summaryrefslogtreecommitdiff
path: root/packages/sys-kernel/caitsith/caitsith.exlib
blob: 2040812170b2ab7e02779ad9c11083897271080f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Copyright 2021 Alex Elsayed <eternaleye@gmail.com>
# Distributed under the terms of the GNU General Public License v2

SCM_REPOSITORY="http://svn.osdn.net/svnroot/${PN}/"
SCM_SUBPATH="caitsith-patch"

if ever is_scm; then
    require scm-svn
fi

SUMMARY="A simplified access restriction module for system protection"
DESCRIPTION="
Characteristic action inspection tool. See if this helps.

CaitSith is an LSM designed to allow flexible, incrementally developable
security policies for complex Linux systems.
"
HOMEPAGE="http://caitsith.osdn.jp"
if ! ever is_scm; then
    DOWNLOADS="https://osdn.net/frs/redir.php?m=tuna&f=${PN}/66537/${PN}-patch-${PV/p/}.tar.gz -> ${PNV}.tar.gz"
fi

LICENCES="GPL-2"
SLOT="0"
PLATFORMS="~amd64"
MYOPTIONS=""

DEPENDENCIES="
    build:
    build+run:
"

src_unpack() {
    if ever is_scm; then
        default

        scm_src_unpack
    else
        edo mkdir ${WORK}
        cd ${WORK}
        unpack ${ARCHIVES}
    fi
}

src_install() {
    insinto /usr/src
    doins -r caitsith

    cat <<'KERNEL_INSTALL_BUILDER' > 20-caitsith.install
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh

COMMAND="$1"
KERNEL_VERSION="$2"
BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
KERNEL_DIR="$(dirname "${KERNEL_IMAGE}")"

[[ -n "${KERNEL_VERSION}" ]] || exit 77

ensure() {
    local DIAGNOSTIC="$1"; shift

    "$@"

    if [[ $? != 0 ]]; then
        echo "Unable to ensure ${DIAGNOSTIC}" >&2
        exit 77
    fi
}

case "${COMMAND}" in
    add)
        ensure "CaitSith is built"                         \
            make                                           \
                -j "$(nproc)"                              \
                -C /usr/src/linux/"${KERNEL_VERSION}"      \
                ARCH="$(readlink /usr/host | cut -d- -f1)" \
                CROSS_COMPILE="$(readlink /usr/host)-"     \
                HOSTCC="$(readlink /usr/host)-cc"          \
                HOSTCXX="$(readlink /usr/host)-c++"        \
                KCONFIG_NOSILENTUPDATE=1                   \
                M=/usr/src/caitsith                        \
                KCONFIG_CONFIG=/etc/kernel/preserved/"${KERNEL_VERSION}"/current/config \
                modules

        ensure "CaitSith is installed"                     \
            make                                           \
                -j "$(nproc)"                              \
                -C /usr/src/linux/"${KERNEL_VERSION}"      \
                ARCH="$(readlink /usr/host | cut -d- -f1)" \
                CROSS_COMPILE="$(readlink /usr/host)-"     \
                HOSTCC="$(readlink /usr/host)-cc"          \
                HOSTCXX="$(readlink /usr/host)-c++"        \
                KCONFIG_NOSILENTUPDATE=1                   \
                M=/usr/src/caitsith                        \
                KCONFIG_CONFIG=/etc/kernel/preserved/"${KERNEL_VERSION}"/current/config \
                modules_install
        ;;
    remove)
        rm -rf /lib/modules/"${KERNEL_VERSION}"
        ;;
    *)
        exit 0
esac
KERNEL_INSTALL_BUILDER
    exeinto /usr/$(exhost --target)/lib/kernel/install.d
    doexe 20-caitsith.install
}