From: Heiko Z. <smi...@us...> - 2011-12-18 21:22:52
|
Update of /cvsroot/devil-linux/build/scripts In directory vz-cvs-3.sog:/tmp/cvs-serv21541/scripts Modified Files: finalize functions grub Log Message: grub is finally operational removed textrel and other checks Index: functions =================================================================== RCS file: /cvsroot/devil-linux/build/scripts/functions,v retrieving revision 1.79 retrieving revision 1.80 diff -u -d -r1.79 -r1.80 --- functions 5 Dec 2011 09:20:27 -0000 1.79 +++ functions 18 Dec 2011 21:22:49 -0000 1.80 @@ -535,8 +535,6 @@ echo "ERROR couldn't find file $!" exit 1 fi - - set -x if [ ! -f ${FLAGDIR} ]; then for PATCH in $(cat $1 2>/dev/null) Index: finalize =================================================================== RCS file: /cvsroot/devil-linux/build/scripts/finalize,v retrieving revision 1.15 retrieving revision 1.16 diff -u -d -r1.15 -r1.16 --- finalize 10 Dec 2011 20:30:58 -0000 1.15 +++ finalize 18 Dec 2011 21:22:49 -0000 1.16 @@ -35,34 +35,6 @@ ln -sf lib $CDDIR/usr/lib64 || exit 1 fi - TEXT_REL=$(scanelf -qtyR $CDDIR) - if [ -n "$TEXT_REL" ]; then - echo "************ WARNING ************" - echo "The following files contain text relocations, please try to get those files to PIC" - echo "$TEXT_REL" - fi - - # now let's search for libraries which have the executable stack flag set - # and error out if we find any (only if PAX or GRSecurity are on) - GNU_EXEC_STACK=$(scanelf $CDDIR -eRq | grep -v /boot/grub/kernel.img | grep -v /usr/lib/grub/i386-pc/kernel.img) - if [ -n "$GNU_EXEC_STACK" ]; then - if [ "$CONFIG_GRSECURITY" = "y" ] || [ "$CONFIG_PAX" == "y" ]; then - echo "************ ERROR ************" - else - echo "************ WARNING ************" - fi - echo "The following files have the GNU_EXEC_STACK turned on:" - echo "$GNU_EXEC_STACK" - echo "fix this by adding either:" - echo "-Wa,--noexecstack to CC" - echo "or" - echo "-Wl,-z,noexecstack to LD" - echo "worst case just disable it with scanelf" - echo "see http://www.gentoo.org/proj/en/hardened/pax-utils.xml for details" - if [ "$CONFIG_GRSECURITY" = "y" ] || [ "$CONFIG_PAX" == "y" ]; then - exit 1 - fi - fi ;; * ) Index: grub =================================================================== RCS file: /cvsroot/devil-linux/build/scripts/grub,v retrieving revision 1.25 retrieving revision 1.26 diff -u -d -r1.25 -r1.26 --- grub 9 Dec 2011 12:59:49 -0000 1.25 +++ grub 18 Dec 2011 21:22:49 -0000 1.26 @@ -20,19 +20,19 @@ build ) patch_from_dir ../grub-patches - if [ "$CONFIG_GCC_HARDENED" = "y" ]; then - export CC="gcc -fno-stack-protector -fno-pic -fno-pie -nopie -Wa,--noexecstack" - fi unset CFLAGS unset CXXFLAGS + export CC="gcc -specs=${WORKDIR}/gcc-specs-default" ./configure --prefix=/usr --sbindir=/sbin --sysconfdir=/etc --disable-nls || exit 1 - make $PMAKE LDFLAGS="-Wl,-z,noexecstack" || exit 1 + make $PMAKE || exit 1 ;; install ) rm -rf $TMPDIR || exit 1 mkdir -p $TMPDIR || exit 1 make install DESTDIR=$TMPDIR || exit 1 + paxctl -pemrxs $TMPDIR/sbin/* + paxctl -pemrxs $TMPDIR/usr/bin/* copy_docs $TMPDIR cp -dpvR $TMPDIR/etc/* $ETCDIR/etc/ || exit 1 rm -rf $TMPDIR/etc |