chadmed/gentoo-asahi-releng
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tools-hardened/desktop: centralizes common code for build scripts

Browse source
This commit is contained in:
Devan Franchini 2014-04-08 15:57:40 -04:00
parent 2298afb710
commit e4393f6515
5 changed files with 179 additions and 383 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
tools-hardened/desktop/fluxbox-run.sh
View file

@ -8,102 +8,12 @@ STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest
LAYMAN="/var/lib/layman" LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat" KERNEL_SOURCE="/usr/src/linux-tinhat"
MAKE_BASE="xfce4"
KEYWORDS_BASE="gnome"
USE_BASE="xfce4"
WORLD_BASE="fluxbox"
unpack_stage3() { source run-base.sh
mkdir "${ROOTFS}"
tar -x -C "${ROOTFS}" -f "${STAGE3}"
}
mount_dirs() {
mkdir "${ROOTFS}"/usr/portage/
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
mount --bind /proc/ "${ROOTFS}"/proc/
mount --bind /dev/ "${ROOTFS}"/dev/
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
mount -t tmpfs shm "${ROOTFS}"/dev/shm
mount --bind /sys/ "${ROOTFS}"/sys/
}
populate_etc() {
cp -f files/fstab "${ROOTFS}"/etc/fstab
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
cp -f files/portage/package.gnome.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
cp -f files/portage/package.xfce4.use "${ROOTFS}"/etc/portage/package.use
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
}
rebuild_toolchain() {
cp -f toolchain.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/toolchain.sh
rm -f "${ROOTFS}"/tmp/toolchain.sh
}
rebuild_world() {
cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
cp -f files/fluxbox-world "${ROOTFS}"/var/lib/portage/world
cp -f rebuild.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/rebuild.sh
rm -f "${ROOTFS}"/tmp/rebuild.sh
}
update_world() {
cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
cp -f update.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/update.sh
rm -f "${ROOTFS}"/tmp/update.sh
}
build_kernel() {
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
mkdir -p "${ROOTFS}"/boot
genkernel \
--kernel-config=files/kernel-config \
--makeopts=-j9 \
--static \
--symlink \
--no-mountboot \
--kerneldir="${KERNEL_SOURCE}" \
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
all
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
# objcopy --strip-unneeded $i
#done
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
tar -x -C "${PWD}"/files -f th-boot.tar.gz
cp -Rf files/th-boot/grub "${ROOTFS}"/boot
rm -f "${PWD}"/th-boot.tar.gz
}
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
chroot "${ROOTFS}"/ rc-update add alsasound boot
chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
chroot "${ROOTFS}"/ rc-update add device-mapper boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev boot
chroot "${ROOTFS}"/ rc-update add cupsd default
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
chroot "${ROOTFS}"/ rc-update add postfix default
chroot "${ROOTFS}"/ rc-update add sshd default
chroot "${ROOTFS}"/ rc-update add xdm default
chroot "${ROOTFS}"/ rc-update add avahi-daemon default
chroot "${ROOTFS}"/ rc-update add dbus default
chroot "${ROOTFS}"/ rc-update add samba default
chroot "${ROOTFS}"/ rc-update add syslog-ng default
chroot "${ROOTFS}"/ rc-update add udev-postmount default
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
}
setup_usergroups() { setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user" local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
@ -125,7 +35,6 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser cp -a thuser "${ROOTFS}"/home/thuser
sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/home/thuser/.xinitrc sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/home/thuser/.xinitrc
cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf} mkdir -p "${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
@ -136,6 +45,7 @@ setup_usergroups() {
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/' "${ROOTFS}"/etc/skel/.xinitrc
cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
} }
setup_confs() { setup_confs() {
@ -160,36 +70,7 @@ setup_confs() {
chroot "${ROOTFS}"/ eselect locale set 3 chroot "${ROOTFS}"/ eselect locale set 3
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/ cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT # In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
# NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1 sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
#sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
rm -rf "${ROOTFS}"/var/cache/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
rm -rf "${ROOTFS}"/etc/resolv.conf
rm -rf "${ROOTFS}"/etc/ssh/*key*
rm -rf "${ROOTFS}"/root/.viminfo
for i in ${ROOTFS}/root/.bash_history ; do >$i; done
find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
}
unmount_dirs() {
umount "${ROOTFS}"/sys/
umount "${ROOTFS}"/dev/shm
umount "${ROOTFS}"/dev/pts/
umount "${ROOTFS}"/dev/
umount "${ROOTFS}"/proc/
umount "${ROOTFS}"/usr/portage/
mkdir "${ROOTFS}"/usr/portage/profiles/
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
}
make_iso() {
MYROOT="${ROOTFS}" ./make.sh
} }
main() { main() {

126
tools-hardened/desktop/gnome3-run.sh
View file

@ -4,103 +4,17 @@ ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-gnome" ROOTFS="th-${ARCH}-gnome"
PWD="$(pwd)" PWD="$(pwd)"
STAGE3="/var/tmp/catalyst/builds/hardened/amd64/stage3-amd64-hardened-latest.tar.bz2" STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
LAYMAN="/var/lib/layman" LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat" KERNEL_SOURCE="/usr/src/linux-tinhat"
BASE="gnome"
MAKE_BASE="${BASE}"
KEYWORDS_BASE="${BASE}"
USE_BASE="${BASE}"
WORLD_BASE="${BASE}"
unpack_stage3() { source run-base.sh
mkdir "${ROOTFS}"
tar -x -C "${ROOTFS}" -f "${STAGE3}"
}
mount_dirs() {
mkdir "${ROOTFS}"/usr/portage/
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
mount --bind /proc/ "${ROOTFS}"/proc/
mount --bind /dev/ "${ROOTFS}"/dev/
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
mount -t tmpfs shm "${ROOTFS}"/dev/shm
mount --bind /sys/ "${ROOTFS}"/sys/
}
populate_etc() {
cp -f files/fstab "${ROOTFS}"/etc/fstab
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
cp -f files/portage/make.gnome.1 "${ROOTFS}"/etc/portage/make.conf
cp -f files/portage/package.gnome.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
cp -f files/portage/package.gnome.use "${ROOTFS}"/etc/portage/package.use
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
}
rebuild_toolchain() {
cp -f toolchain.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/toolchain.sh
rm -f "${ROOTFS}"/tmp/toolchain.sh
}
rebuild_world() {
cp -f files/gnome-world "${ROOTFS}"/var/lib/portage/world
cp -f rebuild.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/rebuild.sh
rm -f "${ROOTFS}"/tmp/rebuild.sh
}
update_world() {
cp -f files/portage/make.gnome.2 "${ROOTFS}"/etc/portage/make.conf
cp -f update.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/update.sh
rm -f "${ROOTFS}"/tmp/update.sh
}
build_kernel() {
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
mkdir -p "${ROOTFS}"/boot
genkernel \
--kernel-config=files/kernel-config \
--makeopts=-j9 \
--static \
--symlink \
--no-mountboot \
--kerneldir="${KERNEL_SOURCE}" \
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
all
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
# objcopy --strip-unneeded $i
# done
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
tar -x -C "${PWD}"/files -f th-boot.tar.gz
cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
rm -f "${PWD}"/th-boot.tar.gz
}
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/# GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
chroot "${ROOTFS}"/ systemctl enable bluetooth.service
chroot "${ROOTFS}"/ systemctl enable cups.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable gdm.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
chroot "${ROOTFS}"/ systemctl enable postfix.service
chroot "${ROOTFS}"/ systemctl enable smbd.service
chroot "${ROOTFS}"/ systemctl enable sshd.service
#chroot "${ROOTFS}"/ systemctl enable udev.service
#chroot "${ROOTFS}"/ systemctl enable udev-settle.service
#chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
}
setup_usergroups() { setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user" local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
@ -147,31 +61,7 @@ setup_confs() {
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/ cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT # In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
# NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1 sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
#sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
rm -rf "${ROOTFS}"/etc/resolv.conf
}
unmount_dirs() {
umount -l "${ROOTFS}"/sys/
umount -l "${ROOTFS}"/dev/shm
umount -l "${ROOTFS}"/dev/pts/
umount -l "${ROOTFS}"/dev/
umount -l "${ROOTFS}"/proc/
umount -l "${ROOTFS}"/usr/portage/
mkdir "${ROOTFS}"/usr/portage/profiles/
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
}
make_iso() {
MYROOT="${ROOTFS}" ./make.sh
} }
main() { main() {

2
tools-hardened/desktop/make.sh
View file

@ -2,7 +2,7 @@
WORKING=$(pwd) WORKING=$(pwd)
CHROOTS=${CHROOTS:-"${WORKING}"} CHROOTS=${CHROOTS:-"${WORKING}"}
MYROOT=${MYROOT:-"desktop-amd64-hardened-ramdisk"} MYROOT=${MYROOT:-""}
cleanup() cleanup()
{ {

142
tools-hardened/desktop/run-base.sh Executable file
View file

@ -0,0 +1,142 @@
#!/bin/bash
unpack_stage3() {
mkdir "${ROOTFS}"
tar -x -C "${ROOTFS}" -f "${STAGE3}"
}
mount_dirs() {
mkdir "${ROOTFS}"/usr/portage/
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
mount --bind /proc/ "${ROOTFS}"/proc/
mount --bind /dev/ "${ROOTFS}"/dev/
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
mount -t tmpfs shm "${ROOTFS}"/dev/shm
mount --bind /sys/ "${ROOTFS}"/sys/
}
populate_etc() {
cp -f files/fstab "${ROOTFS}"/etc/fstab
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
cp -f files/portage/make."${MAKE_BASE}".1 "${ROOTFS}"/etc/portage/make.conf
cp -f files/portage/package."${KEYWORDS_BASE}".accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
cp -f files/portage/package."${USE_BASE}".use "${ROOTFS}"/etc/portage/package.use
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
}
rebuild_toolchain() {
cp -f toolchain.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/toolchain.sh
rm -f "${ROOTFS}"/tmp/toolchain.sh
}
rebuild_world() {
cp -f files/"${WORLD_BASE}"-world "${ROOTFS}"/var/lib/portage/world
cp -f rebuild.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/rebuild.sh
rm -f "${ROOTFS}"/tmp/rebuild.sh
}
update_world() {
cp -f files/portage/make."${MAKE_BASE}".2 "${ROOTFS}"/etc/portage/make.conf
cp -f update.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/update.sh
rm -f "${ROOTFS}"/tmp/update.sh
}
build_kernel() {
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
mkdir -p "${ROOTFS}"/boot
genkernel \
--kernel-config=files/kernel-config \
--makeopts=-j9 \
--static \
--symlink \
--no-mountboot \
--kerneldir="${KERNEL_SOURCE}" \
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
all
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
# objcopy --strip-unneeded $i
#done
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
tar -x -C "${PWD}"/files -f th-boot.tar.gz
cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
rm -f "${PWD}"/th-boot.tar.gz
}
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
chroot "${ROOTFS}"/ rc-update add alsasound boot
chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
chroot "${ROOTFS}"/ rc-update add device-mapper boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev boot
chroot "${ROOTFS}"/ rc-update add cupsd default
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
chroot "${ROOTFS}"/ rc-update add postfix default
chroot "${ROOTFS}"/ rc-update add sshd default
chroot "${ROOTFS}"/ rc-update add xdm default
chroot "${ROOTFS}"/ rc-update add avahi-daemon default
chroot "${ROOTFS}"/ rc-update add dbus default
chroot "${ROOTFS}"/ rc-update add samba default
chroot "${ROOTFS}"/ rc-update add syslog-ng default
chroot "${ROOTFS}"/ rc-update add udev-postmount default
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
}
setup_systemd() {
ln -sf /proc/self/mounts /etc/mtab
sed -i -e 's/# GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/' "${ROOTFS}"/etc/default/grub
chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
chroot "${ROOTFS}"/ systemctl enable bluetooth.service
chroot "${ROOTFS}"/ systemctl enable cups.service
chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
chroot "${ROOTFS}"/ systemctl enable cronie.service
chroot "${ROOTFS}"/ systemctl enable gdm.service
chroot "${ROOTFS}"/ systemctl enable metalog.service
chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
chroot "${ROOTFS}"/ systemctl enable postfix.service
chroot "${ROOTFS}"/ systemctl enable smbd.service
chroot "${ROOTFS}"/ systemctl enable sshd.service
#chroot "${ROOTFS}"/ systemctl enable udev.service
#chroot "${ROOTFS}"/ systemctl enable udev-settle.service
#chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
}
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
rm -rf "${ROOTFS}"/var/cache/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
rm -rf "${ROOTFS}"/etc/resolv.conf
rm -rf "${ROOTFS}"/etc/ssh/*key*
rm -rf "${ROOTFS}"/root/.viminfo
for i in ${ROOTFS}/root/.bash_history ; do >$i; done
find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
}
unmount_dirs() {
umount "${ROOTFS}"/sys/
umount "${ROOTFS}"/dev/shm
umount "${ROOTFS}"/dev/pts/
umount "${ROOTFS}"/dev/
umount "${ROOTFS}"/proc/
umount "${ROOTFS}"/usr/portage/
mkdir "${ROOTFS}"/usr/portage/profiles/
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
}
make_iso() {
MYROOT="${ROOTFS}" ./make.sh
}

155
tools-hardened/desktop/xfce4-run.sh
View file

@ -8,101 +8,13 @@ STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest
LAYMAN="/var/lib/layman" LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat" KERNEL_SOURCE="/usr/src/linux-tinhat"
BASE="xfce4"
MAKE_BASE="${BASE}"
KEYWORDS_BASE="${BASE}"
USE_BASE="${BASE}"
WORLD_BASE="${BASE}"
unpack_stage3() { source run-base.sh
mkdir "${ROOTFS}"
tar -x -C "${ROOTFS}" -f "${STAGE3}"
}
mount_dirs() {
mkdir "${ROOTFS}"/usr/portage/
mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
mount --bind /proc/ "${ROOTFS}"/proc/
mount --bind /dev/ "${ROOTFS}"/dev/
mount --bind /dev/pts "${ROOTFS}"/dev/pts/
mount -t tmpfs shm "${ROOTFS}"/dev/shm
mount --bind /sys/ "${ROOTFS}"/sys/
}
populate_etc() {
cp -f files/fstab "${ROOTFS}"/etc/fstab
cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
cp -f files/portage/package.xfce4.accept_keywords "${ROOTFS}"/etc/portage/package.accept_keywords
cp -f files/portage/package.xfce4.use "${ROOTFS}"/etc/portage/package.use
cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
}
rebuild_toolchain() {
cp -f toolchain.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/toolchain.sh
rm -f "${ROOTFS}"/tmp/toolchain.sh
}
rebuild_world() {
cp -f files/xfce4-world "${ROOTFS}"/var/lib/portage/world
cp -f rebuild.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/rebuild.sh
rm -f "${ROOTFS}"/tmp/rebuild.sh
}
update_world() {
cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
cp -f update.sh "${ROOTFS}"/tmp/
chroot "${ROOTFS}"/ /tmp/update.sh
rm -f "${ROOTFS}"/tmp/update.sh
}
build_kernel() {
local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz"
mkdir -p "${ROOTFS}"/boot
genkernel \
--kernel-config=files/kernel-config \
--makeopts=-j9 \
--static \
--symlink \
--no-mountboot \
--kerneldir="${KERNEL_SOURCE}" \
--bootdir="${PWD}"/"${ROOTFS}"/boot/ \
all
#for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
# objcopy --strip-unneeded $i
#done
rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
tar -x -C "${PWD}"/files -f th-boot.tar.gz
cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
rm -f "${PWD}"/th-boot.tar.gz
}
setup_initrc() {
ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
chroot "${ROOTFS}"/ rc-update add acpid boot
chroot "${ROOTFS}"/ rc-update add alsasound boot
chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
chroot "${ROOTFS}"/ rc-update add device-mapper boot
chroot "${ROOTFS}"/ rc-update add lvm boot
chroot "${ROOTFS}"/ rc-update add udev boot
chroot "${ROOTFS}"/ rc-update add cupsd default
chroot "${ROOTFS}"/ rc-update add cronie default
chroot "${ROOTFS}"/ rc-update add net.eth0 default
chroot "${ROOTFS}"/ rc-update add postfix default
chroot "${ROOTFS}"/ rc-update add sshd default
chroot "${ROOTFS}"/ rc-update add xdm default
chroot "${ROOTFS}"/ rc-update add avahi-daemon default
chroot "${ROOTFS}"/ rc-update add dbus default
chroot "${ROOTFS}"/ rc-update add samba default
chroot "${ROOTFS}"/ rc-update add syslog-ng default
chroot "${ROOTFS}"/ rc-update add udev-postmount default
chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
}
setup_usergroups() { setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user" local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user"
@ -156,52 +68,23 @@ setup_confs() {
chroot "${ROOTFS}"/ eselect locale set 3 chroot "${ROOTFS}"/ eselect locale set 3
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/ cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT # In kernels 3.9 and above, we must disallow-other-stacks because of SO_REUSEPORT
# NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1 sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
#sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g' "${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
cleanup_dirs() {
rm -rf "${ROOTFS}"/tmp/*
rm -rf "${ROOTFS}"/var/cache/*
rm -rf "${ROOTFS}"/var/log/*
rm -rf "${ROOTFS}"/var/tmp/*
rm -rf "${ROOTFS}"/etc/resolv.conf
rm -rf "${ROOTFS}"/etc/ssh/*key*
rm -rf "${ROOTFS}"/root/.viminfo
for i in ${ROOTFS}/root/.bash_history ; do >$i; done
find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
}
unmount_dirs() {
umount "${ROOTFS}"/sys/
umount "${ROOTFS}"/dev/shm
umount "${ROOTFS}"/dev/pts/
umount "${ROOTFS}"/dev/
umount "${ROOTFS}"/proc/
umount "${ROOTFS}"/usr/portage/
mkdir "${ROOTFS}"/usr/portage/profiles/
echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
}
make_iso() {
MYROOT="${ROOTFS}" ./make.sh
} }
main() { main() {
#unpack_stage3 unpack_stage3
#mount_dirs mount_dirs
#populate_etc populate_etc
#rebuild_toolchain rebuild_toolchain
#rebuild_world rebuild_world
#update_world update_world
build_kernel build_kernel
#setup_initrc setup_initrc
#setup_usergroups setup_usergroups
#setup_confs setup_confs
#cleanup_dirs cleanup_dirs
#unmount_dirs unmount_dirs
#make_iso make_iso
} }
main > xfce4-"${ARCH}"-build.log 2>&1 & main > xfce4-"${ARCH}"-build.log 2>&1 &