SPECS (LINUX_2_6): kernel.spec - rel 1.7 - added minimal grsecurit...

baggins baggins at pld-linux.org
Wed Apr 12 17:36:55 CEST 2006 

Author: baggins                      Date: Wed Apr 12 15:36:55 2006 GMT
Module: SPECS                         Tag: LINUX_2_6
---- Log message:
- rel 1.7
- added minimal grsecurity
- only add -grsecurity suffix to package name if we build full grsecurity

---- Files affected:
SPECS:
   kernel.spec (1.441.2.1480 -> 1.441.2.1481) 

---- Diffs:

================================================================
Index: SPECS/kernel.spec
diff -u SPECS/kernel.spec:1.441.2.1480 SPECS/kernel.spec:1.441.2.1481
--- SPECS/kernel.spec:1.441.2.1480	Tue Apr 11 22:47:16 2006
+++ SPECS/kernel.spec	Wed Apr 12 17:36:49 2006
@@ -14,9 +14,31 @@
 %bcond_with	suspend2	# build software suspend support
 %bcond_with	verbose		# verbose build (V=1)
 %bcond_with	vserver		# added vserver.
+%bcond_without	grsecurity	# don't build grsecurity at all
+%bcond_without	grsec_minimal	# build only minimal subset (proc,link,fifo,shm)
+%bcond_with	grsec_full	# build full grsecurity
 
 %{?debug:%define with_verbose 1}
 
+%if %{without grsecurity}
+%undefine	with_grsec_full
+%undefine	with_grsec_minimal
+%endif
+
+%if %{with grsec_full}
+%undefine	with_grsec_minimal
+%define		with_grsecurity
+%endif
+
+%if %{with grsec_minimal}
+%undefine	with_grsec_full
+%define		with_grsecurity
+%endif
+
+%if %{with grsec_full} && %{with vserver}                                       
+full grsecurity conflicts with vserver                                               
+%endif                                                                          
+
 %ifarch sparc
 # sparc32 is missing important updates from 2.5 cycle - won't build.
 %undefine	with_smp
@@ -67,7 +89,7 @@
 %define		_udev_ver		071
 %define		_mkvmlinuz_ver		1.3
 
-%define		_rel			1.6
+%define		_rel			1.7
 
 %define		_netfilter_snap		20060329
 %define		_nf_hipac_ver		0.9.1
@@ -86,7 +108,7 @@
 Summary(de):	Der Linux-Kernel (Kern des Linux-Betriebssystems)
 Summary(fr):	Le Kernel-Linux (La partie centrale du systeme)
 Summary(pl):	Jądro Linuksa
-Name:		kernel%{?with_grsecurity:-grsecurity}%{?with_omosix:-openmosix}%{?with_vserver:-vserver}%{?with_xen0:-xen0}%{?with_xenU:-xenU}%{?with_preemptive:-preempt}
+Name:		kernel%{?with_grsec_full:-grsecurity}%{?with_omosix:-openmosix}%{?with_vserver:-vserver}%{?with_xen0:-xen0}%{?with_xenU:-xenU}%{?with_preemptive:-preempt}
 %define		_postver	.4
 #define		_postver	%{nil}
 Version:	2.6.16%{_postver}
@@ -132,6 +154,7 @@
 Source42:	kernel-suspend2.config
 Source43:	kernel-vserver.config
 Source44:	kernel-vesafb-tng.config
+Source45:	kernel-grsec.config
 
 ###
 #	Patches
@@ -207,7 +230,9 @@
 
 # vserver from: http://vserver.13thfloor.at/Experimental/patch-2.6.16-vs2.1.1-rc15.diff
 Patch100:	linux-2.6-vs2.1.patch
+Patch101:	linux-2.6-vs2.1-grsec-minimal.patch
 
+Patch1000:	linux-2.6-grsec-minimal.patch
 # grsecurity snap for 2.6.16.
 # from http://www.grsecurity.net/~spender/grsecurity-2.1.9-2.6.16-200603292139.patch
 ## [pl]nienaklada sie 
@@ -705,9 +730,17 @@
 
 %if %{with vserver}
 %patch100 -p1
+%if %{with grsec_minimal}
+%patch101 -p1
+%endif
 %endif
 
+%if %{with grsec_minimal}
+patch1000 -p1
+%endif
+%if %{with grsec_full}
 #patch9999 -p1
+%endif
 
 # Fix EXTRAVERSION in main Makefile
 sed -i 's#EXTRAVERSION =.*#EXTRAVERSION = %{_postver}#g' Makefile
@@ -819,6 +852,10 @@
 	cat %{SOURCE44} >> arch/%{_target_base_arch}/defconfig
 %endif
 
+%if %{with grsecurity}
+	cat %{SOURCE45} >> arch/%{_target_base_arch}/defconfig
+%endif
+
 	# fbsplash
 	echo "CONFIG_FB_SPLASH=y" >> arch/%{_target_base_arch}/defconfig
 
@@ -1082,7 +1119,7 @@
 		title='PLD Linux'
 	fi
 
-	ext='%{?with_grsecurity:grsecurity}%{?with_omosix:openMosix}%{?with_vserver:vserver}%{?with_xen0:Xen0}%{?with_xenU:XenU}%{?with_preemptive:preempt}'
+	ext='%{?with_grsec_full:grsecurity}%{?with_omosix:openMosix}%{?with_vserver:vserver}%{?with_xen0:Xen0}%{?with_xenU:XenU}%{?with_preemptive:preempt}'
 	if [ "$ext" ]; then
 		title="$title $ext"
 	fi
@@ -1154,7 +1191,7 @@
 		title='PLD Linux'
 	fi
 
-	ext='%{?with_grsecurity:grsecurity}%{?with_omosix:openMosix}%{?with_vserver:vserver}%{?with_xen0:Xen0}%{?with_xenU:XenU}%{?with_preemptive:preempt}'
+	ext='%{?with_grsec_full:grsecurity}%{?with_omosix:openMosix}%{?with_vserver:vserver}%{?with_xen0:Xen0}%{?with_xenU:XenU}%{?with_preemptive:preempt}'
 	if [ "$ext" ]; then
 		title="$title $ext"
 	fi
@@ -1503,6 +1540,9 @@
 %{_prefix}/src/linux-%{version}/crypto
 %{_prefix}/src/linux-%{version}/drivers
 %{_prefix}/src/linux-%{version}/fs
+%if %{with grsecurity}
+%{_prefix}/src/linux-%{version}/grsecurity
+%endif
 %{_prefix}/src/linux-%{version}/init
 %{_prefix}/src/linux-%{version}/ipc
 %{_prefix}/src/linux-%{version}/kernel
@@ -1535,6 +1575,11 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.441.2.1481  2006/04/12 15:36:49  baggins
+- rel 1.7
+- added minimal grsecurity
+- only add -grsecurity suffix to package name if we build full grsecurity
+
 Revision 1.441.2.1480  2006/04/11 20:47:16  cieciwa
 - _rel 1.6,
 added ACCOUNT and accouont netfilter module.
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/kernel.spec?r1=1.441.2.1480&r2=1.441.2.1481&f=u

More information about the pld-cvs-commit mailing list