux.cfg -or -name extlinux.conf -or -name grub.cfg -or -name menu.lst)" - [ -f /etc/lilo.conf ] && loaders="$loaders /etc/lilo.conf" - if [ -n "${loaders}" ] && grep -q -e vmlinuz26 -e kernel26.img -e kernel26-fallback.img $loaders; then - # add compat symlinks for the initramfs images - ln -sf initramfs-linux-libre${KERNEL_NAME}.img boot/kernel26${KERNEL_NAME}.img - ln -sf initramfs-linux-libre${KERNEL_NAME}-fallback.img \ - boot/kernel26${KERNEL_NAME}-fallback.img - ln -sf vmlinuz-linux-libre${KERNEL_NAME} /boot/vmlinuz26${KERNEL_NAME} - fi - fi - - _add_proc_group - _add_tpe_group - _fix_permissions - - _help -} - -post_upgrade() { - pacman -Q grub &>/dev/null - hasgrub=$? - pacman -Q grub-common &>/dev/null - hasgrub2=$? - pacman -Q lilo &>/dev/null - haslilo=$? - # reminder notices - if [ $haslilo -eq 0 ]; then - echo ">>>" - if [ $hasgrub -eq 0 -o $hasgrub2 -eq 0 ]; then - echo ">>> If you use the LILO bootloader, you should run 'lilo' before rebooting." - else - echo ">>> You appear to be using the LILO bootloader. You should run" - echo ">>> 'lilo' before rebooting." - fi - echo ">>>" - fi - - if findmnt --fstab -uno SOURCE /boot &>/dev/null && ! mountpoint -q /boot; then - echo "WARNING: /boot appears to be a separate partition but is not mounted." - fi - - # updating module dependencies - echo ">>> Updating module dependencies. Please wait ..." - depmod ${KERNEL_VERSION} - if command -v mkinitcpio 2>&1 > /dev/null; then - echo ">>> Generating initial ramdisk, using mkinitcpio. Please wait..." - mkinitcpio -p linux-libre${KERNEL_NAME} - fi - - _add_proc_group - _add_tpe_group - _fix_permissions - - _help -} - -post_remove() { - # also remove the compat symlinks - rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img - rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img - - for group in grsec-trusted proc-trusted tpe-trusted; do - if getent group $group >/dev/null; then - groupdel $group - fi - done -} |