diff --git a/tools-musl/portage.amd64.hardened-stage4/package.use/stage4 b/tools-musl/portage.amd64.hardened-stage4/package.use/stage4 index 4b84ae65..7c0a650a 100644 --- a/tools-musl/portage.amd64.hardened-stage4/package.use/stage4 +++ b/tools-musl/portage.amd64.hardened-stage4/package.use/stage4 @@ -1 +1,2 @@ sys-boot/grub grub_platforms_pc +app-admin/syslog-ng -tcpd diff --git a/tools-musl/run-stage4.sh b/tools-musl/run-stage4.sh index e79acc79..5bfe74e6 100755 --- a/tools-musl/run-stage4.sh +++ b/tools-musl/run-stage4.sh @@ -1,5 +1,23 @@ +#!/bin/bash + +set -eu + +source /etc/catalyst/catalyst.conf + MUSL_DIR="$( cd "$( dirname ${BASH_SOURCE[0]} )" && pwd )" +MY_DATE="$(date +%Y%m%d)" + +# munge specfile for this run cp "${MUSL_DIR}"/stage4-hardened-amd64.spec "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec sed -i "s|@REPO_DIR@|${MUSL_DIR}|g" "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec +sed -i "s|MY_DATE|${MY_DATE}|g" "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec +# catalyst stuff catalyst -f "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec | tee -a "${MUSL_DIR}"/zzz.log + +# update link, rm -f returns 0 if file isn't there yet +rm -f "${storedir}/builds/musl/hardened/amd64/stage4-amd64-musl-hardened.tar.bz2" +ln -s "${storedir}/builds/musl/hardened/amd64/stage4-amd64-musl-hardened-${MY_DATE}.tar.bz2" "${storedir}/builds/musl/hardened/amd64/stage4-amd64-musl-hardened.tar.bz2" + +# remove old specfile +rm "${MUSL_DIR}"/stage4-hardened-amd64-configured.spec diff --git a/tools-musl/stage4-fsscript.sh b/tools-musl/stage4-fsscript.sh index f222b1f2..00777bad 100755 --- a/tools-musl/stage4-fsscript.sh +++ b/tools-musl/stage4-fsscript.sh @@ -51,6 +51,19 @@ nameserver 8.8.8.8 nameserver 2001:4860:4860::8888 EOL +# make sure musl stuff is available +echo "=app-portage/layman-2.4.1-r1 ~amd64" >> /etc/portage/package.keywords/layman +echo "=dev-python/ssl-fetch-0.4 ~amd64" >> /etc/portage/package.keywords/layman +emerge -vq --jobs=4 layman dev-vcs/git +layman -L +layman -a musl + +# shrink stuff down +eselect python set python3.4 +emerge -C -q dev-lang/python:2.7 sys-boot/grub sys-devel/bc +USE="-build" emerge -q --jobs=2 --usepkg=n --buildpkg=y @preserved-rebuild +USE="-build" emerge --verbose=n --depclean + # let's upgrade (security fixes and otherwise) USE="-build" emerge -uDNv --with-bdeps=y --buildpkg=y --jobs=2 @world USE="-build" emerge --verbose=n --depclean @@ -59,13 +72,11 @@ etc-update --automode -5 # Clean up portage emerge --verbose=n --depclean -if [[ -a /usr/bin/eix ]]; then - eix-update -fi emaint all -f eselect news read all eclean-dist --destructive sed -i '/^USE=\"\${USE}\ \ build\"$/d' /etc/portage/make.conf +sed -i '/dev-util\/pkgconf/d' /var/lib/portage/world # clean up system passwd -d root diff --git a/tools-musl/stage4-hardened-amd64.spec b/tools-musl/stage4-hardened-amd64.spec index e4623cb4..aae24bf6 100644 --- a/tools-musl/stage4-hardened-amd64.spec +++ b/tools-musl/stage4-hardened-amd64.spec @@ -1,7 +1,7 @@ subarch: amd64 target: stage4 -version_stamp: hardened-musl-cloud-latest -rel_type: default +version_stamp: musl-hardened-MY_DATE +rel_type: musl/hardened/amd64 profile: hardened/linux/musl/amd64 snapshot: current source_subpath: musl/hardened/amd64/stage3-amd64-musl-hardened @@ -20,21 +20,10 @@ stage4/use: urandom stage4/packages: - app-admin/logrotate - app-admin/sudo app-admin/syslog-ng - app-editors/vim - app-portage/eix - app-portage/gentoolkit + dev-util/pkgconf net-misc/dhcpcd - net-misc/iputils - sys-boot/grub - sys-apps/dmidecode - sys-apps/gptfdisk sys-apps/iproute2 - sys-apps/lsb-release - sys-apps/pciutils - sys-block/parted sys-devel/bc sys-power/acpid sys-process/cronie @@ -59,15 +48,14 @@ stage4/empty: /tmp /usr/portage/distfiles /usr/src - /var/cache/edb/dep - /var/cache/genkernel - /var/cache/portage/distfiles + /var/cache /var/empty /var/run /var/state /var/tmp stage4/rm: + /boot/System.map-genkernel* /etc/*- /etc/*.old /etc/ssh/ssh_host_*