diff options
Diffstat (limited to 'testing')
| -rw-r--r-- | testing/ipt-netflow-hardened/APKBUILD | 71 | ||||
| -rw-r--r-- | testing/ipt-netflow-hardened/kernel-4.6.patch | 63 | ||||
| -rw-r--r-- | testing/sch-cake-hardened/10-Makefile.patch | 11 | ||||
| -rw-r--r-- | testing/sch-cake-hardened/APKBUILD | 64 | ||||
| -rw-r--r-- | testing/virtualbox-additions-hardened/APKBUILD | 70 | ||||
| -rw-r--r-- | testing/virtualbox-additions-hardened/virtualbox-modules-4.1.4-pax-const.patch | 48 | ||||
| -rw-r--r-- | testing/wireguard-hardened/APKBUILD | 62 |
7 files changed, 0 insertions, 389 deletions
diff --git a/testing/ipt-netflow-hardened/APKBUILD b/testing/ipt-netflow-hardened/APKBUILD deleted file mode 100644 index ac066eaf39..0000000000 --- a/testing/ipt-netflow-hardened/APKBUILD +++ /dev/null @@ -1,71 +0,0 @@ -# Maintainer: Natanael Copa <ncopa@alpinelinux.org> - -_flavor=hardened -_kpkg=linux-$_flavor -_kver=4.9.73 -_kpkgrel=0 - -# when chaning _ver we *must* bump _mypkgrel -_ver=2.2 - -_mypkgrel=0 - -# verify the kernel version before entering chroot -if [ -f ../linux-${_flavor}/APKBUILD ]; then - . ../linux-${_flavor}/APKBUILD - pkgname=ipt-netflow-${_flavor} - [ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver" - [ "$_kpkgrel" != "$pkgrel" ] && die "please update _kpkgrel to $pkgrel" -fi - -_kpkgver="$_kver-r$_kpkgrel" -_abi_release=${_kver}-${_kpkgrel}-${_flavor} - -pkgname=ipt-netflow-${_flavor} -pkgver=$_kver - -pkgrel=$(( $_kpkgrel + $_mypkgrel )) -pkgdesc="Linux kernel netflow sensor module" -url="http://ipt-netflow.sourceforge.net/" -arch="x86 x86_64 armhf" -license=GPL3+ -source="ipt-netflow-$_ver.tar.gz::https://github.com/aabc/ipt-netflow/archive/v$_ver.tar.gz - kernel-4.6.patch - " -provides="ipt-netflow-grsec=${pkgver}-r${pkgrel}" -depends="${_kpkg}=${_kpkgver}" -depends_dev="$_kpkg-dev=$_kpkgver" -makedepends="linux-${_flavor}-dev=$_kpkgver iptables-dev bash" -install_if="$_kpkg=$_kpkgver ipt-netflow" - -_builddir="$srcdir"/ipt-netflow-$_ver -prepare() { - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} - -build() { - cd "$_builddir" - ./configure --kver=$_abi_release \ - --ipt-inc=/usr/include/libiptc \ - || return 1 - make ipt_NETFLOW.ko || return 1 -} - -package() { - cd "$_builddir" - make -j1 minstall DEPMOD=: DESTDIR="$pkgdir" \ - || return 1 -} - -# override dev() from kernel's APKBUILD -dev() { - default_dev -} - -sha512sums="e5d9039c079abfb2ef3656d96228616514ac57d87a9c71181f132ecac51e51407bcdc62aa6e1eb43d16f98be5b22d3801c58578317ea21aaa5433ed143daabe2 ipt-netflow-2.2.tar.gz -96a250b87f8fb7d6240850dd0721aa0e1dcc7647b689abb15b07fb8758aea4338e5d169b3d0dca19e45279b38166d791cd0d412a9f4b44caf028cee2e782b72b kernel-4.6.patch" diff --git a/testing/ipt-netflow-hardened/kernel-4.6.patch b/testing/ipt-netflow-hardened/kernel-4.6.patch deleted file mode 100644 index 79fba3c5bf..0000000000 --- a/testing/ipt-netflow-hardened/kernel-4.6.patch +++ /dev/null @@ -1,63 +0,0 @@ -From c16ffc6cb679b3377a0d4a30a6bbcf5e2f3d0214 Mon Sep 17 00:00:00 2001 -From: ABC <abc@telekom.ru> -Date: Sun, 22 May 2016 22:07:14 +0300 -Subject: [PATCH] Support ETHTOOL_xLINKSETTINGS API (new in linux 4.6). - -Thus, making support for 4.6 kernels. -Reference to linux commit: - https://github.com/torvalds/linux/commit/3f1ac7a700d - -Fixes #56, thanks karel-un. ---- - ipt_NETFLOW.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c -index 067fd50..d27eea2 100644 ---- a/ipt_NETFLOW.c -+++ b/ipt_NETFLOW.c -@@ -3904,7 +3904,13 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d - { - struct ethtool_drvinfo info = { 0 }; - const struct ethtool_ops *ops = dev->ethtool_ops; -+#ifndef ETHTOOL_GLINKSETTINGS - struct ethtool_cmd ecmd; -+#define _KSETTINGS(x, y) (x) -+#else -+ struct ethtool_link_ksettings ekmd; -+#define _KSETTINGS(x, y) (y) -+#endif - int len = size; - int n; - -@@ -3933,11 +3939,11 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d - /* only get_settings for running devices to not trigger link negotiation */ - if (dev->flags & IFF_UP && - dev->flags & IFF_RUNNING && -- !__ethtool_get_settings(dev, &ecmd)) { -+ !_KSETTINGS(__ethtool_get_settings(dev, &ecmd), __ethtool_get_link_ksettings(dev, &ekmd))) { - char *s, *p; - - /* append basic parameters: speed and port */ -- switch (ethtool_cmd_speed(&ecmd)) { -+ switch (_KSETTINGS(ethtool_cmd_speed(&ecmd), ekmd.base.speed)) { - case SPEED_10000: s = "10Gb"; break; - case SPEED_2500: s = "2.5Gb"; break; - case SPEED_1000: s = "1Gb"; break; -@@ -3945,7 +3951,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d - case SPEED_10: s = "10Mb"; break; - default: s = ""; - } -- switch (ecmd.port) { -+ switch (_KSETTINGS(ecmd.port, ekmd.base.port)) { - case PORT_TP: p = "tp"; break; - case PORT_AUI: p = "aui"; break; - case PORT_MII: p = "mii"; break; -@@ -3964,6 +3970,7 @@ static int ethtool_drvinfo(unsigned char *ptr, size_t size, struct net_device *d - ops->complete(dev); - return size - len; - } -+#undef _KSETTINGS - - static const unsigned short netdev_type[] = - {ARPHRD_NETROM, ARPHRD_ETHER, ARPHRD_AX25, diff --git a/testing/sch-cake-hardened/10-Makefile.patch b/testing/sch-cake-hardened/10-Makefile.patch deleted file mode 100644 index 5229a1e0e4..0000000000 --- a/testing/sch-cake-hardened/10-Makefile.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- sch_cake-747954dd0bde66bb28d2b6c2c109597c9abbe5c5/Makefile.orig -+++ sch_cake-747954dd0bde66bb28d2b6c2c109597c9abbe5c5/Makefile -@@ -5,7 +5,7 @@ - PWD := $(shell pwd) - VERSION := $(shell git rev-parse HEAD 2>/dev/null) - default: -- $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules $(if $(VERSION),LDFLAGS_MODULE="--build-id=0x$(VERSION)" CFLAGS_MODULE="-DCAKE_VERSION=\\\"$(VERSION)\\\"") -+ $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules $(if $(VERSION),LDFLAGS_MODULE="$(LDFLAGS_MODULE) --build-id=0x$(VERSION)" CFLAGS_MODULE="$(CFLAGS_MODULE) -DCAKE_VERSION=\\\"$(VERSION)\\\"") - - install: - install -v -m 644 sch_cake.ko $(IDIR) diff --git a/testing/sch-cake-hardened/APKBUILD b/testing/sch-cake-hardened/APKBUILD deleted file mode 100644 index 8aa2a6b557..0000000000 --- a/testing/sch-cake-hardened/APKBUILD +++ /dev/null @@ -1,64 +0,0 @@ -# Contributor: Ben Allen <bensallen@me.com> -# Maintainer: Ben Allen <bensallen@me.com> -_flavor=${FLAVOR:-hardened} -_kpkg=linux-$_flavor -_realname=sch-cake -_name=$_realname-$_flavor - -_kver=4.9.73 -_kpkgrel=0 - -_gitver=9789742cfc596d48583ba4cdbc8f38d026121fa6 -_mypkgrel=0 - -# source the kernel version -if [ -f ../linux-$_flavor/APKBUILD ]; then - . ../linux-$_flavor/APKBUILD - [ "$_kver" != "$pkgver" ] && die "$_name: Please update _kver to $pkgver" - [ "$_kpkgrel" != "$pkgrel" ] && die "$_name: Please update _kpkgrel to $pkgrel" -fi - -_kernelver=$_kver-r$_kpkgrel -_abi_release=${_kver}-${_kpkgrel}-${_flavor} - -pkgname=$_name -pkgver=$_kver -pkgrel=$(($_kpkgrel + $_mypkgrel)) - -pkgrel=0 -pkgdesc="Out of tree build for the new cake qdisc" -url="https://github.com/dtaht/sch_cake" -arch="x86 x86_64 armhf" -license="BSD or GPL" -depends="linux-${_flavor}=${_kernelver}" -makedepends="linux-${_flavor}-dev=${_kernelver} linux-headers" -install= -install_if="linux-$_flavor=$_kernelver $_realname" -subpackages= -provides="${_realname}-grsec=${pkgver}-r${pkgrel}" -source="$_realname-$_gitver.tar.gz::https://github.com/dtaht/sch_cake/archive/$_gitver.tar.gz 10-Makefile.patch" -_builddir="$srcdir"/sch_cake-$_gitver - -prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} - -build() { - cd "$_builddir" - make KERNEL_VERSION=$_abi_release CFLAGS_MODULE="$CFLAGS_MODULE" || return 1 -} - -package() { - cd "$_builddir" - install -v -m 0755 -d $pkgdir/lib/modules/$_abi_release/kernel/net/sched - install -v -m 0644 $_builddir/sch_cake.ko $pkgdir/lib/modules/$_abi_release/kernel/net/sched/ -} - -sha512sums="1a4ae8632a3aa7349290434edfc2ca75315ea3b1698e97fbee7c102bf4e4897a09582de295c9d6cc3ec7fe6a8681df24e831c88a78df9ce766a5eec6b909cfca sch-cake-9789742cfc596d48583ba4cdbc8f38d026121fa6.tar.gz -9555709d6db1cb6a2599fe059a33962fa74826b6717f0dbb27217b3f678e22498156be548f6883abb6c493aa345de15fe2ceaa76a52bb4eed60ef6ee64c50bd8 10-Makefile.patch" diff --git a/testing/virtualbox-additions-hardened/APKBUILD b/testing/virtualbox-additions-hardened/APKBUILD deleted file mode 100644 index 9e3f834538..0000000000 --- a/testing/virtualbox-additions-hardened/APKBUILD +++ /dev/null @@ -1,70 +0,0 @@ -# Maintainer: Natanael Copa <ncopa@alpinelinux.org> - -_flavor=hardened -_kpkg=linux-$_flavor -_kver=4.9.73 -_kpkgrel=0 - -# when chaning _ver we *must* bump _mypkgrel -_ver=5.1.26 -_mypkgrel=0 -_name=virtualbox-additions - - -_kpkgver="$_kver-r$_kpkgrel" -_abi_release=${_kver}-${_kpkgrel}-${_flavor} - -pkgname=${_name}-${_flavor} -pkgver=$_kver -pkgrel=$(($_kpkgrel + $_mypkgrel)) -pkgdesc="Virtual box additions kernel modules for $_flavor" -arch="x86 x86_64" -url='http://virtualbox.org' -license="GPL custom" -depends="${_kpkg}=${_kpkgver}" -makedepends="linux-${_flavor}-dev" -provides="${_name}-grsec=${pkgver}-r${pkgrel}" -source="http://dev.gentoo.org/~polynomial-c/virtualbox/vbox-kernel-module-src-$_ver.tar.xz - virtualbox-modules-4.1.4-pax-const.patch - " - -builddir="$srcdir"/ - -prepare() { - # verify the kernel version - ( - _kapkbuild="$startdir"/../../main/linux-${_flavor}/APKBUILD - if [ -f $_kapkbuild ]; then - . $_kapkbuild - pkgname=$_name-$_flavor - if [ "$_kver" != "$pkgver" ]; then - die "please update _kver to $pkgver" - fi - if [ "$_kpkgrel" != "$pkgrel" ]; then - die "please update _kpkgrel to $pkgrel" - fi - fi - ) || return 1 - - cd "$builddir" - default_prepare || return 1 -} - -build() { - cd "$builddir" - export KERN_DIR=/usr/src/linux-headers-${_abi_release} - make -} - -package() { - local module= - cd "$builddir" - for module in *.ko; do - install -D -m644 $module \ - "$pkgdir/lib/modules/${_abi_release}/misc/$module" \ - || return 1 - done -} - -sha512sums="c77e0d8dfade2abac95162e7e7a424be4875e44d43bcf2a13e0e50caa69f5fd0d21c77f03bb2cd4cbd5df4ab31e9fbd49ecd9220a49af8cd10081b960e014010 vbox-kernel-module-src-5.1.26.tar.xz -9a9a982defed6d4453bc6d9388c3a71169bba85568cfd36d0d2588dda8e213a0d759c983a337a150d17c55bb6206e43738dfd2559fedeb85e132363936a48574 virtualbox-modules-4.1.4-pax-const.patch" diff --git a/testing/virtualbox-additions-hardened/virtualbox-modules-4.1.4-pax-const.patch b/testing/virtualbox-additions-hardened/virtualbox-modules-4.1.4-pax-const.patch deleted file mode 100644 index 5e89ab43c8..0000000000 --- a/testing/virtualbox-additions-hardened/virtualbox-modules-4.1.4-pax-const.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -urp vboxdrv.orig/SUPDrvIDC.h vboxdrv/SUPDrvIDC.h ---- a/vboxdrv.orig/SUPDrvIDC.h 2011-09-06 15:53:27.852567531 +0200 -+++ b/vboxdrv/SUPDrvIDC.h 2011-09-06 15:54:05.420565524 +0200 -@@ -160,7 +160,7 @@ typedef struct SUPDRVIDCREQGETSYM - { - /** The symbol address. */ - PFNRT pfnSymbol; -- } Out; -+ } __no_const Out; - } u; - } SUPDRVIDCREQGETSYM; - /** Pointer to a SUPDRV IDC get symbol request. */ -diff -urp vboxnetflt.orig/include/VBox/intnet.h vboxnetflt/include/VBox/intnet.h ---- a/vboxnetflt.orig/include/VBox/intnet.h 2011-09-06 15:53:27.852567531 +0200 -+++ b/vboxnetflt/include/VBox/intnet.h 2011-09-06 15:54:05.424565524 +0200 -@@ -783,7 +783,7 @@ typedef struct INTNETTRUNKFACTORY - DECLR0CALLBACKMEMBER(int, pfnCreateAndConnect,(struct INTNETTRUNKFACTORY *pIfFactory, const char *pszName, - PINTNETTRUNKSWPORT pSwitchPort, uint32_t fFlags, - PINTNETTRUNKIFPORT *ppIfPort)); --} INTNETTRUNKFACTORY; -+} __no_const INTNETTRUNKFACTORY; - /** Pointer to the trunk factory. */ - typedef INTNETTRUNKFACTORY *PINTNETTRUNKFACTORY; - -diff -urp vboxnetflt.orig/linux/VBoxNetFlt-linux.c vboxnetflt/linux/VBoxNetFlt-linux.c ---- a/vboxnetflt.orig/linux/VBoxNetFlt-linux.c 2011-07-19 12:15:22.000000000 +0200 -+++ b/vboxnetflt/linux/VBoxNetFlt-linux.c 2011-09-06 15:56:00.516559379 +0200 -@@ -840,7 +840,7 @@ typedef struct ethtool_ops OVR_OPSTYPE; - - # else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29) */ - --typedef struct net_device_ops OVR_OPSTYPE; -+typedef net_device_ops_no_const OVR_OPSTYPE; - # define OVR_OPS netdev_ops - # define OVR_XMIT pOrgOps->ndo_start_xmit - -diff -urp vboxpci.orig/include/VBox/rawpci.h vboxpci/include/VBox/rawpci.h ---- a/vboxpci.orig/include/VBox/rawpci.h 2011-04-18 17:01:12.000000000 +0200 -+++ b/vboxpci/include/VBox/rawpci.h 2011-09-06 15:57:17.340555277 +0200 -@@ -545,7 +545,7 @@ typedef struct RAWPCIFACTORY - DECLR0CALLBACKMEMBER(void, pfnDeinitVm,(PRAWPCIFACTORY pFactory, - PVM pVM, - PRAWPCIPERVM pPciData)); --} RAWPCIFACTORY; -+} __no_const RAWPCIFACTORY; - - #define RAWPCIFACTORY_UUID_STR "ea089839-4171-476f-adfb-9e7ab1cbd0fb" - diff --git a/testing/wireguard-hardened/APKBUILD b/testing/wireguard-hardened/APKBUILD deleted file mode 100644 index 6ea31a6fdd..0000000000 --- a/testing/wireguard-hardened/APKBUILD +++ /dev/null @@ -1,62 +0,0 @@ -# Contributor: Stuart Cardall <developer@it-offshore.co.uk> -# Maintainer: Stuart Cardall <developer@it-offshore.co.uk> - -_flavor=${FLAVOR:-hardened} -_kpkg=linux-$_flavor -_kver=4.9.73 -_kpkgrel=0 - -# when changing _ver we *must* bump _mypkgrel -# we must also match up _toolsrel with wireguard-tools -_ver=0.0.20180420 -_mypkgrel=2 -_toolsrel=0 -_name=wireguard - -# verify the kernel version before entering chroot -_kapkbuild=../../linux-${_flavor}/APKBUILD -if [ -f $_kapkbuild ]; then - . $_kapkbuild - pkgname=$_name-$_flavor - [ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver" - [ "$_kpkgrel" != "$pkgrel" ] && die "please update _kpkgrel to $pkgrel" -fi - -_kpkgver="$_kver-r$_kpkgrel" -_toolsver="$_ver-r$_toolsrel" -_abi_release=${_kver}-${_kpkgrel}-${_flavor} - -pkgname=${_name}-${_flavor} -pkgver=$_kver -pkgrel=$(($_kpkgrel + $_mypkgrel)) -pkgdesc="Next generation secure network tunnel: kernel modules for $_flavor" -arch='x86 x86_64 armhf' -url='https://www.wireguard.com' -license="GPL-2.0" -depends="linux-${_flavor}=${_kpkgver}" -makedepends="linux-${_flavor}-dev=$_kpkgver libmnl-dev" -install_if="wireguard-tools=$_toolsver linux-hardened=$_kpkgver" -options="!check" -source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$_ver.tar.xz" -provides="${_name}-grsec=${_kver}-r${pkgrel}" -builddir="$srcdir"/WireGuard-$_ver - -build() { - cd "$builddir" - # only building module: see wireguard-tools for userspace - make -C src/ \ - KERNELDIR=/lib/modules/${_abi_release}/build \ - module -} - -package() { - cd "$builddir/src" - - local module= - for module in *.ko; do - install -v -D -m644 ${module} \ - "$pkgdir/lib/modules/$_abi_release/extra/${module}" - done -} - -sha512sums="19740c6678d13bbe156520d6121db2bd95c8f30891b9acbbc6af1d49079f144598f8062131ac1dfd14b830e32306bc54f2ae9608ceeec762ffde65495413a0ac WireGuard-0.0.20180420.tar.xz" |