summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--testing/ipt-netflow-grsec/APKBUILD75
-rw-r--r--testing/ipt-netflow-grsec/constify.patch35
2 files changed, 110 insertions, 0 deletions
diff --git a/testing/ipt-netflow-grsec/APKBUILD b/testing/ipt-netflow-grsec/APKBUILD
new file mode 100644
index 000000000..e66568d35
--- /dev/null
+++ b/testing/ipt-netflow-grsec/APKBUILD
@@ -0,0 +1,75 @@
+# Contributor:
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=grsec
+_kpkg=linux-$_flavor
+_kver=3.8.6
+_kpkgrel=0
+
+# when chaning _ver we *must* bump _mypkgrel
+_ver=1.8.4
+
+_mypkgrel=0
+
+# verify the kernel version before entering chroot
+if [ -f ../linux-${_flavor}/APKBUILD ]; then
+ . ../linux-${_flavor}/APKBUILD
+ pkgname=ipt-netflow-${_flavor}
+ [ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver"
+ [ "$_kpkgrel" != "$pkgrel" ] && die "please update _kpkgrel to $pkgrel"
+fi
+
+_kpkgver="$_kver-r$_kpkgrel"
+_abi_release=${_kver}-${_kpkgrel}-${_flavor}
+
+pkgname=ipt-netflow-${_flavor}
+pkgver=$_kver
+
+pkgrel=$(( $_kpkgrel + $_mypkgrel ))
+pkgdesc="Linux kernel netflow sensor module"
+url="http://ipt-netflow.sourceforge.net/"
+arch="all"
+license=GPL-2
+source="ipt-netflow-$_ver.tar.gz::https://github.com/RushOnline/ipt-netflow/archive/v$_ver.tar.gz
+ constify.patch"
+depends="$_kpkg-dev=$_kpkgver"
+makedepends="linux-${_flavor}-dev iptables-dev bash"
+
+_builddir="$srcdir"/ipt-netflow-$_ver
+prepare() {
+ cd "$_builddir"
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
+build() {
+ cd "$_builddir"
+ export GCC_SPECS=/usr/share/gcc/hardenednopie.specs
+ ./configure --kver=$_abi_release \
+ --ipt-inc=/usr/include/libiptc \
+ || return 1
+ make ipt_NETFLOW.ko
+
+ # verify that it was built with constify:
+ strings ipt_NETFLOW.ko | grep '^vermagic=.*CONSTIFY_PLUGIN' || return 1
+}
+
+package() {
+ cd "$_builddir"
+ make -j1 minstall DESTDIR="$pkgdir" || return 1
+}
+
+# override dev() from kernel's APKBUILD
+dev() {
+ default_dev
+}
+
+md5sums="a5d564dd5f30d5b61a93decf29e3a208 ipt-netflow-1.8.4.tar.gz
+2d9335c3d5c32c1e18a67fbb83018bae constify.patch"
+sha256sums="bb2446a0b16aa7f6052599410c2b4ce184d40893ec2ca12756f3bcb341890f43 ipt-netflow-1.8.4.tar.gz
+5a86c64bdc536bddb780ebaa4aa5fe3bede93d645ed0f00afb41f23314662d1f constify.patch"
+sha512sums="e15ad33b4b3df9e1e53fbac6334dbe08802d66f4850cbf489d7a60184cdb47d94448ae13480d586474a6bec6204680d059543b619ae40a0f74fad22fed1b024a ipt-netflow-1.8.4.tar.gz
+08835d3de5925d868b70c240e65094a9262c5871d7ca0290001697cf8b7cee74bfc8ac2897b30c3d5ec89700b329d30b539699596f15c1150e18a85234484758 constify.patch"
diff --git a/testing/ipt-netflow-grsec/constify.patch b/testing/ipt-netflow-grsec/constify.patch
new file mode 100644
index 000000000..b92ed76a6
--- /dev/null
+++ b/testing/ipt-netflow-grsec/constify.patch
@@ -0,0 +1,35 @@
+--- ./ipt_NETFLOW.c.orig 2013-04-12 14:18:39.176959425 +0000
++++ ./ipt_NETFLOW.c 2013-04-12 14:23:29.779638950 +0000
+@@ -367,8 +367,13 @@
+ #define BEFORE2632(x,y)
+ #endif
+
++/* PAX need to know that we are allowed to write */
++#ifndef CONSTIFY_PLUGIN
++#define ctl_table_no_const ctl_table
++#endif
++
+ /* sysctl /proc/sys/net/netflow */
+-static int hsize_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
++static int hsize_procctl(ctl_table_no_const *ctl, int write, BEFORE2632(struct file *filp,)
+ void __user *buffer, size_t *lenp, loff_t *fpos)
+ {
+ void *orig = ctl->data;
+@@ -386,7 +391,7 @@
+ return ret;
+ }
+
+-static int sndbuf_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
++static int sndbuf_procctl(ctl_table_no_const *ctl, int write, BEFORE2632(struct file *filp,)
+ void __user *buffer, size_t *lenp, loff_t *fpos)
+ {
+ int ret;
+@@ -446,7 +451,7 @@
+ return ret;
+ }
+
+-static int flush_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
++static int flush_procctl(ctl_table_no_const *ctl, int write, BEFORE2632(struct file *filp,)
+ void __user *buffer, size_t *lenp, loff_t *fpos)
+ {
+ int ret;