x86: Move hardened builds from pardalote to demeter

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
2021-07-04 22:32:28 +02:00 · 2021-07-04 22:32:28 +02:00 · 0422a99519
parent 0773a936df
commit 0422a99519
9 changed files with 29 additions and 425 deletions
--- a/releases/specs/x86/hardened/admincd-stage1-openrc.spec
+++ b/releases/specs/x86/hardened/admincd-stage1-openrc.spec
@ -1,10 +1,10 @@
 subarch: i686
-version_stamp: @TIMESTAMP@
+version_stamp: hardened-openrc-@TIMESTAMP@
 target: livecd-stage1
 rel_type: hardened
 profile: default/linux/x86/17.0/hardened
 snapshot: @TIMESTAMP@
-source_subpath: hardened/stage3-i686-hardened-@TIMESTAMP@
+source_subpath: hardened/stage3-i686-hardened-openrc-@TIMESTAMP@
 compression_mode: pixz_x
 portage_confdir: @REPO_DIR@/releases/portage/isos

--- a/releases/specs/x86/hardened/admincd-stage2-openrc.spec
+++ b/releases/specs/x86/hardened/admincd-stage2-openrc.spec
@ -1,10 +1,10 @@
 subarch: i686
-version_stamp: @TIMESTAMP@
+version_stamp: hardened-openrc-@TIMESTAMP@
 target: livecd-stage2
 rel_type: hardened
 profile: default/linux/x86/17.0/hardened
 snapshot: @TIMESTAMP@
-source_subpath: hardened/livecd-stage1-i686-@TIMESTAMP@
+source_subpath: hardened/livecd-stage1-i686-hardened-openrc-@TIMESTAMP@
 portage_confdir: @REPO_DIR@/releases/portage/isos

 livecd/bootargs: dokeymap
--- a/releases/specs/x86/hardened/installcd-stage1.spec
+++ b/releases/specs/x86/hardened/installcd-stage1.spec
@ -1,86 +0,0 @@
-subarch: x86
-version_stamp: hardened-@TIMESTAMP@
-target: livecd-stage1
-rel_type: hardened
-profile: default/linux/x86/17.0/hardened
-snapshot: @TIMESTAMP@
-source_subpath: hardened/stage3-x86-hardened-@TIMESTAMP@
-compression_mode: pixz_x
-livecd/use:
-	-*
-	compile-locales
-	fbcon
-	ipv6
-	livecd
-	modules
-	ncurses
-#	nls
-	pam
-	readline
-	socks5
-	ssl
-#	unicode
-	xml
-
-livecd/packages:
-	app-accessibility/brltty
-	app-admin/hddtemp
-	app-admin/pwgen
-	app-admin/syslog-ng
-	app-arch/unzip
-	app-crypt/gnupg
-	app-editors/mg
-	app-misc/livecd-tools
-	app-misc/screen
-	app-misc/tmux
-	app-portage/mirrorselect
-	app-text/wgetpaste
-	media-gfx/fbgrab
-	net-analyzer/tcptraceroute
-	net-analyzer/traceroute
-	net-dialup/mingetty
-	net-dialup/pptpclient
-	net-dialup/rp-pppoe
-	net-fs/nfs-utils
-	net-irc/irssi
-	net-misc/dhcpcd
-	net-misc/iputils
-	net-misc/ntp
-	net-misc/rdate
-	net-misc/vconfig
-	net-proxy/dante
-	net-proxy/tsocks
-	net-wireless/wireless-tools
-	net-wireless/wpa_supplicant
-	sys-apps/ethtool
-	sys-apps/fxload
-	sys-apps/hdparm
-	sys-apps/iproute2
-	sys-apps/memtester
-	sys-apps/netplug
-	sys-block/parted
-	sys-apps/sdparm
-#	sys-block/partimage
-#	sys-block/qla-fc-firmware
-	sys-firmware/ipw2100-firmware
-	sys-firmware/ipw2200-firmware
-	sys-firmware/zd1201-firmware
-	sys-firmware/zd1211-firmware
-	sys-fs/cryptsetup
-	sys-fs/dmraid
-	sys-fs/dosfstools
-	sys-fs/e2fsprogs
-#	sys-fs/hfsplusutils
-#	sys-fs/hfsutils
-	sys-fs/jfsutils
-	sys-fs/lsscsi
-	sys-fs/lvm2
-#	sys-fs/mac-fdisk
-	sys-fs/mdadm
-#	sys-fs/multipath-tools
-	sys-fs/ntfs3g
-	sys-fs/reiserfsprogs
-	sys-fs/xfsprogs
-	sys-libs/gpm
-	sys-power/acpid
-	www-client/links
--- a/releases/specs/x86/hardened/installcd-stage2-minimal.spec
+++ b/releases/specs/x86/hardened/installcd-stage2-minimal.spec
@ -1,321 +0,0 @@
-subarch: x86
-version_stamp: hardened-@TIMESTAMP@
-target: livecd-stage2
-rel_type: hardened
-profile: default/linux/x86/17.0/hardened
-snapshot: @TIMESTAMP@
-source_subpath: hardened/livecd-stage1-x86-hardened-@TIMESTAMP@
-
-livecd/bootargs: dokeymap
-#livecd/cdtar: /usr/share/catalyst/livecd/cdtar/isolinux-elilo-memtest86+-cdtar.tar.bz2
-livecd/fstype: squashfs
-livecd/iso: install-x86-minimal-@TIMESTAMP@.iso
-livecd/type: gentoo-release-minimal
-livecd/volid: Gentoo x86 @TIMESTAMP@
-
-boot/kernel: gentoo
-
-boot/kernel/gentoo/sources: gentoo-sources
-boot/kernel/gentoo/config: @REPO_DIR@/releases/kconfig/x86/hardened/installcd-2.6.38.config
-boot/kernel/gentoo/use:
-	-*
-	alsa
-	alsa_pcm_plugins_adpcm
-	alsa_pcm_plugins_alaw
-	alsa_pcm_plugins_asym
-	alsa_pcm_plugins_copy
-	alsa_pcm_plugins_dmix
-	alsa_pcm_plugins_dshare
-	alsa_pcm_plugins_dsnoop
-	alsa_pcm_plugins_empty
-	alsa_pcm_plugins_extplug
-	alsa_pcm_plugins_file
-	alsa_pcm_plugins_hooks
-	alsa_pcm_plugins_iec958
-	alsa_pcm_plugins_ioplug
-	alsa_pcm_plugins_ladspa
-	alsa_pcm_plugins_lfloat
-	alsa_pcm_plugins_linear
-	alsa_pcm_plugins_meter
-	alsa_pcm_plugins_mmap_emul
-	alsa_pcm_plugins_mulaw
-	alsa_pcm_plugins_multi
-	alsa_pcm_plugins_null
-	alsa_pcm_plugins_plug
-	alsa_pcm_plugins_rate
-	alsa_pcm_plugins_route
-	alsa_pcm_plugins_share
-	alsa_pcm_plugins_shm
-	alsa_pcm_plugins_softvol
-	atm
-	fbcon
-	ipv6
-	livecd
-	midi
-	modules
-	ncurses
-#	nls
-	nptl
-	pam
-	png
-	readline
-	socks5
-	ssl
-	truetype
-#	unicode
-	usb
-
-boot/kernel/gentoo/packages:
-### These need to be added for software speech.
-	app-accessibility/espeakup
-	media-libs/alsa-oss
-	media-sound/alsa-utils
-	net-dialup/slmodem
-	net-wireless/hostap-utils
-#	net-dialup/fritzcapi
-#	net-dialup/fcdsl
-	sys-apps/pcmciautils
-	sys-kernel/linux-firmware
-
-livecd/unmerge:
-	app-admin/eselect
-	app-admin/eselect-ctags
-	app-admin/eselect-vi
-	app-admin/perl-cleaner
-	app-admin/python-updater
-	app-arch/cpio
-	dev-libs/gmp
-	dev-libs/libxml2
-	dev-libs/mpfr
-	dev-libs/popt
-	dev-python/pycrypto
-	dev-util/pkgconfig
-	net-misc/rsync
-	perl-core/PodParser
-	perl-core/Test-Harness
-	sys-apps/debianutils
-	sys-apps/diffutils
-	sys-apps/file
-	sys-apps/groff
-	sys-apps/man-db
-	sys-apps/man-pages
-	sys-apps/miscfiles
-	sys-apps/sandbox
-	sys-apps/texinfo
-	sys-devel/autoconf
-	sys-devel/autoconf-wrapper
-	sys-devel/automake
-	sys-devel/automake-wrapper
-	sys-devel/binutils
-	sys-devel/binutils-config
-	sys-devel/bison
-	sys-devel/flex
-	sys-devel/gcc
-	sys-devel/gcc-config
-	sys-devel/gettext
-	sys-devel/gnuconfig
-	sys-devel/libtool
-	sys-devel/m4
-	sys-devel/make
-	sys-devel/patch
-	sys-libs/db
-	sys-libs/gdbm
-	sys-kernel/genkernel
-	sys-kernel/linux-headers
-
-livecd/empty:
-	/boot
-	/etc/cron.daily
-	/etc/cron.hourly
-	/etc/cron.monthly
-	/etc/cron.weekly
-	/etc/logrotate.d
-	/etc/modules.autoload.d
-	/etc/rsync
-	/etc/runlevels/single
-	/etc/skel
-	/lib/dev-state
-	/lib/udev-state
-	/lib64/dev-state
-	/lib64/udev-state
-	/root/.ccache
-	/tmp
-	/usr/diet/include
-	/usr/diet/man
-	/usr/include
-	/usr/i?86-gentoo-linux-uclibc
-	/usr/i?86-pc-linux-gnu
-	/usr/i?86-pc-linux-uclibc
-	/usr/lib/X11/config
-	/usr/lib/X11/doc
-	/usr/lib/X11/etc
-	/usr/lib/awk
-	/usr/lib/ccache
-	/usr/lib/gcc-config
-	/usr/lib/nfs
-	/usr/lib/perl5/site_perl
-	/usr/lib/portage
-	/usr/lib64/X11/config
-	/usr/lib64/X11/doc
-	/usr/lib64/X11/etc
-	/usr/lib64/awk
-	/usr/lib64/ccache
-	/usr/lib64/gcc-config
-	/usr/lib64/nfs
-	/usr/lib64/perl5/site_perl
-	/usr/lib64/portage
-	/usr/local
-	/usr/portage
-	/usr/powerpc-unknown-linux-gnu
-	/usr/powerpc64-unknown-linux-gnu
-	/usr/share/aclocal
-	/usr/share/baselayout
-	/usr/share/binutils-data
-	/usr/share/consolefonts/partialfonts
-	/usr/share/consoletrans
-	/usr/share/dict
-	/usr/share/doc
-	/usr/share/emacs
-	/usr/share/et
-	/usr/share/gcc-data
-	/usr/share/genkernel
-	/usr/share/gettext
-	/usr/share/glib-2.0
-	/usr/share/gnuconfig
-	/usr/share/gtk-doc
-	/usr/share/i18n
-	/usr/share/info
-	/usr/share/lcms
-	/usr/share/libtool
-	/usr/share/locale
-	/usr/share/man
-	/usr/share/rfc
-	/usr/share/ss
-	/usr/share/state
-	/usr/share/texinfo
-	/usr/share/unimaps
-	/usr/share/zoneinfo
-	/usr/sparc-unknown-linux-gnu
-	/usr/src
-	/usr/x86_64-pc-linux-gnu
-	/var/cache
-	/var/empty
-	/var/lib/portage
-	/var/lock
-	/var/log
-	/var/run
-	/var/spool
-	/var/state
-	/var/tmp
-
-livecd/rm:
-	/boot/System*
-	/boot/initr*
-	/boot/kernel*
-	/etc/*-
-	/etc/*.old
-	/etc/default/audioctl
-	/etc/dispatch-conf.conf
-	/etc/env.d/05binutils
-	/etc/env.d/05gcc
-	/etc/etc-update.conf
-	/etc/hosts.bck
-	/etc/issue*
-	/etc/genkernel.conf
-	/etc/make.conf*
-	/etc/make.globals
-	/etc/make.profile
-	/etc/man.conf
-	/etc/resolv.conf
-	/lib*/*.a
-	/lib*/*.la
-	/lib*/cpp
-	/root/.bash_history
-	/root/.viminfo
-	/sbin/*.static
-	/sbin/fsck.cramfs
-	/sbin/fsck.minix
-	/sbin/mkfs.bfs
-	/sbin/mkfs.cramfs
-	/sbin/mkfs.minix
-	/usr/bin/addr2line
-	/usr/bin/ar
-	/usr/bin/as
-	/usr/bin/audioctl
-	/usr/bin/c++*
-	/usr/bin/cc
-	/usr/bin/cjpeg
-	/usr/bin/cpp
-	/usr/bin/djpeg
-	/usr/bin/ebuild
-	/usr/bin/egencache
-	/usr/bin/emerge
-	/usr/bin/emerge-webrsync
-	/usr/bin/emirrordist
-	/usr/bin/elftoaout
-	/usr/bin/f77
-	/usr/bin/g++*
-	/usr/bin/g77
-	/usr/bin/gcc*
-	/usr/bin/genkernel
-	/usr/bin/gprof
-	/usr/bin/i?86-gentoo-linux-uclibc-*
-	/usr/bin/i?86-pc-linux-*
-	/usr/bin/jpegtran
-	/usr/bin/ld
-	/usr/bin/libpng*
-	/usr/bin/nm
-	/usr/bin/objcopy
-	/usr/bin/objdump
-	/usr/bin/piggyback*
-	/usr/bin/portageq
-	/usr/bin/ranlib
-	/usr/bin/readelf
-	/usr/bin/repoman
-	/usr/bin/size
-	/usr/bin/powerpc-unknown-linux-gnu-*
-	/usr/bin/powerpc64-unknown-linux-gnu-*
-	/usr/bin/sparc-unknown-linux-gnu-*
-	/usr/bin/sparc64-unknown-linux-gnu-*
-	/usr/bin/strings
-	/usr/bin/strip
-	/usr/bin/tbz2tool
-	/usr/bin/x86_64-pc-linux-gnu-*
-	/usr/bin/xpak
-	/usr/bin/yacc
-	/usr/lib*/*.a
-	/usr/lib*/*.la
-	/usr/lib*/perl5/site_perl
-	/usr/lib*/gcc-lib/*/*/libgcj*
-	/usr/sbin/archive-conf
-	/usr/sbin/dispatch-conf
-	/usr/sbin/emaint
-	/usr/sbin/env-update
-	/usr/sbin/etc-update
-	/usr/sbin/fb*
-	/usr/sbin/fixpackages
-	/usr/sbin/quickpkg
-	/usr/sbin/regenworld
-	/usr/share/consolefonts/1*
-	/usr/share/consolefonts/7*
-	/usr/share/consolefonts/8*
-	/usr/share/consolefonts/9*
-	/usr/share/consolefonts/A*
-	/usr/share/consolefonts/C*
-	/usr/share/consolefonts/E*
-	/usr/share/consolefonts/G*
-	/usr/share/consolefonts/L*
-	/usr/share/consolefonts/M*
-	/usr/share/consolefonts/R*
-	/usr/share/consolefonts/a*
-	/usr/share/consolefonts/c*
-	/usr/share/consolefonts/dr*
-	/usr/share/consolefonts/g*
-	/usr/share/consolefonts/i*
-	/usr/share/consolefonts/k*
-	/usr/share/consolefonts/l*
-	/usr/share/consolefonts/r*
-	/usr/share/consolefonts/s*
-	/usr/share/consolefonts/t*
-	/usr/share/consolefonts/v*
-	/usr/share/misc/*.old
--- a/releases/specs/x86/hardened/stage1-openrc.spec
+++ b/releases/specs/x86/hardened/stage1-openrc.spec
@ -1,10 +1,10 @@
 subarch: i686
 target: stage1
-version_stamp: hardened-@TIMESTAMP@
+version_stamp: hardened-openrc-@TIMESTAMP@
 rel_type: hardened
 profile: default/linux/x86/17.0/hardened
 snapshot: @TIMESTAMP@
-source_subpath: hardened/stage3-i686-hardened-latest
+source_subpath: hardened/stage3-i686-hardened-openrc-latest
 compression_mode: pixz_x
 update_seed: yes
 update_seed_command: --update --deep --newuse @world
--- a/releases/specs/x86/hardened/stage2-openrc.spec
+++ b/releases/specs/x86/hardened/stage2-openrc.spec
@ -1,10 +1,10 @@
 subarch: i686
 target: stage2
-version_stamp: hardened-@TIMESTAMP@
+version_stamp: hardened-openrc-@TIMESTAMP@
 rel_type: hardened
 profile: default/linux/x86/17.0/hardened
 snapshot: @TIMESTAMP@
-source_subpath: hardened/stage1-i686-hardened-@TIMESTAMP@
+source_subpath: hardened/stage1-i686-hardened-openrc-@TIMESTAMP@
 compression_mode: pixz_x
 portage_confdir: @REPO_DIR@/releases/portage/stages
 portage_prefix: releng
--- a/releases/specs/x86/hardened/stage3-openrc.spec
+++ b/releases/specs/x86/hardened/stage3-openrc.spec
@ -1,10 +1,10 @@
 subarch: i686
 target: stage3
-version_stamp: hardened-@TIMESTAMP@
+version_stamp: hardened-openrc-@TIMESTAMP@
 rel_type: hardened
 profile: default/linux/x86/17.0/hardened
 snapshot: @TIMESTAMP@
-source_subpath: hardened/stage2-i686-hardened-@TIMESTAMP@
+source_subpath: hardened/stage2-i686-hardened-openrc-@TIMESTAMP@
 compression_mode: pixz_x
 portage_confdir: @REPO_DIR@/releases/portage/stages
 portage_prefix: releng
--- a/tools/catalyst-auto-x86-demeter.conf
+++ b/tools/catalyst-auto-x86-demeter.conf
@ -15,6 +15,7 @@ SETS="
 	i486_openrc
 	i686_openrc
 	i686_systemd
+	hardened_openrc
 "

 SET_i486_openrc_SPECS="i486/stage1-openrc.spec i486/stage2-openrc.spec i486/stage3-openrc.spec"
@ -23,13 +24,16 @@ SET_i486_openrc_OPTIONAL_SPECS="i486/installcd-stage1-openrc.spec i486/installcd
 SET_i686_openrc_SPECS="i686/stage1-openrc.spec i686/stage2-openrc.spec i686/stage3-openrc.spec"
 SET_i686_systemd_SPECS="i686/stage1-systemd.spec i686/stage2-systemd.spec i686/stage3-systemd.spec"

+SET_hardened_openrc_SPECS="hardened/stage1-openrc.spec hardened/stage2-openrc.spec hardened/stage3-openrc.spec"
+SET_hardened_openrc_OPTIONAL_SPECS="hardened/admincd-stage1-openrc.spec hardened/admincd-stage2-openrc.spec"
+
 KCONFIG_DIR=${REPO_DIR}/releases/kconfig/x86

 EXTENSIONS="@(.tar.xz|.tar.bz2|.tar.gz|.tar|.sfs)"

 update_symlinks() {
 	# Symlink the latest stages3 to build from
-	for d in ${BUILD_SRCDIR_BASE}/builds/default ; do
+	for d in ${BUILD_SRCDIR_BASE}/builds/{default,hardened} ; do
 		pushd "${d}" >/dev/null || exit
 		shopt -s extglob
 		for f in $(ls stage3*${EXTENSIONS} | grep -v latest | give_latest_from_dates ) ; do
@ -51,9 +55,9 @@ update_symlinks() {

 post_build() {
 	local set=$1 spec=$2
+	UPLOAD_DEST=${BUILD_DESTDIR_BASE}

 	pushd ${BUILD_SRCDIR_BASE}/builds/default >/dev/null || exit
-	UPLOAD_DEST=${BUILD_DESTDIR_BASE}
 	case ${spec} in
 	i486/stage3-openrc.spec)
 		upload stage3-i486-openrc-${TIMESTAMP}.tar.xz*
@ -69,6 +73,17 @@ post_build() {
 		;;
 	esac
 	popd >/dev/null || exit
+
+	pushd ${BUILD_SRCDIR_BASE}/builds/hardened >/dev/null || exit
+	case ${spec} in
+	hardened/stage3-openrc.spec)
+		upload stage3-i686-hardened-openrc-${TIMESTAMP}.tar.xz*
+		;;
+	hardened/admincd-stage2-openrc.spec)
+		upload admincd-x86-hardened-openrc-${TIMESTAMP}.iso*
+		;;
+	esac
+	popd >/dev/null || exit
 }

 # vim:ft=sh:
--- a/tools/catalyst-auto-x86.conf
+++ b/tools/catalyst-auto-x86.conf
@ -11,12 +11,8 @@ source /etc/catalyst/release/build.env

 SPECS_DIR=${REPO_DIR}/releases/specs/x86

-SETS="
-	hardened
-"
-
-SET_hardened_SPECS="hardened/stage1.spec hardened/stage2.spec hardened/stage3.spec"
-SET_hardened_OPTIONAL_SPECS="hardened/admincd-stage1.spec hardened/admincd-stage2.spec"
+SETS=""
+SPECS="nosuchfile.spec"

 KCONFIG_DIR=${REPO_DIR}/releases/kconfig/x86