From cfdd2ef604147b098841efb5cb7ec41cd58ad91e Mon Sep 17 00:00:00 2001 From: Willy Sudiarto Raharjo Date: Thu, 1 Jun 2017 08:15:33 +0700 Subject: [PATCH] system/gradm: Removed. See https://grsecurity.net/passing_the_baton.php. Signed-off-by: Willy Sudiarto Raharjo --- system/gradm/README | 9 --- system/gradm/doinst.sh | 16 ----- system/gradm/gradm.SlackBuild | 121 ---------------------------------- system/gradm/gradm.info | 12 ---- system/gradm/slack-desc | 19 ------ 5 files changed, 177 deletions(-) delete mode 100644 system/gradm/README delete mode 100644 system/gradm/doinst.sh delete mode 100644 system/gradm/gradm.SlackBuild delete mode 100644 system/gradm/gradm.info delete mode 100644 system/gradm/slack-desc diff --git a/system/gradm/README b/system/gradm/README deleted file mode 100644 index 5aff454132..0000000000 --- a/system/gradm/README +++ /dev/null @@ -1,9 +0,0 @@ -Gradm, the administration utility for the role-based access control -system, is a powerful tool that parses your ACLs (Access Control Lists), -performs the enforcement of a secure base policy, optimizes the ACLs, -as well as handles parsing of the learning logs, merges them with your -ACL set, and outputs the final ACLs. - -Before you install gradm, boot into your patched grsecurity kernel. -You can compile gradm in any kernel you wish, but the installation will -fail if the kernel does not support grsecurity. diff --git a/system/gradm/doinst.sh b/system/gradm/doinst.sh deleted file mode 100644 index 2f09e5c808..0000000000 --- a/system/gradm/doinst.sh +++ /dev/null @@ -1,16 +0,0 @@ -config() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: - if [ ! -r $OLD ]; then - mv $NEW $OLD - elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy - rm $NEW - fi - # Otherwise, we leave the .new copy for the admin to consider... -} - -config etc/grsec/learn_config.new -config etc/grsec/policy.new - diff --git a/system/gradm/gradm.SlackBuild b/system/gradm/gradm.SlackBuild deleted file mode 100644 index 678fe03bf5..0000000000 --- a/system/gradm/gradm.SlackBuild +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh - -# Slackware build script for gradm - -# Copyright 2013 pyllyukko -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -PRGNAM=gradm -VERSION=${VERSION:-3.1_201608131257} -BUILD=${BUILD:-1} -TAG=${TAG:-_SBo} - -SRCVERSION=$(echo $VERSION | tr _ -) - -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) ARCH=i486 ;; - arm*) ARCH=arm ;; - *) ARCH=$( uname -m ) ;; - esac -fi - -CWD=$(pwd) -TMP=${TMP:-/tmp/SBo} -PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} - -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -set -e - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP -rm -rf $PRGNAM - -# The package can be verified with Bradley Spengler's PGP key (0x4245D46A) -# If we have GnuPG installed, we try to verify the signature. -if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ] -then - set +e - # This will check if we have the correct key in our keyring. - # For the trustedkeys.gpg, see "man 1 gpgv". - /usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0x4245D46A &>/dev/null - GPG_RET=${?} - # 2 means we don't have his key, 0 means we do. - set -e - # If we have the key and the signature file, we verify the package with GPG - if [ ${GPG_RET} -eq 0 -a \ - -f "${CWD}/${PRGNAM}-${SRCVERSION}.tar.gz.sig" ] - then - /usr/bin/gpgv "${CWD}/${PRGNAM}-${SRCVERSION}.tar.gz.sig" - fi -fi - -tar xvf $CWD/$PRGNAM-$SRCVERSION.tar.gz -cd ${PRGNAM} -chown -R root:root . -find -L . \ - \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ - -o -perm 511 \) -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ - -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; - -# change the mandir: -sed -i -e 's:^\(MANDIR=/usr/share/man\)$:#\1:' -e 's:^#\(MANDIR=/usr/man\)$:\1:' Makefile - -# don't link libfl: -sed -i -e '/^LIBS :=/d' Makefile - -make nopam -make install DESTDIR=$PKG - -mv -v ${PKG}/etc/grsec/learn_config ${PKG}/etc/grsec/learn_config.new -mv -v ${PKG}/etc/grsec/policy ${PKG}/etc/grsec/policy.new - -find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - -find $PKG/usr/man -type f -exec gzip -9 {} \; -for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a README $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc -cat $CWD/doinst.sh > $PKG/install/doinst.sh - -cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/gradm/gradm.info b/system/gradm/gradm.info deleted file mode 100644 index f0a5d5aeb4..0000000000 --- a/system/gradm/gradm.info +++ /dev/null @@ -1,12 +0,0 @@ -PRGNAM="gradm" -VERSION="3.1_201608131257" -HOMEPAGE="https://grsecurity.net/" -DOWNLOAD="https://grsecurity.net/stable/gradm-3.1-201608131257.tar.gz \ - https://grsecurity.net/stable/gradm-3.1-201608131257.tar.gz.sig" -MD5SUM="705522f3be4d5d191f4f393c5c45762d \ - c0c136cd501178b192611b836460ae9a" -DOWNLOAD_x86_64="" -MD5SUM_x86_64="" -REQUIRES="" -MAINTAINER="pyllyukko" -EMAIL="pyllyukko AT maimed dot org" diff --git a/system/gradm/slack-desc b/system/gradm/slack-desc deleted file mode 100644 index 51a4ca17b7..0000000000 --- a/system/gradm/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. -# Line up the first '|' above the ':' following the base package name, and -# the '|' on the right side marks the last column you can put a character in. -# You must make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':' except on otherwise blank lines. - - |-----handy-ruler------------------------------------------------------| -gradm: gradm (Grsecurity Administration Utility) -gradm: -gradm: Gradm, the administration utility for the role-based access control -gradm: system, is a powerful tool that parses your ACLs (Access Control -gradm: Lists), performs the enforcement of a secure base policy, optimizes -gradm: the ACLs, as well as handles parsing of the learning logs, merges -gradm: them with your ACL set, and outputs the final ACLs. -gradm: -gradm: Before you install gradm, boot into your patched grsecurity kernel. -gradm: You can compile gradm in any kernel you wish, but the installation -gradm: will fail if the kernel does not support grsecurity.