Репозиторий Sisyphus
Последнее обновление: 23 января 2022 | Пакетов: 17488 | Посещений: 22826628
en ru br
Репозитории ALT
S:0.9.2.0.1.git10ba314-alt2
www.altlinux.org/Changes

Группа :: Разработка/Ядро
Пакет: kernel-source-lkrg

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

%define module_name lkrg
%define module_version 0.9.2.0.1.git10ba314

Name: kernel-source-lkrg
Version: %module_version
Release: alt1

Summary:  Linux Kernel Runtime Guard module sources

License: GPL-2.0
Group: Development/Kernel
Url:  https://www.openwall.com/lkrg/

VCS: https://github.com/openwall/lkrg.git
Source: %module_name-%version.tar
Source1: %module_name.init

ExclusiveArch: aarch64 armh %ix86 x86_64
BuildRequires(pre): rpm-build-kernel
%{?!_without_check:%{?!_disable_check:BuildRequires: kernel-headers-modules-un-def}}
BuildArch: noarch

%description
Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs
runtime integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. As controversial as this concept is,
LKRG attempts to post-detect and hopefully promptly respond to unauthorized
modifications to the running Linux kernel (integrity checking) or to
credentials (such as user IDs) of the running processes (exploit
detection). For process credentials, LKRG attempts to detect the exploit and
take action before the kernel would grant the process access (such as open a
file) based on the unauthorized credentials.

This package contains the LKRG sources.

%package -n lkrg-common
Summary: Common files for Linux Kernel Runtime Guard module
BuildArch: noarch
Group: System/Configuration/Other
Provides: lkrg-config = %version
Obsoletes: lkrg-config < %version

%description -n lkrg-common
Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs
runtime integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. As controversial as this concept is,
LKRG attempts to post-detect and hopefully promptly respond to unauthorized
modifications to the running Linux kernel (integrity checking) or to
credentials (such as user IDs) of the running processes (exploit
detection). For process credentials, LKRG attempts to detect the exploit and
take action before the kernel would grant the process access (such as open a
file) based on the unauthorized credentials.

This package contains common files fo Linux Kernel Runtime Guard.

%prep
%setup -q -c
cp -a %SOURCE1 .

%install
mkdir -p %kernel_srcdir
tar -cjf %kernel_srcdir/%name-%version.tar.bz2 %module_name-%version
mkdir -p %buildroot%_sysconfdir/sysctl.d
cp -a %module_name-%version/scripts/bootup/lkrg.conf %buildroot%_sysconfdir/sysctl.d/lkrg.conf

mkdir -p %buildroot%_initdir
install -pm755 lkrg.init %buildroot%_initdir/lkrg

mkdir -p %buildroot%_unitdir
cat <<EOF >%buildroot%_unitdir/lkrg.service
[Unit]
Description=Linux Kernel Runtime Guard
DefaultDependencies=no
After=systemd-modules-load.service
Before=systemd-sysctl.service
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
ConditionKernelCommandLine=!nolkrg

[Service]
Type=oneshot
ExecStart=/etc/rc.d/init.d/lkrg start
ExecStop=/etc/rc.d/init.d/lkrg stop
RemainAfterExit=yes

[Install]
WantedBy=sysinit.target
EOF

mkdir -p %buildroot%_presetdir
cat <<EOF >%buildroot%_presetdir/30-lkrg.preset
enable lkrg.service
EOF

%check
# Just a test build on un-def kernel.
cd %module_name-%version
for V in $(ls /lib/modules); do
make -s %_smp_mflags KERNELRELEASE=$V
done

%post -n lkrg-common
%post_service lkrg

%preun -n lkrg-common
%preun_service lkrg

%files
%attr(0644,root,root) %kernel_src/%name-%version.tar.bz2

%files -n lkrg-common
%config(noreplace) %_sysconfdir/sysctl.d/lkrg.conf
%_initdir/lkrg
%_unitdir/lkrg.service
%_presetdir/30-lkrg.preset

%changelog

Полный changelog можно просмотреть здесь

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin