packages: kernel/kernel.spec, kernel/kernel-pax.patch (REMOVED), kernel/ker...
mguevara
mguevara at pld-linux.org
Thu Aug 6 13:25:35 CEST 2009
Author: mguevara Date: Thu Aug 6 11:25:35 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- 2.6.30.4-0.3; changed bcond pax_full -> pax; removed patches 9997
kernel-pax_selinux_hooks.patch and 9998 kernel-pax.patch; more cleanup
---- Files affected:
packages/kernel:
kernel.spec (1.689 -> 1.690) , kernel-pax.patch (1.2 -> NONE) (REMOVED), kernel-pax_selinux_hooks.patch (1.2 -> NONE) (REMOVED)
---- Diffs:
================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.689 packages/kernel/kernel.spec:1.690
--- packages/kernel/kernel.spec:1.689 Tue Aug 4 18:12:36 2009
+++ packages/kernel/kernel.spec Thu Aug 6 13:25:30 2009
@@ -10,7 +10,11 @@
# TODO:
# - benchmark NO_HZ & HZ=1000 vs HZ=300 on i686
# - add a subpackage (kernel-firmware?) for ~35 firmware files
-# - cleanup: bcond pax_full -> pax
+# - aufs1 patches 145, 146 to remove or update (not maintained)
+# - update or remove tahoe9xx patch2
+# - update or remove mpt-fusion patch90
+# - update grsec_minimal patch1000:
+# fs/proc/base.c:1484: error: 'struct task_struct' has no member named 'uid'
#
# HOWTO update configuration files:
# - run build
@@ -27,10 +31,9 @@
%bcond_without reiser4 # support for reiser4 fs (experimental)
%bcond_without grsecurity # don't build grsecurity nor pax at all
-%bcond_without grsec_minimal # build only minimal subset (proc,link,fifo,shm)
%bcond_without grsec_full # build full grsecurity
-%bcond_with pax_full # build pax and full grsecurity (ie. grsec_full && pax)
-%bcond_with pax # build pax support
+%bcond_with grsec_minimal # build only minimal subset (proc,link,fifo,shm)
+%bcond_with pax # build pax and full grsecurity (ie. grsec_full && pax)
%bcond_with fbcondecor # build fbcondecor (disable FB_TILEBLITTING and affected fb modules)
%bcond_with pae # build PAE (HIGHMEM64G) support on uniprocessor
@@ -55,27 +58,23 @@
%undefine with_grsec_full
%undefine with_grsec_minimal
%undefine with_pax
-%undefine with_pax_full
%endif
-%if %{with pax_full}
+%if %{with pax}
%undefine with_grsec_minimal
%define with_grsec_full 1
%define with_grsecurity 1
%define with_pax 1
%endif
-%if %{with grsec_full}
-%undefine with_grsec_minimal
+%if %{with grsec_minimal}
+%undefine with_pax
+%undefine with_grsec_full
%define with_grsecurity 1
-%if %{with pax}
-%define with_pax_full 1
-%endif
%endif
-%if %{with grsec_minimal}
-%undefine with_grsec_full
-%undefine with_pax_full
+%if %{with grsec_full}
+%undefine with_grsec_minimal
%define with_grsecurity 1
%endif
@@ -87,10 +86,10 @@
%if %{with rescuecd}
%undefine with_apparmor
%undefine with_tuxonice
+%undefine with_grsecurity
%undefine with_grsec_full
%undefine with_grsec_minimal
%undefine with_pax
-%undefine with_pax_full
%undefine with_vserver
%define have_drm 0
%define have_sound 0
@@ -115,7 +114,7 @@
%define basever 2.6.30
%define postver .4
-%define rel 0.2
+%define rel 0.3
%define _enable_debug_packages 0
@@ -203,9 +202,8 @@
Patch4: kernel-fbcon-margins.patch
# netfilter related stuff mostly based on patch-o-matic-ng
-# snapshot 20061213 with some fixes related to changes in
-# netfilter api in 2.6.19 up to 2.6.22. Some modules
-# were ported to nf_conntrack. Some of these are unique.
+# snapshot 20070806 with some fixes. Some modules
+# were ported to nf_conntrack.
Patch10: kernel-pom-ng-IPV4OPTSSTRIP.patch
Patch11: kernel-pom-ng-ipv4options.patch
@@ -290,6 +288,7 @@
Patch140: kernel-unionfs.patch
# aufs1, http://aufs.sourceforge.net/
+# aufs1 is NOT maintained since Jan 2009.
Patch145: kernel-aufs.patch
Patch146: kernel-aufs-support.patch
@@ -327,12 +326,6 @@
# based on http://ftp.leg.uct.ac.za/pub/linux/rip/inittmpfs-2.6.14.diff.gz
Patch7000: kernel-inittmpfs.patch
-# not ready yet
-Patch9997: kernel-pax_selinux_hooks.patch
-
-# based on http://www.grsecurity.net/~paxguy1/pax-linux-2.6.24.6-test45.patch
-Patch9998: kernel-pax.patch
-
# based on http://www.grsecurity.net/~spender/grsecurity-2.1.14-2.6.29.6-200907122214.patch
# NOTE: put raw upstream patches on kernel-grsec_full.patch:GRSECURITY_RAW for reference
# (since upstream deletes older patches)
@@ -469,7 +462,8 @@
%define MakeOpts %{CrossOpts} HOSTCC="%{__cc}"
%define __features Netfilter module dated: %{netfilter_snap}\
-%{?with_grsec_full:Grsecurity full support - enabled}\
+%{?with_grsec_full:Grsecurity support - enabled}\
+%{?with_grsec_minimal:Grsecurity minimal support /proc,link,fifo,shm/ - enabled}\
%{?with_pax:PaX support - enabled}\
%{?with_fbcondecor:Fbsplash/fbcondecor - enabled }\
%{?with_nfsroot:Root on NFS - enabled}\
@@ -749,7 +743,7 @@
%patch70 -p1
%endif
-# XXX: 2.6.29 - need update
+# tahoe9xx: 2.6.29 - need update
#%patch2 -p1
%if %{with fbcondecor}
@@ -855,9 +849,10 @@
%endif
%if %{with rescuecd}
+# aufs2
%patch148 -p1
%else
-# 2.6.29 FIXME - needs port to creds
+# aufs1: 2.6.29 FIXME - needs port to creds
#%patch145 -p1
#%patch146 -p1
%endif
@@ -870,42 +865,22 @@
# grsecurity & pax stuff
#
-%if %{with pax_full}
-%patch9999 -p1
-%{?with_vserver:%patch10000 -p1}
-%{?with_vserver:%patch10001 -p1}
-%{?with_vserver:%patch10002 -p1}
-%{?with_vserver:%patch10003 -p1}
-%else
-%if %{with grsec_full}
+# remember that we have the same config file for grsec_minimal and
+# grsec_full, but the patches are different.
+
+%if %{with grsecurity}
+%if %{with grsec_minimal}
+%patch1000 -p1
+%else
+# grsec_full and/or pax
%patch9999 -p1
%{?with_vserver:%patch10000 -p1}
%{?with_vserver:%patch10001 -p1}
%{?with_vserver:%patch10002 -p1}
%{?with_vserver:%patch10003 -p1}
-%else
-%if %{with grsec_minimal}
-%patch1000 -p1
-# remember that we have the same config file for grsec_minimal and
-# grsec_full, but the patches are different.
-%endif
%endif
-
-%if %{with pax}
-# now we have an separate testing pax-only patch - in the future we
-# could have single grsecurity patch and will have to prepare separate
-# configs for grsec_minimal, grsec_full and pax to support such
-# configurations like pax & grsec_minimal.
-# So, in a future there could be no patch9998, but only config
-# would tell which options should be enabled.
-# The second option is to maintain separate pax-only patch.
-%patch9998 -p1
-#patch9997 -p1 - needs update
-%endif
-
%endif
-
#
# end of grsecurity & pax stuff
@@ -980,7 +955,7 @@
# Now we have to check MAC system integration. Grsecurity (full) uses PAX_HAVE_ACL_FLAGS
# setting (direct acces). grsec_minimal probably have no idea about PaX so we probably
# could use PAX_NO_ACL_FLAGS, but for testing the hooks setting will be used
- # PAX_HOOK_ACL_FLAGS. SELinux should also be able to make PaX settings via hooks
+ # PAX_HOOK_ACL_FLAGS.
%if %{with grsec_full}
# Hardening grsec options if with pax
@@ -990,7 +965,6 @@
# no change needed CONFIG=PAX_HAVE_ACL_FLAGS=y is taken from the kernel-pax.config
%else
- # selinux or other hooks?
CONFIG_PAX_HAVE_ACL_FLAGS=n
CONFIG_PAX_HOOK_ACL_FLAGS=y
%endif
@@ -1100,7 +1074,7 @@
%if %{with rescuecd}
RescueConfig rescue.config
%endif
-%if %{with pax_full} || %{with pax}
+%if %{with pax}
PaXconfig pax.config
%endif
@@ -1116,7 +1090,7 @@
rescue.config \
%endif
\
-%if %{with pax_full}
+%if %{with pax}
%{SOURCE45} \
%{SOURCE49} \
pax.config \
@@ -1129,10 +1103,6 @@
%{SOURCE51} \
%endif
%endif
- %if %{with pax}
- %{SOURCE49} \
- pax.config \
- %endif
%endif
\
%if %{with reiser4}
@@ -1606,6 +1576,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.690 2009/08/06 11:25:30 mguevara
+- 2.6.30.4-0.3; changed bcond pax_full -> pax; removed patches 9997
+ kernel-pax_selinux_hooks.patch and 9998 kernel-pax.patch; more cleanup
+
Revision 1.689 2009/08/04 16:12:36 mguevara
- up to 2.6.30.4-0.2; updated imq patches and enabled imq bcond; cleanup
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.689&r2=1.690&f=u
More information about the pld-cvs-commit
mailing list