On 170509-01:31+0200, Miroslav Rovis wrote:
> On 170508-22:49+0200, Miroslav Rovis wrote:
> > ...
> > I'll be back with an ebuild to discuss.
> > ...
> > On 170508-22:07+0200, Mathias Krause wrote:
> > > On 8 May 2017 at 20:08, Miroslav Rovis <miro.rovis@croatiafidelis.hr> wrote:
> ...
> > > > Unofficial forward ports of the last publicly available grsecurity patch
> > > > https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec
> > > >
> > > > which I cloned into my machine.
...
I managed to install:
$ uname -r
4.9.27-hardened-unofficial_grsec-170509_14
$
The issues I had were trivial, only some familiarizing with the methods.
So far, booting into the new kernel, and deployment, all is fine,
absolutely regular (*so far*).
If anybody would need it, I can try and make a step by step notes the
next time I do the building in my Air-Gapped, which is soon. Much
later will be harder to reproduce the steps correctly without actually
doing it.
Here's my ebuild, and the genpatches and hardened-patches listing, if it
helps (often developers discuss here, which is fine, but I'm writing
this for users).
hardened-sources-4.9.27.ebuild
# ls -ABRgo /usr/portage/distfiles/{hardened-patches-4.9.27-1.extras.tar.bz2,genpatches-4.9-27.base.tar.xz}
-rw-r--r-- 1 536200 2017-05-09 13:02 /usr/portage/distfiles/genpatches-4.9-27.base.tar.xz
-rw-r--r-- 1 1997214 2017-05-09 14:08 /usr/portage/distfiles/hardened-patches-4.9.27-1.extras.tar.bz2
#
ls -ABRgo genpatches-4.9-27/
genpatches-4.9-27/:
total 2432
-rw-r--r-- 1 5412 2017-04-18 14:29 0000_README
-rw-r--r-- 1 114367 2017-04-18 14:29 1000_linux-4.9.1.patch
-rw-r--r-- 1 141140 2017-04-18 14:29 1001_linux-4.9.2.patch
-rw-r--r-- 1 264856 2017-04-18 14:29 1002_linux-4.9.3.patch
-rw-r--r-- 1 58683 2017-04-18 14:29 1003_linux-4.9.4.patch
-rw-r--r-- 1 177665 2017-04-18 14:29 1004_linux-4.9.5.patch
-rw-r--r-- 1 149694 2017-04-18 14:29 1005_linux-4.9.6.patch
-rw-r--r-- 1 71811 2017-04-18 14:29 1006_linux-4.9.7.patch
-rw-r--r-- 1 64550 2017-04-18 14:29 1007_linux-4.9.8.patch
-rw-r--r-- 1 78333 2017-04-18 14:29 1008_linux-4.9.9.patch
-rw-r--r-- 1 73914 2017-04-18 14:29 1009_linux-4.9.10.patch
-rw-r--r-- 1 60460 2017-04-18 14:29 1010_linux-4.9.11.patch
-rw-r--r-- 1 21015 2017-04-18 14:29 1011_linux-4.9.12.patch
-rw-r--r-- 1 34344 2017-04-18 14:29 1012_linux-4.9.13.patch
-rw-r--r-- 1 220480 2017-04-18 14:29 1013_linux-4.9.14.patch
-rw-r--r-- 1 96906 2017-04-18 14:29 1014_linux-4.9.15.patch
-rw-r--r-- 1 52098 2017-04-18 14:29 1015_linux-4.9.16.patch
-rw-r--r-- 1 195764 2017-04-18 14:29 1016_linux-4.9.17.patch
-rw-r--r-- 1 29223 2017-04-18 14:29 1017_linux-4.9.18.patch
-rw-r--r-- 1 101849 2017-04-18 14:29 1018_linux-4.9.19.patch
-rw-r--r-- 1 17310 2017-04-18 14:29 1019_linux-4.9.20.patch
-rw-r--r-- 1 148261 2017-04-18 14:29 1020_linux-4.9.21.patch
-rw-r--r-- 1 207889 2017-04-18 14:29 1021_linux-4.9.22.patch
-rw-r--r-- 1 40950 2017-04-18 14:29 1022_linux-4.9.23.patch
-rw-r--r-- 1 2369 2017-04-18 14:29 1500_XATTR_USER_PREFIX.patch
-rw-r--r-- 1 717 2017-01-12 13:09 1510_fs-enable-link-security-restrictions-by-default.patch
-rw-r--r-- 1 3056 2017-04-18 14:29 2300_enable-poweroff-on-Mac-Pro-11.patch
-rw-r--r-- 1 1205 2017-04-18 12:46 2900_dev-root-proc-mount-fix.patch
ls -ABRgo 4.9.27/
4.9.27/:
total 9404
-rw-r--r-- 1 2240 2017-05-09 13:04 0000_README
-rw-r--r-- 1 101631 2017-04-22 17:58 1023_linux-4.9.24.patch
-rw-r--r-- 1 25435 2017-05-09 14:08 1024_linux-4.9.25.patch
-rw-r--r-- 1 57956 2017-05-09 14:08 1025_linux-4.9.26.patch
-rw-r--r-- 1 29538 2017-05-09 14:07 1026_linux-4.9.27.patch
-rw-r--r-- 1 9352316 2017-05-09 11:57 4420_grsecurity-3.1-4.9.27-201705082100.patch
-rw-r--r-- 1 665 2016-11-10 01:55 4425_grsec_remove_EI_PAX.patch
-rw-r--r-- 1 1359 2017-01-01 18:15 4426_default_XATTR_PAX_FLAGS.patch
-rw-r--r-- 1 1444 2017-02-15 14:14 4427_force_XATTR_PAX_tmpfs.patch
-rw-r--r-- 1 303 2015-08-14 08:04 4430_grsec-remove-localversion-grsec.patch
-rw-r--r-- 1 1528 2016-08-14 12:16 4435_grsec-mute-warnings.patch
-rw-r--r-- 1 641 2015-08-14 08:04 4440_grsec-remove-protected-paths.patch
-rw-r--r-- 1 4184 2016-12-14 13:33 4450_grsec-kconfig-default-gids.patch
-rw-r--r-- 1 2616 2016-12-14 13:32 4465_selinux-avc_audit-log-curr_ip.patch
-rw-r--r-- 1 2553 2017-02-15 14:14 4470_disable-compat_vdso.patch
-rw-r--r-- 1 1467 2017-01-16 22:22 4475_emutramp_default_on.patch
Regards!
--
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr
> On 170508-22:49+0200, Miroslav Rovis wrote:
> > ...
> > I'll be back with an ebuild to discuss.
> > ...
> > On 170508-22:07+0200, Mathias Krause wrote:
> > > On 8 May 2017 at 20:08, Miroslav Rovis <miro.rovis@croatiafidelis.hr> wrote:
> ...
> > > > Unofficial forward ports of the last publicly available grsecurity patch
> > > > https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec
> > > >
> > > > which I cloned into my machine.
...
I managed to install:
$ uname -r
4.9.27-hardened-unofficial_grsec-170509_14
$
The issues I had were trivial, only some familiarizing with the methods.
So far, booting into the new kernel, and deployment, all is fine,
absolutely regular (*so far*).
If anybody would need it, I can try and make a step by step notes the
next time I do the building in my Air-Gapped, which is soon. Much
later will be harder to reproduce the steps correctly without actually
doing it.
Here's my ebuild, and the genpatches and hardened-patches listing, if it
helps (often developers discuss here, which is fine, but I'm writing
this for users).
hardened-sources-4.9.27.ebuild
# ls -ABRgo /usr/portage/distfiles/{hardened-patches-4.9.27-1.extras.tar.bz2,genpatches-4.9-27.base.tar.xz}
-rw-r--r-- 1 536200 2017-05-09 13:02 /usr/portage/distfiles/genpatches-4.9-27.base.tar.xz
-rw-r--r-- 1 1997214 2017-05-09 14:08 /usr/portage/distfiles/hardened-patches-4.9.27-1.extras.tar.bz2
#
ls -ABRgo genpatches-4.9-27/
genpatches-4.9-27/:
total 2432
-rw-r--r-- 1 5412 2017-04-18 14:29 0000_README
-rw-r--r-- 1 114367 2017-04-18 14:29 1000_linux-4.9.1.patch
-rw-r--r-- 1 141140 2017-04-18 14:29 1001_linux-4.9.2.patch
-rw-r--r-- 1 264856 2017-04-18 14:29 1002_linux-4.9.3.patch
-rw-r--r-- 1 58683 2017-04-18 14:29 1003_linux-4.9.4.patch
-rw-r--r-- 1 177665 2017-04-18 14:29 1004_linux-4.9.5.patch
-rw-r--r-- 1 149694 2017-04-18 14:29 1005_linux-4.9.6.patch
-rw-r--r-- 1 71811 2017-04-18 14:29 1006_linux-4.9.7.patch
-rw-r--r-- 1 64550 2017-04-18 14:29 1007_linux-4.9.8.patch
-rw-r--r-- 1 78333 2017-04-18 14:29 1008_linux-4.9.9.patch
-rw-r--r-- 1 73914 2017-04-18 14:29 1009_linux-4.9.10.patch
-rw-r--r-- 1 60460 2017-04-18 14:29 1010_linux-4.9.11.patch
-rw-r--r-- 1 21015 2017-04-18 14:29 1011_linux-4.9.12.patch
-rw-r--r-- 1 34344 2017-04-18 14:29 1012_linux-4.9.13.patch
-rw-r--r-- 1 220480 2017-04-18 14:29 1013_linux-4.9.14.patch
-rw-r--r-- 1 96906 2017-04-18 14:29 1014_linux-4.9.15.patch
-rw-r--r-- 1 52098 2017-04-18 14:29 1015_linux-4.9.16.patch
-rw-r--r-- 1 195764 2017-04-18 14:29 1016_linux-4.9.17.patch
-rw-r--r-- 1 29223 2017-04-18 14:29 1017_linux-4.9.18.patch
-rw-r--r-- 1 101849 2017-04-18 14:29 1018_linux-4.9.19.patch
-rw-r--r-- 1 17310 2017-04-18 14:29 1019_linux-4.9.20.patch
-rw-r--r-- 1 148261 2017-04-18 14:29 1020_linux-4.9.21.patch
-rw-r--r-- 1 207889 2017-04-18 14:29 1021_linux-4.9.22.patch
-rw-r--r-- 1 40950 2017-04-18 14:29 1022_linux-4.9.23.patch
-rw-r--r-- 1 2369 2017-04-18 14:29 1500_XATTR_USER_PREFIX.patch
-rw-r--r-- 1 717 2017-01-12 13:09 1510_fs-enable-link-security-restrictions-by-default.patch
-rw-r--r-- 1 3056 2017-04-18 14:29 2300_enable-poweroff-on-Mac-Pro-11.patch
-rw-r--r-- 1 1205 2017-04-18 12:46 2900_dev-root-proc-mount-fix.patch
ls -ABRgo 4.9.27/
4.9.27/:
total 9404
-rw-r--r-- 1 2240 2017-05-09 13:04 0000_README
-rw-r--r-- 1 101631 2017-04-22 17:58 1023_linux-4.9.24.patch
-rw-r--r-- 1 25435 2017-05-09 14:08 1024_linux-4.9.25.patch
-rw-r--r-- 1 57956 2017-05-09 14:08 1025_linux-4.9.26.patch
-rw-r--r-- 1 29538 2017-05-09 14:07 1026_linux-4.9.27.patch
-rw-r--r-- 1 9352316 2017-05-09 11:57 4420_grsecurity-3.1-4.9.27-201705082100.patch
-rw-r--r-- 1 665 2016-11-10 01:55 4425_grsec_remove_EI_PAX.patch
-rw-r--r-- 1 1359 2017-01-01 18:15 4426_default_XATTR_PAX_FLAGS.patch
-rw-r--r-- 1 1444 2017-02-15 14:14 4427_force_XATTR_PAX_tmpfs.patch
-rw-r--r-- 1 303 2015-08-14 08:04 4430_grsec-remove-localversion-grsec.patch
-rw-r--r-- 1 1528 2016-08-14 12:16 4435_grsec-mute-warnings.patch
-rw-r--r-- 1 641 2015-08-14 08:04 4440_grsec-remove-protected-paths.patch
-rw-r--r-- 1 4184 2016-12-14 13:33 4450_grsec-kconfig-default-gids.patch
-rw-r--r-- 1 2616 2016-12-14 13:32 4465_selinux-avc_audit-log-curr_ip.patch
-rw-r--r-- 1 2553 2017-02-15 14:14 4470_disable-compat_vdso.patch
-rw-r--r-- 1 1467 2017-01-16 22:22 4475_emutramp_default_on.patch
Regards!
--
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr
Attached Files:
-
hardened-sources-4.9.27.ebuild (1.33 KB)
-
signature.asc (0.81 KB)