diff --git a/tools-hardened/common.sh b/tools-hardened/common.sh new file mode 100644 index 00000000..9a0a03af --- /dev/null +++ b/tools-hardened/common.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +source /etc/catalyst/catalyst.conf + +mydate=`date +%Y%m%d` + + +undo_grsec() { + [[ -d /proc/sys/kernel/grsecurity ]] || return + for i in /proc/sys/kernel/grsecurity/chroot_* ; do + echo 0 > $i + done +} + + +banner() { +cat << EOF | tee -a zzz.log > stage$1-$2-systemd.log + +************************************************************************ +* stage$1-$2-systemd +************************************************************************" + +EOF +} + + +do_stages() { + local arch=$1 + + for s in 1 2 3; do + local tgpath="${storedir}/builds/systemd/${arch}" + local target="stage${s}-${arch}-systemd-${mydate}.tar.bz2" + local tglink="stage${s}-${arch}-systemd.tar.bz2" + + if [[ ! -f "${tgpath}/${tglink}" ]]; then + touch stage${s}-${arch}-systemd.log + echo "!!! ${tglink} at ${tgpath} doesn't exist" \ + | tee -a zzz.log \ + > stage${s}-${arch}-systemd.err + return 1 + fi + + banner ${s} ${arch} + catalyst -f stage${s}-${arch}-systemd.conf \ + | tee -a zzz.log \ + > stage${s}-${arch}-systemd.log \ + 2> stage${s}-${arch}-systemd.err + + if [[ -f "${tgpath}/${target}" ]]; then + rm -f "${tgpath}/${tglink}" + ln -s ${target} "${tgpath}/${tglink}" + else + echo "!!! ${target} was not generated" \ + | tee -a zzz.log \ + >stage${s}-${arch}-systemd.err + return 1 + fi + done + + return 0 +} diff --git a/tools-hardened/run-systemd.sh b/tools-hardened/run-systemd.sh new file mode 100644 index 00000000..94c57d17 --- /dev/null +++ b/tools-hardened/run-systemd.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +source common.sh + +prepare_confs() { + local arch=$1 + + for s in 1 2 3; do + + local cstage=stage${s} + local p=$(( s - 1 )) + [[ $p == 0 ]] && p=3 + local pstage=stage${p} + + local parch="${arch}" + [[ "${arch}" == "i686" ]] && parch="x86" + + cat stage-all.conf.template | \ + sed -e "s:\(^version_stamp.*$\):\1-${mydate}:" \ + -e "s:STAGE:${cstage}:g" \ + -e "s:SARCH:${arch}:g" \ + -e "s:PARCH:${parch}:g" \ + > stage${s}-${arch}-systemd.conf + done +} + + +main() { + >zzz.log + + undo_grsec + + catalyst -s current | tee -a zzz.log >snapshot.log 2>snapshot.err + +# for arch in amd64 i686; do + for arch in amd64; do + prepare_confs ${arch} + done + + # The parallelization `( do_stages ... ) &` doesn't work here + # if catalyst is using snapcache, bug #519656 +# for arch in amd64 i686; do + for arch in amd64; do + do_stages ${arch} + [[ $? == 1 ]] && echo "FAILURE at ${arch}" | tee zzz.log + done +} + +main $1 & diff --git a/tools-hardened/stage-all.conf.template b/tools-hardened/stage-all.conf.template new file mode 100644 index 00000000..942ddc75 --- /dev/null +++ b/tools-hardened/stage-all.conf.template @@ -0,0 +1,7 @@ +subarch: SARCH +target: STAGE +version_stamp: systemd +rel_type: systemd/SARCH +profile: default/linux/PARCH/13.0/systemd +snapshot: current +source_subpath: systemd/SARCH/STAGE-SARCH-systemd