| 1 |
#! /bin/sh |
| 2 |
# |
| 3 |
# This is a kernel build script for CentOS 7's 3.10 kernel. |
| 4 |
# |
| 5 |
|
| 6 |
die () { |
| 7 |
echo $1 |
| 8 |
exit 1 |
| 9 |
} |
| 10 |
|
| 11 |
cd /tmp/ || die "Can't chdir to /tmp/ ." |
| 12 |
|
| 13 |
if [ ! -r kernel-3.10.0-1160.108.1.el7.src.rpm ] |
| 14 |
then |
| 15 |
wget https://vault.centos.org/centos/7/updates/Source/SPackages/kernel-3.10.0-1160.108.1.el7.src.rpm || die "Can't download source package." |
| 16 |
fi |
| 17 |
LANG=C rpm --checksig kernel-3.10.0-1160.108.1.el7.src.rpm | grep -F ': rsa sha1 (md5) pgp md5 OK' || die "Can't verify signature." |
| 18 |
rpm -ivh kernel-3.10.0-1160.108.1.el7.src.rpm || die "Can't install source package." |
| 19 |
|
| 20 |
cd ~/rpmbuild/SOURCES/ || die "Can't chdir to ~/rpmbuild/SOURCES/ ." |
| 21 |
if [ ! -r caitsith-patch-0.2-20231225.tar.gz ] |
| 22 |
then |
| 23 |
wget https://sourceforge.net/projects/tomoyo/files/caitsith-patch/0.2/caitsith-patch-0.2-20231225.tar.gz || die "Can't download patch." |
| 24 |
fi |
| 25 |
|
| 26 |
cd ~/rpmbuild/SPECS/ || die "Can't chdir to ~/rpmbuild/SPECS/ ." |
| 27 |
cp -p kernel.spec cs-kernel.spec || die "Can't copy spec file." |
| 28 |
patch << "EOF" || die "Can't patch spec file." |
| 29 |
--- cs-kernel.spec |
| 30 |
+++ cs-kernel.spec |
| 31 |
@@ -5,7 +5,7 @@ |
| 32 |
|
| 33 |
%define dist .el7 |
| 34 |
|
| 35 |
-# % define buildid .local |
| 36 |
+%define buildid _caitsith_0.2.11 |
| 37 |
|
| 38 |
# If there's no unversioned python, select version explicitly, |
| 39 |
# so it's possible to at least do rh-srpm. |
| 40 |
@@ -331,7 +331,7 @@ |
| 41 |
AutoProv: yes\ |
| 42 |
%{nil} |
| 43 |
|
| 44 |
-Name: kernel%{?variant} |
| 45 |
+Name: cs-kernel%{?variant} |
| 46 |
Group: System Environment/Kernel |
| 47 |
License: GPLv2 |
| 48 |
URL: http://www.kernel.org/ |
| 49 |
@@ -690,13 +690,13 @@ |
| 50 |
%package %{?1:%{1}-}devel\ |
| 51 |
Summary: Development package for building kernel modules to match the %{?2:%{2} }kernel\ |
| 52 |
Group: System Environment/Kernel\ |
| 53 |
-Provides: kernel%{?1:-%{1}}-devel-%{_target_cpu} = %{version}-%{release}\ |
| 54 |
-Provides: kernel-devel-%{_target_cpu} = %{version}-%{release}%{?1:.%{1}}\ |
| 55 |
-Provides: kernel-devel-uname-r = %{KVRA}%{?1:.%{1}}\ |
| 56 |
+Provides: cs-kernel%{?1:-%{1}}-devel-%{_target_cpu} = %{version}-%{release}\ |
| 57 |
+Provides: cs-kernel-devel-%{_target_cpu} = %{version}-%{release}%{?1:.%{1}}\ |
| 58 |
+Provides: cs-kernel-devel-uname-r = %{KVRA}%{?1:.%{1}}\ |
| 59 |
AutoReqProv: no\ |
| 60 |
Requires(pre): /usr/bin/find\ |
| 61 |
Requires: perl\ |
| 62 |
-%description -n kernel%{?variant}%{?1:-%{1}}-devel\ |
| 63 |
+%description -n cs-kernel%{?variant}%{?1:-%{1}}-devel\ |
| 64 |
This package provides kernel headers and makefiles sufficient to build modules\ |
| 65 |
against the %{?2:%{2} }kernel package.\ |
| 66 |
%{nil} |
| 67 |
@@ -808,6 +808,10 @@ |
| 68 |
ApplyOptionalPatch debrand-rh_taint.patch |
| 69 |
ApplyOptionalPatch debrand-rh-i686-cpu.patch |
| 70 |
|
| 71 |
+# CaitSith |
| 72 |
+tar -zxf %_sourcedir/caitsith-patch-0.2-20231225.tar.gz |
| 73 |
+sed -i -e 's/CCSECURITY/CAITSITH/g' -e 's/ccsecurity/caitsith/g' -e 's/ccs_domain_info/cs_domain_info/g' -e 's/ccs_flags/cs_flags/g' patches/ccs-patch-*.diff |
| 74 |
+patch -sp1 < patches/ccs-patch-3.10-centos-7.diff |
| 75 |
# Any further pre-build tree manipulations happen here. |
| 76 |
|
| 77 |
chmod +x scripts/checkpatch.pl |
| 78 |
@@ -846,6 +850,17 @@ |
| 79 |
for i in *.config |
| 80 |
do |
| 81 |
mv $i .config |
| 82 |
+ # TOMOYO Linux 2.5 |
| 83 |
+ sed -i -e 's/# CONFIG_SECURITY_PATH is not set/CONFIG_SECURITY_PATH=y/' -- .config |
| 84 |
+ sed -i -e 's/# CONFIG_SECURITY_TOMOYO is not set/CONFIG_SECURITY_TOMOYO=y/' -- .config |
| 85 |
+ echo 'CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048' >> .config |
| 86 |
+ echo 'CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024' >> .config |
| 87 |
+ echo '# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set' >> .config |
| 88 |
+ echo 'CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"' >> .config |
| 89 |
+ echo 'CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"' >> .config |
| 90 |
+ echo '# CONFIG_DEFAULT_SECURITY_TOMOYO is not set' >> .config |
| 91 |
+ # CaitSith |
| 92 |
+ sed -e 's@/sbin/init@/usr/lib/systemd/systemd@' -- config.caitsith >> .config |
| 93 |
Arch=`head -1 .config | cut -b 3-` |
| 94 |
make %{?cross_opts} ARCH=$Arch listnewconfig | grep -E '^CONFIG_' >.newoptions || true |
| 95 |
%if %{listnewconfig_fail} |
| 96 |
EOF |
| 97 |
echo "" |
| 98 |
echo "" |
| 99 |
echo "" |
| 100 |
echo "Edit ~/rpmbuild/SPECS/cs-kernel.spec if needed, and run" |
| 101 |
echo "rpmbuild -bb ~/rpmbuild/SPECS/cs-kernel.spec" |
| 102 |
echo "to build kernel rpm packages." |
| 103 |
echo "" |
| 104 |
ARCH=`uname -m` |
| 105 |
echo "I'll start 'rpmbuild -bb --target $ARCH --with baseonly --without debug --without debuginfo ~/rpmbuild/SPECS/cs-kernel.spec' in 30 seconds. Press Ctrl-C to stop." |
| 106 |
sleep 30 |
| 107 |
exec rpmbuild -bb --target $ARCH --with baseonly --without debug --without debuginfo ~/rpmbuild/SPECS/cs-kernel.spec |
| 108 |
exit 0 |
Parent Directory
Revision Log