From 0422a99519805880834ec00ef75fb52a838c2032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= Date: Sun, 4 Jul 2021 22:32:28 +0200 Subject: [PATCH] x86: Move hardened builds from pardalote to demeter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas K. Hüttel --- ...stage1.spec => admincd-stage1-openrc.spec} | 4 +- ...stage2.spec => admincd-stage2-openrc.spec} | 4 +- .../specs/x86/hardened/installcd-stage1.spec | 86 ----- .../hardened/installcd-stage2-minimal.spec | 321 ------------------ .../{stage1.spec => stage1-openrc.spec} | 4 +- .../{stage2.spec => stage2-openrc.spec} | 4 +- .../{stage3.spec => stage3-openrc.spec} | 4 +- tools/catalyst-auto-x86-demeter.conf | 19 +- tools/catalyst-auto-x86.conf | 8 +- 9 files changed, 29 insertions(+), 425 deletions(-) rename releases/specs/x86/hardened/{admincd-stage1.spec => admincd-stage1-openrc.spec} (97%) rename releases/specs/x86/hardened/{admincd-stage2.spec => admincd-stage2-openrc.spec} (97%) delete mode 100644 releases/specs/x86/hardened/installcd-stage1.spec delete mode 100644 releases/specs/x86/hardened/installcd-stage2-minimal.spec rename releases/specs/x86/hardened/{stage1.spec => stage1-openrc.spec} (73%) rename releases/specs/x86/hardened/{stage2.spec => stage2-openrc.spec} (66%) rename releases/specs/x86/hardened/{stage3.spec => stage3-openrc.spec} (66%) diff --git a/releases/specs/x86/hardened/admincd-stage1.spec b/releases/specs/x86/hardened/admincd-stage1-openrc.spec similarity index 97% rename from releases/specs/x86/hardened/admincd-stage1.spec rename to releases/specs/x86/hardened/admincd-stage1-openrc.spec index 7ce6cbf8..e38a8ccc 100644 --- a/releases/specs/x86/hardened/admincd-stage1.spec +++ b/releases/specs/x86/hardened/admincd-stage1-openrc.spec @@ -1,10 +1,10 @@ subarch: i686 -version_stamp: @TIMESTAMP@ +version_stamp: hardened-openrc-@TIMESTAMP@ target: livecd-stage1 rel_type: hardened profile: default/linux/x86/17.0/hardened snapshot: @TIMESTAMP@ -source_subpath: hardened/stage3-i686-hardened-@TIMESTAMP@ +source_subpath: hardened/stage3-i686-hardened-openrc-@TIMESTAMP@ compression_mode: pixz_x portage_confdir: @REPO_DIR@/releases/portage/isos diff --git a/releases/specs/x86/hardened/admincd-stage2.spec b/releases/specs/x86/hardened/admincd-stage2-openrc.spec similarity index 97% rename from releases/specs/x86/hardened/admincd-stage2.spec rename to releases/specs/x86/hardened/admincd-stage2-openrc.spec index f553cd9b..74867913 100644 --- a/releases/specs/x86/hardened/admincd-stage2.spec +++ b/releases/specs/x86/hardened/admincd-stage2-openrc.spec @@ -1,10 +1,10 @@ subarch: i686 -version_stamp: @TIMESTAMP@ +version_stamp: hardened-openrc-@TIMESTAMP@ target: livecd-stage2 rel_type: hardened profile: default/linux/x86/17.0/hardened snapshot: @TIMESTAMP@ -source_subpath: hardened/livecd-stage1-i686-@TIMESTAMP@ +source_subpath: hardened/livecd-stage1-i686-hardened-openrc-@TIMESTAMP@ portage_confdir: @REPO_DIR@/releases/portage/isos livecd/bootargs: dokeymap diff --git a/releases/specs/x86/hardened/installcd-stage1.spec b/releases/specs/x86/hardened/installcd-stage1.spec deleted file mode 100644 index fa629e5e..00000000 --- a/releases/specs/x86/hardened/installcd-stage1.spec +++ /dev/null @@ -1,86 +0,0 @@ -subarch: x86 -version_stamp: hardened-@TIMESTAMP@ -target: livecd-stage1 -rel_type: hardened -profile: default/linux/x86/17.0/hardened -snapshot: @TIMESTAMP@ -source_subpath: hardened/stage3-x86-hardened-@TIMESTAMP@ -compression_mode: pixz_x -livecd/use: - -* - compile-locales - fbcon - ipv6 - livecd - modules - ncurses -# nls - pam - readline - socks5 - ssl -# unicode - xml - -livecd/packages: - app-accessibility/brltty - app-admin/hddtemp - app-admin/pwgen - app-admin/syslog-ng - app-arch/unzip - app-crypt/gnupg - app-editors/mg - app-misc/livecd-tools - app-misc/screen - app-misc/tmux - app-portage/mirrorselect - app-text/wgetpaste - media-gfx/fbgrab - net-analyzer/tcptraceroute - net-analyzer/traceroute - net-dialup/mingetty - net-dialup/pptpclient - net-dialup/rp-pppoe - net-fs/nfs-utils - net-irc/irssi - net-misc/dhcpcd - net-misc/iputils - net-misc/ntp - net-misc/rdate - net-misc/vconfig - net-proxy/dante - net-proxy/tsocks - net-wireless/wireless-tools - net-wireless/wpa_supplicant - sys-apps/ethtool - sys-apps/fxload - sys-apps/hdparm - sys-apps/iproute2 - sys-apps/memtester - sys-apps/netplug - sys-block/parted - sys-apps/sdparm -# sys-block/partimage -# sys-block/qla-fc-firmware - sys-firmware/ipw2100-firmware - sys-firmware/ipw2200-firmware - sys-firmware/zd1201-firmware - sys-firmware/zd1211-firmware - sys-fs/cryptsetup - sys-fs/dmraid - sys-fs/dosfstools - sys-fs/e2fsprogs -# sys-fs/hfsplusutils -# sys-fs/hfsutils - sys-fs/jfsutils - sys-fs/lsscsi - sys-fs/lvm2 -# sys-fs/mac-fdisk - sys-fs/mdadm -# sys-fs/multipath-tools - sys-fs/ntfs3g - sys-fs/reiserfsprogs - sys-fs/xfsprogs - sys-libs/gpm - sys-power/acpid - www-client/links diff --git a/releases/specs/x86/hardened/installcd-stage2-minimal.spec b/releases/specs/x86/hardened/installcd-stage2-minimal.spec deleted file mode 100644 index 79b4bd7f..00000000 --- a/releases/specs/x86/hardened/installcd-stage2-minimal.spec +++ /dev/null @@ -1,321 +0,0 @@ -subarch: x86 -version_stamp: hardened-@TIMESTAMP@ -target: livecd-stage2 -rel_type: hardened -profile: default/linux/x86/17.0/hardened -snapshot: @TIMESTAMP@ -source_subpath: hardened/livecd-stage1-x86-hardened-@TIMESTAMP@ - -livecd/bootargs: dokeymap -#livecd/cdtar: /usr/share/catalyst/livecd/cdtar/isolinux-elilo-memtest86+-cdtar.tar.bz2 -livecd/fstype: squashfs -livecd/iso: install-x86-minimal-@TIMESTAMP@.iso -livecd/type: gentoo-release-minimal -livecd/volid: Gentoo x86 @TIMESTAMP@ - -boot/kernel: gentoo - -boot/kernel/gentoo/sources: gentoo-sources -boot/kernel/gentoo/config: @REPO_DIR@/releases/kconfig/x86/hardened/installcd-2.6.38.config -boot/kernel/gentoo/use: - -* - alsa - alsa_pcm_plugins_adpcm - alsa_pcm_plugins_alaw - alsa_pcm_plugins_asym - alsa_pcm_plugins_copy - alsa_pcm_plugins_dmix - alsa_pcm_plugins_dshare - alsa_pcm_plugins_dsnoop - alsa_pcm_plugins_empty - alsa_pcm_plugins_extplug - alsa_pcm_plugins_file - alsa_pcm_plugins_hooks - alsa_pcm_plugins_iec958 - alsa_pcm_plugins_ioplug - alsa_pcm_plugins_ladspa - alsa_pcm_plugins_lfloat - alsa_pcm_plugins_linear - alsa_pcm_plugins_meter - alsa_pcm_plugins_mmap_emul - alsa_pcm_plugins_mulaw - alsa_pcm_plugins_multi - alsa_pcm_plugins_null - alsa_pcm_plugins_plug - alsa_pcm_plugins_rate - alsa_pcm_plugins_route - alsa_pcm_plugins_share - alsa_pcm_plugins_shm - alsa_pcm_plugins_softvol - atm - fbcon - ipv6 - livecd - midi - modules - ncurses -# nls - nptl - pam - png - readline - socks5 - ssl - truetype -# unicode - usb - -boot/kernel/gentoo/packages: -### These need to be added for software speech. - app-accessibility/espeakup - media-libs/alsa-oss - media-sound/alsa-utils - net-dialup/slmodem - net-wireless/hostap-utils -# net-dialup/fritzcapi -# net-dialup/fcdsl - sys-apps/pcmciautils - sys-kernel/linux-firmware - -livecd/unmerge: - app-admin/eselect - app-admin/eselect-ctags - app-admin/eselect-vi - app-admin/perl-cleaner - app-admin/python-updater - app-arch/cpio - dev-libs/gmp - dev-libs/libxml2 - dev-libs/mpfr - dev-libs/popt - dev-python/pycrypto - dev-util/pkgconfig - net-misc/rsync - perl-core/PodParser - perl-core/Test-Harness - sys-apps/debianutils - sys-apps/diffutils - sys-apps/file - sys-apps/groff - sys-apps/man-db - sys-apps/man-pages - sys-apps/miscfiles - sys-apps/sandbox - sys-apps/texinfo - sys-devel/autoconf - sys-devel/autoconf-wrapper - sys-devel/automake - sys-devel/automake-wrapper - sys-devel/binutils - sys-devel/binutils-config - sys-devel/bison - sys-devel/flex - sys-devel/gcc - sys-devel/gcc-config - sys-devel/gettext - sys-devel/gnuconfig - sys-devel/libtool - sys-devel/m4 - sys-devel/make - sys-devel/patch - sys-libs/db - sys-libs/gdbm - sys-kernel/genkernel - sys-kernel/linux-headers - -livecd/empty: - /boot - /etc/cron.daily - /etc/cron.hourly - /etc/cron.monthly - /etc/cron.weekly - /etc/logrotate.d - /etc/modules.autoload.d - /etc/rsync - /etc/runlevels/single - /etc/skel - /lib/dev-state - /lib/udev-state - /lib64/dev-state - /lib64/udev-state - /root/.ccache - /tmp - /usr/diet/include - /usr/diet/man - /usr/include - /usr/i?86-gentoo-linux-uclibc - /usr/i?86-pc-linux-gnu - /usr/i?86-pc-linux-uclibc - /usr/lib/X11/config - /usr/lib/X11/doc - /usr/lib/X11/etc - /usr/lib/awk - /usr/lib/ccache - /usr/lib/gcc-config - /usr/lib/nfs - /usr/lib/perl5/site_perl - /usr/lib/portage - /usr/lib64/X11/config - /usr/lib64/X11/doc - /usr/lib64/X11/etc - /usr/lib64/awk - /usr/lib64/ccache - /usr/lib64/gcc-config - /usr/lib64/nfs - /usr/lib64/perl5/site_perl - /usr/lib64/portage - /usr/local - /usr/portage - /usr/powerpc-unknown-linux-gnu - /usr/powerpc64-unknown-linux-gnu - /usr/share/aclocal - /usr/share/baselayout - /usr/share/binutils-data - /usr/share/consolefonts/partialfonts - /usr/share/consoletrans - /usr/share/dict - /usr/share/doc - /usr/share/emacs - /usr/share/et - /usr/share/gcc-data - /usr/share/genkernel - /usr/share/gettext - /usr/share/glib-2.0 - /usr/share/gnuconfig - /usr/share/gtk-doc - /usr/share/i18n - /usr/share/info - /usr/share/lcms - /usr/share/libtool - /usr/share/locale - /usr/share/man - /usr/share/rfc - /usr/share/ss - /usr/share/state - /usr/share/texinfo - /usr/share/unimaps - /usr/share/zoneinfo - /usr/sparc-unknown-linux-gnu - /usr/src - /usr/x86_64-pc-linux-gnu - /var/cache - /var/empty - /var/lib/portage - /var/lock - /var/log - /var/run - /var/spool - /var/state - /var/tmp - -livecd/rm: - /boot/System* - /boot/initr* - /boot/kernel* - /etc/*- - /etc/*.old - /etc/default/audioctl - /etc/dispatch-conf.conf - /etc/env.d/05binutils - /etc/env.d/05gcc - /etc/etc-update.conf - /etc/hosts.bck - /etc/issue* - /etc/genkernel.conf - /etc/make.conf* - /etc/make.globals - /etc/make.profile - /etc/man.conf - /etc/resolv.conf - /lib*/*.a - /lib*/*.la - /lib*/cpp - /root/.bash_history - /root/.viminfo - /sbin/*.static - /sbin/fsck.cramfs - /sbin/fsck.minix - /sbin/mkfs.bfs - /sbin/mkfs.cramfs - /sbin/mkfs.minix - /usr/bin/addr2line - /usr/bin/ar - /usr/bin/as - /usr/bin/audioctl - /usr/bin/c++* - /usr/bin/cc - /usr/bin/cjpeg - /usr/bin/cpp - /usr/bin/djpeg - /usr/bin/ebuild - /usr/bin/egencache - /usr/bin/emerge - /usr/bin/emerge-webrsync - /usr/bin/emirrordist - /usr/bin/elftoaout - /usr/bin/f77 - /usr/bin/g++* - /usr/bin/g77 - /usr/bin/gcc* - /usr/bin/genkernel - /usr/bin/gprof - /usr/bin/i?86-gentoo-linux-uclibc-* - /usr/bin/i?86-pc-linux-* - /usr/bin/jpegtran - /usr/bin/ld - /usr/bin/libpng* - /usr/bin/nm - /usr/bin/objcopy - /usr/bin/objdump - /usr/bin/piggyback* - /usr/bin/portageq - /usr/bin/ranlib - /usr/bin/readelf - /usr/bin/repoman - /usr/bin/size - /usr/bin/powerpc-unknown-linux-gnu-* - /usr/bin/powerpc64-unknown-linux-gnu-* - /usr/bin/sparc-unknown-linux-gnu-* - /usr/bin/sparc64-unknown-linux-gnu-* - /usr/bin/strings - /usr/bin/strip - /usr/bin/tbz2tool - /usr/bin/x86_64-pc-linux-gnu-* - /usr/bin/xpak - /usr/bin/yacc - /usr/lib*/*.a - /usr/lib*/*.la - /usr/lib*/perl5/site_perl - /usr/lib*/gcc-lib/*/*/libgcj* - /usr/sbin/archive-conf - /usr/sbin/dispatch-conf - /usr/sbin/emaint - /usr/sbin/env-update - /usr/sbin/etc-update - /usr/sbin/fb* - /usr/sbin/fixpackages - /usr/sbin/quickpkg - /usr/sbin/regenworld - /usr/share/consolefonts/1* - /usr/share/consolefonts/7* - /usr/share/consolefonts/8* - /usr/share/consolefonts/9* - /usr/share/consolefonts/A* - /usr/share/consolefonts/C* - /usr/share/consolefonts/E* - /usr/share/consolefonts/G* - /usr/share/consolefonts/L* - /usr/share/consolefonts/M* - /usr/share/consolefonts/R* - /usr/share/consolefonts/a* - /usr/share/consolefonts/c* - /usr/share/consolefonts/dr* - /usr/share/consolefonts/g* - /usr/share/consolefonts/i* - /usr/share/consolefonts/k* - /usr/share/consolefonts/l* - /usr/share/consolefonts/r* - /usr/share/consolefonts/s* - /usr/share/consolefonts/t* - /usr/share/consolefonts/v* - /usr/share/misc/*.old diff --git a/releases/specs/x86/hardened/stage1.spec b/releases/specs/x86/hardened/stage1-openrc.spec similarity index 73% rename from releases/specs/x86/hardened/stage1.spec rename to releases/specs/x86/hardened/stage1-openrc.spec index de8cba3d..4519abca 100644 --- a/releases/specs/x86/hardened/stage1.spec +++ b/releases/specs/x86/hardened/stage1-openrc.spec @@ -1,10 +1,10 @@ subarch: i686 target: stage1 -version_stamp: hardened-@TIMESTAMP@ +version_stamp: hardened-openrc-@TIMESTAMP@ rel_type: hardened profile: default/linux/x86/17.0/hardened snapshot: @TIMESTAMP@ -source_subpath: hardened/stage3-i686-hardened-latest +source_subpath: hardened/stage3-i686-hardened-openrc-latest compression_mode: pixz_x update_seed: yes update_seed_command: --update --deep --newuse @world diff --git a/releases/specs/x86/hardened/stage2.spec b/releases/specs/x86/hardened/stage2-openrc.spec similarity index 66% rename from releases/specs/x86/hardened/stage2.spec rename to releases/specs/x86/hardened/stage2-openrc.spec index d9007708..894b9fc1 100644 --- a/releases/specs/x86/hardened/stage2.spec +++ b/releases/specs/x86/hardened/stage2-openrc.spec @@ -1,10 +1,10 @@ subarch: i686 target: stage2 -version_stamp: hardened-@TIMESTAMP@ +version_stamp: hardened-openrc-@TIMESTAMP@ rel_type: hardened profile: default/linux/x86/17.0/hardened snapshot: @TIMESTAMP@ -source_subpath: hardened/stage1-i686-hardened-@TIMESTAMP@ +source_subpath: hardened/stage1-i686-hardened-openrc-@TIMESTAMP@ compression_mode: pixz_x portage_confdir: @REPO_DIR@/releases/portage/stages portage_prefix: releng diff --git a/releases/specs/x86/hardened/stage3.spec b/releases/specs/x86/hardened/stage3-openrc.spec similarity index 66% rename from releases/specs/x86/hardened/stage3.spec rename to releases/specs/x86/hardened/stage3-openrc.spec index 3b51fceb..93ef92e6 100644 --- a/releases/specs/x86/hardened/stage3.spec +++ b/releases/specs/x86/hardened/stage3-openrc.spec @@ -1,10 +1,10 @@ subarch: i686 target: stage3 -version_stamp: hardened-@TIMESTAMP@ +version_stamp: hardened-openrc-@TIMESTAMP@ rel_type: hardened profile: default/linux/x86/17.0/hardened snapshot: @TIMESTAMP@ -source_subpath: hardened/stage2-i686-hardened-@TIMESTAMP@ +source_subpath: hardened/stage2-i686-hardened-openrc-@TIMESTAMP@ compression_mode: pixz_x portage_confdir: @REPO_DIR@/releases/portage/stages portage_prefix: releng diff --git a/tools/catalyst-auto-x86-demeter.conf b/tools/catalyst-auto-x86-demeter.conf index 84c2f985..98c2d131 100644 --- a/tools/catalyst-auto-x86-demeter.conf +++ b/tools/catalyst-auto-x86-demeter.conf @@ -15,6 +15,7 @@ SETS=" i486_openrc i686_openrc i686_systemd + hardened_openrc " SET_i486_openrc_SPECS="i486/stage1-openrc.spec i486/stage2-openrc.spec i486/stage3-openrc.spec" @@ -23,13 +24,16 @@ SET_i486_openrc_OPTIONAL_SPECS="i486/installcd-stage1-openrc.spec i486/installcd SET_i686_openrc_SPECS="i686/stage1-openrc.spec i686/stage2-openrc.spec i686/stage3-openrc.spec" SET_i686_systemd_SPECS="i686/stage1-systemd.spec i686/stage2-systemd.spec i686/stage3-systemd.spec" +SET_hardened_openrc_SPECS="hardened/stage1-openrc.spec hardened/stage2-openrc.spec hardened/stage3-openrc.spec" +SET_hardened_openrc_OPTIONAL_SPECS="hardened/admincd-stage1-openrc.spec hardened/admincd-stage2-openrc.spec" + KCONFIG_DIR=${REPO_DIR}/releases/kconfig/x86 EXTENSIONS="@(.tar.xz|.tar.bz2|.tar.gz|.tar|.sfs)" update_symlinks() { # Symlink the latest stages3 to build from - for d in ${BUILD_SRCDIR_BASE}/builds/default ; do + for d in ${BUILD_SRCDIR_BASE}/builds/{default,hardened} ; do pushd "${d}" >/dev/null || exit shopt -s extglob for f in $(ls stage3*${EXTENSIONS} | grep -v latest | give_latest_from_dates ) ; do @@ -51,9 +55,9 @@ update_symlinks() { post_build() { local set=$1 spec=$2 + UPLOAD_DEST=${BUILD_DESTDIR_BASE} pushd ${BUILD_SRCDIR_BASE}/builds/default >/dev/null || exit - UPLOAD_DEST=${BUILD_DESTDIR_BASE} case ${spec} in i486/stage3-openrc.spec) upload stage3-i486-openrc-${TIMESTAMP}.tar.xz* @@ -69,6 +73,17 @@ post_build() { ;; esac popd >/dev/null || exit + + pushd ${BUILD_SRCDIR_BASE}/builds/hardened >/dev/null || exit + case ${spec} in + hardened/stage3-openrc.spec) + upload stage3-i686-hardened-openrc-${TIMESTAMP}.tar.xz* + ;; + hardened/admincd-stage2-openrc.spec) + upload admincd-x86-hardened-openrc-${TIMESTAMP}.iso* + ;; + esac + popd >/dev/null || exit } # vim:ft=sh: diff --git a/tools/catalyst-auto-x86.conf b/tools/catalyst-auto-x86.conf index b19aa911..075bb447 100644 --- a/tools/catalyst-auto-x86.conf +++ b/tools/catalyst-auto-x86.conf @@ -11,12 +11,8 @@ source /etc/catalyst/release/build.env SPECS_DIR=${REPO_DIR}/releases/specs/x86 -SETS=" - hardened -" - -SET_hardened_SPECS="hardened/stage1.spec hardened/stage2.spec hardened/stage3.spec" -SET_hardened_OPTIONAL_SPECS="hardened/admincd-stage1.spec hardened/admincd-stage2.spec" +SETS="" +SPECS="nosuchfile.spec" KCONFIG_DIR=${REPO_DIR}/releases/kconfig/x86