commit: e4393f651576637ce32d85264261144e6c82eb71
Author: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 8 19:57:40 2014 +0000
Commit: Devan Franchini <twitch153 <AT> gentoo <DOT> org>
CommitDate: Tue Apr 8 19:57:40 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/releng.git;a=commit;h=e4393f65
tools-hardened/desktop: centralizes common code for build scripts
---
tools-hardened/desktop/fluxbox-run.sh | 135 ++---------------------------
tools-hardened/desktop/gnome3-run.sh | 126 ++-------------------------
tools-hardened/desktop/make.sh | 4 +-
tools-hardened/desktop/run-base.sh | 142 +++++++++++++++++++++++++++++++
tools-hardened/desktop/xfce4-run.sh | 155 +++++-----------------------------
5 files changed, 179 insertions(+), 383 deletions(-)
diff --git a/tools-hardened/desktop/fluxbox-run.sh
b/tools-hardened/desktop/fluxbox-run.sh
index 1be294d..82a7669 100755
--- a/tools-hardened/desktop/fluxbox-run.sh
+++ b/tools-hardened/desktop/fluxbox-run.sh
@@ -8,102 +8,12 @@
STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
+MAKE_BASE="xfce4"
+KEYWORDS_BASE="gnome"
+USE_BASE="xfce4"
+WORLD_BASE="fluxbox"
-unpack_stage3() {
- mkdir "${ROOTFS}"
- tar -x -C "${ROOTFS}" -f "${STAGE3}"
-}
-
-mount_dirs() {
- mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
-}
-
-populate_etc() {
- cp -f files/fstab "${ROOTFS}"/etc/fstab
- cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
-
- rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
- cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
- cp -f files/portage/package.gnome.accept_keywords
"${ROOTFS}"/etc/portage/package.accept_keywords
- cp -f files/portage/package.xfce4.use
"${ROOTFS}"/etc/portage/package.use
- cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
- cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
-}
-
-rebuild_toolchain() {
- cp -f toolchain.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/toolchain.sh
- rm -f "${ROOTFS}"/tmp/toolchain.sh
-}
-
-rebuild_world() {
- cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
- cp -f files/fluxbox-world "${ROOTFS}"/var/lib/portage/world
- cp -f rebuild.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/rebuild.sh
- rm -f "${ROOTFS}"/tmp/rebuild.sh
-}
-
-
-update_world() {
- cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
- cp -f update.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/update.sh
- rm -f "${ROOTFS}"/tmp/update.sh
-}
-
-build_kernel() {
- local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz";
- mkdir -p "${ROOTFS}"/boot
-
- genkernel \
- --kernel-config=files/kernel-config \
- --makeopts=-j9 \
- --static \
- --symlink \
- --no-mountboot \
- --kerneldir="${KERNEL_SOURCE}" \
- --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
- all
-
- #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
- # objcopy --strip-unneeded $i
- #done
- rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
- wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
- tar -x -C "${PWD}"/files -f th-boot.tar.gz
- cp -Rf files/th-boot/grub "${ROOTFS}"/boot
- rm -f "${PWD}"/th-boot.tar.gz
-}
-
-setup_initrc() {
- ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
- chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add alsasound boot
- chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
- chroot "${ROOTFS}"/ rc-update add device-mapper boot
- chroot "${ROOTFS}"/ rc-update add lvm boot
- chroot "${ROOTFS}"/ rc-update add udev boot
- chroot "${ROOTFS}"/ rc-update add cupsd default
- chroot "${ROOTFS}"/ rc-update add cronie default
- chroot "${ROOTFS}"/ rc-update add net.eth0 default
- chroot "${ROOTFS}"/ rc-update add postfix default
- chroot "${ROOTFS}"/ rc-update add sshd default
- chroot "${ROOTFS}"/ rc-update add xdm default
- chroot "${ROOTFS}"/ rc-update add avahi-daemon default
- chroot "${ROOTFS}"/ rc-update add dbus default
- chroot "${ROOTFS}"/ rc-update add samba default
- chroot "${ROOTFS}"/ rc-update add syslog-ng default
- chroot "${ROOTFS}"/ rc-update add udev-postmount default
- chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
- chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
-}
+source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user";
@@ -124,8 +34,7 @@ setup_usergroups() {
rm -rf "${ROOTFS}"/home/thuser
cp -a thuser "${ROOTFS}"/home/thuser
- sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/'
"${ROOTFS}"/home/thuser/.xinitrc
- cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
+ sed -i -e 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/'
"${ROOTFS}"/home/thuser/.xinitrc
cp -a files/{Encrypt,Save,Utilities} "${ROOTFS}"/home/thuser
rm -rf "${ROOTFS}"/home/thuser/Utilities/post_gnome3_install.sh
mkdir -p
"${ROOTFS}"/home/thuser/{Desktop,Documents,Downloads,Music,Pictures,Public,Templates,Videos,.ssh,.cache/dconf,.config/dconf}
@@ -136,6 +45,7 @@ setup_usergroups() {
chroot "${ROOTFS}"/ chown -R thuser:thuser /home/thuser
sed -i 's/# \(%wheel.*NOPASSWD\)/\1/' "${ROOTFS}"/etc/sudoers
sed -i 's/^\/usr\/*.*/\/usr\/bin\/fluxbox/'
"${ROOTFS}"/etc/skel/.xinitrc
+ cp -f files/usermenu "${ROOTFS}"/home/thuser/.fluxbox/my-menu
}
setup_confs() {
@@ -160,36 +70,7 @@ setup_confs() {
chroot "${ROOTFS}"/ eselect locale set 3
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of
SO_REUSEPORT
- # NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
- #sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g'
"${ROOTFS}"/etc/avahi/avahi-daemon.conf
-}
-
-cleanup_dirs() {
- rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/var/cache/*
- rm -rf "${ROOTFS}"/var/log/*
- rm -rf "${ROOTFS}"/var/tmp/*
- rm -rf "${ROOTFS}"/etc/resolv.conf
- rm -rf "${ROOTFS}"/etc/ssh/*key*
- rm -rf "${ROOTFS}"/root/.viminfo
- for i in ${ROOTFS}/root/.bash_history ; do >$i; done
- find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
-}
-
-unmount_dirs() {
- umount "${ROOTFS}"/sys/
- umount "${ROOTFS}"/dev/shm
- umount "${ROOTFS}"/dev/pts/
- umount "${ROOTFS}"/dev/
- umount "${ROOTFS}"/proc/
- umount "${ROOTFS}"/usr/portage/
-
- mkdir "${ROOTFS}"/usr/portage/profiles/
- echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
-}
-
-make_iso() {
- MYROOT="${ROOTFS}" ./make.sh
+ sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g'
"${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
diff --git a/tools-hardened/desktop/gnome3-run.sh
b/tools-hardened/desktop/gnome3-run.sh
index 6b9b842..5dbf9e2 100755
--- a/tools-hardened/desktop/gnome3-run.sh
+++ b/tools-hardened/desktop/gnome3-run.sh
@@ -4,103 +4,17 @@ ARCH=${ARCH:-"amd64"}
ROOTFS="th-${ARCH}-gnome"
PWD="$(pwd)"
-STAGE3="/var/tmp/catalyst/builds/hardened/amd64/stage3-amd64-hardened-latest.tar.bz2"
+STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest.tar.bz2"
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
+BASE="gnome"
+MAKE_BASE="${BASE}"
+KEYWORDS_BASE="${BASE}"
+USE_BASE="${BASE}"
+WORLD_BASE="${BASE}"
-unpack_stage3() {
- mkdir "${ROOTFS}"
- tar -x -C "${ROOTFS}" -f "${STAGE3}"
-}
-
-mount_dirs() {
- mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
-}
-
-populate_etc() {
- cp -f files/fstab "${ROOTFS}"/etc/fstab
- cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
-
- rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
- cp -f files/portage/make.gnome.1 "${ROOTFS}"/etc/portage/make.conf
-
- cp -f files/portage/package.gnome.accept_keywords
"${ROOTFS}"/etc/portage/package.accept_keywords
- cp -f files/portage/package.gnome.use
"${ROOTFS}"/etc/portage/package.use
- cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
- cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
-}
-
-rebuild_toolchain() {
- cp -f toolchain.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/toolchain.sh
- rm -f "${ROOTFS}"/tmp/toolchain.sh
-}
-
-rebuild_world() {
- cp -f files/gnome-world "${ROOTFS}"/var/lib/portage/world
- cp -f rebuild.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/rebuild.sh
- rm -f "${ROOTFS}"/tmp/rebuild.sh
-}
-
-
-update_world() {
- cp -f files/portage/make.gnome.2 "${ROOTFS}"/etc/portage/make.conf
-
- cp -f update.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/update.sh
- rm -f "${ROOTFS}"/tmp/update.sh
-}
-
-build_kernel() {
- local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz";
- mkdir -p "${ROOTFS}"/boot
-
- genkernel \
- --kernel-config=files/kernel-config \
- --makeopts=-j9 \
- --static \
- --symlink \
- --no-mountboot \
- --kerneldir="${KERNEL_SOURCE}" \
- --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
- all
-
- #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
- # objcopy --strip-unneeded $i
- # done
- rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
- wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
- tar -x -C "${PWD}"/files -f th-boot.tar.gz
- cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
- rm -f "${PWD}"/th-boot.tar.gz
-}
-
-setup_systemd() {
- ln -sf /proc/self/mounts /etc/mtab
- sed -i -e 's/#
GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/'
"${ROOTFS}"/etc/default/grub
- chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
- chroot "${ROOTFS}"/ systemctl enable bluetooth.service
- chroot "${ROOTFS}"/ systemctl enable cups.service
- chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
- chroot "${ROOTFS}"/ systemctl enable cronie.service
- chroot "${ROOTFS}"/ systemctl enable gdm.service
- chroot "${ROOTFS}"/ systemctl enable metalog.service
- chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
- chroot "${ROOTFS}"/ systemctl enable postfix.service
- chroot "${ROOTFS}"/ systemctl enable smbd.service
- chroot "${ROOTFS}"/ systemctl enable sshd.service
- #chroot "${ROOTFS}"/ systemctl enable udev.service
- #chroot "${ROOTFS}"/ systemctl enable udev-settle.service
- #chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
-}
+source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user";
@@ -147,31 +61,7 @@ setup_confs() {
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of
SO_REUSEPORT
- # NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
- #sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g'
"${ROOTFS}"/etc/avahi/avahi-daemon.conf
-}
-
-cleanup_dirs() {
- rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/var/log/*
- rm -rf "${ROOTFS}"/var/tmp/*
- rm -rf "${ROOTFS}"/etc/resolv.conf
-}
-
-unmount_dirs() {
- umount -l "${ROOTFS}"/sys/
- umount -l "${ROOTFS}"/dev/shm
- umount -l "${ROOTFS}"/dev/pts/
- umount -l "${ROOTFS}"/dev/
- umount -l "${ROOTFS}"/proc/
- umount -l "${ROOTFS}"/usr/portage/
-
- mkdir "${ROOTFS}"/usr/portage/profiles/
- echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
-}
-
-make_iso() {
- MYROOT="${ROOTFS}" ./make.sh
+ sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g'
"${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
diff --git a/tools-hardened/desktop/make.sh b/tools-hardened/desktop/make.sh
index 1df4681..aae8565 100755
--- a/tools-hardened/desktop/make.sh
+++ b/tools-hardened/desktop/make.sh
@@ -2,7 +2,7 @@
WORKING=$(pwd)
CHROOTS=${CHROOTS:-"${WORKING}"}
-MYROOT=${MYROOT:-"desktop-amd64-hardened-ramdisk"}
+MYROOT=${MYROOT:-""}
cleanup()
{
@@ -60,7 +60,7 @@ mkiso()
nameit()
{
DATE=$(date +%Y%m%d)
- NAME="${MYROOT}-${DATE}.iso"
+ NAME="${MYROOT}-${DATE}.iso"
[ -f ramdisk.iso ] && mv ramdisk.iso $NAME || echo "Can't name
ramdisk.iso, I didn't find it."
}
diff --git a/tools-hardened/desktop/run-base.sh
b/tools-hardened/desktop/run-base.sh
new file mode 100755
index 0000000..b9178c8
--- /dev/null
+++ b/tools-hardened/desktop/run-base.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+
+unpack_stage3() {
+ mkdir "${ROOTFS}"
+ tar -x -C "${ROOTFS}" -f "${STAGE3}"
+}
+
+mount_dirs() {
+ mkdir "${ROOTFS}"/usr/portage/
+ mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
+ mount --bind /proc/ "${ROOTFS}"/proc/
+ mount --bind /dev/ "${ROOTFS}"/dev/
+ mount --bind /dev/pts "${ROOTFS}"/dev/pts/
+ mount -t tmpfs shm "${ROOTFS}"/dev/shm
+ mount --bind /sys/ "${ROOTFS}"/sys/
+}
+
+populate_etc() {
+ cp -f files/fstab "${ROOTFS}"/etc/fstab
+ cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
+
+ rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
+ cp -f files/portage/make."${MAKE_BASE}".1
"${ROOTFS}"/etc/portage/make.conf
+ cp -f files/portage/package."${KEYWORDS_BASE}".accept_keywords
"${ROOTFS}"/etc/portage/package.accept_keywords
+ cp -f files/portage/package."${USE_BASE}".use
"${ROOTFS}"/etc/portage/package.use
+ cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
+ cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
+}
+
+rebuild_toolchain() {
+ cp -f toolchain.sh "${ROOTFS}"/tmp/
+ chroot "${ROOTFS}"/ /tmp/toolchain.sh
+ rm -f "${ROOTFS}"/tmp/toolchain.sh
+}
+
+rebuild_world() {
+ cp -f files/"${WORLD_BASE}"-world "${ROOTFS}"/var/lib/portage/world
+ cp -f rebuild.sh "${ROOTFS}"/tmp/
+ chroot "${ROOTFS}"/ /tmp/rebuild.sh
+ rm -f "${ROOTFS}"/tmp/rebuild.sh
+}
+
+update_world() {
+ cp -f files/portage/make."${MAKE_BASE}".2
"${ROOTFS}"/etc/portage/make.conf
+ cp -f update.sh "${ROOTFS}"/tmp/
+ chroot "${ROOTFS}"/ /tmp/update.sh
+ rm -f "${ROOTFS}"/tmp/update.sh
+}
+
+build_kernel() {
+ local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz";
+ mkdir -p "${ROOTFS}"/boot
+
+ genkernel \
+ --kernel-config=files/kernel-config \
+ --makeopts=-j9 \
+ --static \
+ --symlink \
+ --no-mountboot \
+ --kerneldir="${KERNEL_SOURCE}" \
+ --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
+ all
+
+ #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
+ # objcopy --strip-unneeded $i
+ #done
+ rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
+ wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
+ tar -x -C "${PWD}"/files -f th-boot.tar.gz
+ cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
+ rm -f "${PWD}"/th-boot.tar.gz
+}
+
+setup_initrc() {
+ ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
+ chroot "${ROOTFS}"/ rc-update add acpid boot
+ chroot "${ROOTFS}"/ rc-update add alsasound boot
+ chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
+ chroot "${ROOTFS}"/ rc-update add device-mapper boot
+ chroot "${ROOTFS}"/ rc-update add lvm boot
+ chroot "${ROOTFS}"/ rc-update add udev boot
+ chroot "${ROOTFS}"/ rc-update add cupsd default
+ chroot "${ROOTFS}"/ rc-update add cronie default
+ chroot "${ROOTFS}"/ rc-update add net.eth0 default
+ chroot "${ROOTFS}"/ rc-update add postfix default
+ chroot "${ROOTFS}"/ rc-update add sshd default
+ chroot "${ROOTFS}"/ rc-update add xdm default
+ chroot "${ROOTFS}"/ rc-update add avahi-daemon default
+ chroot "${ROOTFS}"/ rc-update add dbus default
+ chroot "${ROOTFS}"/ rc-update add samba default
+ chroot "${ROOTFS}"/ rc-update add syslog-ng default
+ chroot "${ROOTFS}"/ rc-update add udev-postmount default
+ chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
+ chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
+}
+
+setup_systemd() {
+ ln -sf /proc/self/mounts /etc/mtab
+ sed -i -e 's/#
GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="init=\/usr\/lib\/systemd\/systemd"/'
"${ROOTFS}"/etc/default/grub
+ chroot "${ROOTFS}"/ systemctl enable avahi-daemon.service
+ chroot "${ROOTFS}"/ systemctl enable bluetooth.service
+ chroot "${ROOTFS}"/ systemctl enable cups.service
+ chroot "${ROOTFS}"/ systemctl enable dhcpcd.service
+ chroot "${ROOTFS}"/ systemctl enable cronie.service
+ chroot "${ROOTFS}"/ systemctl enable gdm.service
+ chroot "${ROOTFS}"/ systemctl enable metalog.service
+ chroot "${ROOTFS}"/ systemctl enable NetworkManager.service
+ chroot "${ROOTFS}"/ systemctl enable postfix.service
+ chroot "${ROOTFS}"/ systemctl enable smbd.service
+ chroot "${ROOTFS}"/ systemctl enable sshd.service
+ #chroot "${ROOTFS}"/ systemctl enable udev.service
+ #chroot "${ROOTFS}"/ systemctl enable udev-settle.service
+ #chroot "${ROOTFS}"/ systemctl enable udev-trigger.service
+}
+
+cleanup_dirs() {
+ rm -rf "${ROOTFS}"/tmp/*
+ rm -rf "${ROOTFS}"/var/cache/*
+ rm -rf "${ROOTFS}"/var/log/*
+ rm -rf "${ROOTFS}"/var/tmp/*
+ rm -rf "${ROOTFS}"/etc/resolv.conf
+ rm -rf "${ROOTFS}"/etc/ssh/*key*
+ rm -rf "${ROOTFS}"/root/.viminfo
+ for i in ${ROOTFS}/root/.bash_history ; do >$i; done
+ find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
+}
+
+unmount_dirs() {
+ umount "${ROOTFS}"/sys/
+ umount "${ROOTFS}"/dev/shm
+ umount "${ROOTFS}"/dev/pts/
+ umount "${ROOTFS}"/dev/
+ umount "${ROOTFS}"/proc/
+ umount "${ROOTFS}"/usr/portage/
+
+ mkdir "${ROOTFS}"/usr/portage/profiles/
+ echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
+}
+
+make_iso() {
+ MYROOT="${ROOTFS}" ./make.sh
+}
diff --git a/tools-hardened/desktop/xfce4-run.sh
b/tools-hardened/desktop/xfce4-run.sh
index 80ea87e..0d5bafc 100755
--- a/tools-hardened/desktop/xfce4-run.sh
+++ b/tools-hardened/desktop/xfce4-run.sh
@@ -8,101 +8,13 @@
STAGE3="/var/tmp/catalyst/builds/hardened/${ARCH}/stage3-${ARCH}-hardened-latest
LAYMAN="/var/lib/layman"
KERNEL_SOURCE="/usr/src/linux-tinhat"
+BASE="xfce4"
+MAKE_BASE="${BASE}"
+KEYWORDS_BASE="${BASE}"
+USE_BASE="${BASE}"
+WORLD_BASE="${BASE}"
-unpack_stage3() {
- mkdir "${ROOTFS}"
- tar -x -C "${ROOTFS}" -f "${STAGE3}"
-}
-
-mount_dirs() {
- mkdir "${ROOTFS}"/usr/portage/
- mount --bind /usr/portage/ "${ROOTFS}"/usr/portage/
- mount --bind /proc/ "${ROOTFS}"/proc/
- mount --bind /dev/ "${ROOTFS}"/dev/
- mount --bind /dev/pts "${ROOTFS}"/dev/pts/
- mount -t tmpfs shm "${ROOTFS}"/dev/shm
- mount --bind /sys/ "${ROOTFS}"/sys/
-}
-
-populate_etc() {
- cp -f files/fstab "${ROOTFS}"/etc/fstab
- cp -f files/resolv.conf "${ROOTFS}"/etc/resolv.conf
-
- rm -f "${ROOTFS}"/etc/portage/make.conf.catalyst
- cp -f files/portage/make.xfce4.1 "${ROOTFS}"/etc/portage/make.conf
- cp -f files/portage/package.xfce4.accept_keywords
"${ROOTFS}"/etc/portage/package.accept_keywords
- cp -f files/portage/package.xfce4.use
"${ROOTFS}"/etc/portage/package.use
- cp -af files/portage/profile "${ROOTFS}"/etc/portage/profile
- cp -af files/portage/repos.conf "${ROOTFS}"/etc/portage/repos.conf
-}
-
-rebuild_toolchain() {
- cp -f toolchain.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/toolchain.sh
- rm -f "${ROOTFS}"/tmp/toolchain.sh
-}
-
-rebuild_world() {
- cp -f files/xfce4-world "${ROOTFS}"/var/lib/portage/world
- cp -f rebuild.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/rebuild.sh
- rm -f "${ROOTFS}"/tmp/rebuild.sh
-}
-
-
-update_world() {
- cp -f files/portage/make.xfce4.2 "${ROOTFS}"/etc/portage/make.conf
- cp -f update.sh "${ROOTFS}"/tmp/
- chroot "${ROOTFS}"/ /tmp/update.sh
- rm -f "${ROOTFS}"/tmp/update.sh
-}
-
-build_kernel() {
- local TH_BOOT="http://dev.gentoo.org/~twitch153/tinhat/th-boot.tar.gz";
- mkdir -p "${ROOTFS}"/boot
-
- genkernel \
- --kernel-config=files/kernel-config \
- --makeopts=-j9 \
- --static \
- --symlink \
- --no-mountboot \
- --kerneldir="${KERNEL_SOURCE}" \
- --bootdir="${PWD}"/"${ROOTFS}"/boot/ \
- all
-
- #for i in $(find "${PWD}"/"${ROOTFS}"/lib/modules -iname *ko); do
- # objcopy --strip-unneeded $i
- #done
- rm -rf "${PWD}"/"${ROOTFS}"/boot/initramfs*
- wget -O "${PWD}"/th-boot.tar.gz "${TH_BOOT}"
- tar -x -C "${PWD}"/files -f th-boot.tar.gz
- cp -Rf files/th-boot/grub "${ROOTFS}"/boot/
- rm -f "${PWD}"/th-boot.tar.gz
-}
-
-setup_initrc() {
- ln -sf net.lo "${ROOTFS}"/etc/init.d/net.eth0
- chroot "${ROOTFS}"/ rc-update add acpid boot
- chroot "${ROOTFS}"/ rc-update add alsasound boot
- chroot "${ROOTFS}"/ rc-update add cpufrequtils boot
- chroot "${ROOTFS}"/ rc-update add device-mapper boot
- chroot "${ROOTFS}"/ rc-update add lvm boot
- chroot "${ROOTFS}"/ rc-update add udev boot
- chroot "${ROOTFS}"/ rc-update add cupsd default
- chroot "${ROOTFS}"/ rc-update add cronie default
- chroot "${ROOTFS}"/ rc-update add net.eth0 default
- chroot "${ROOTFS}"/ rc-update add postfix default
- chroot "${ROOTFS}"/ rc-update add sshd default
- chroot "${ROOTFS}"/ rc-update add xdm default
- chroot "${ROOTFS}"/ rc-update add avahi-daemon default
- chroot "${ROOTFS}"/ rc-update add dbus default
- chroot "${ROOTFS}"/ rc-update add samba default
- chroot "${ROOTFS}"/ rc-update add syslog-ng default
- chroot "${ROOTFS}"/ rc-update add udev-postmount default
- chroot "${ROOTFS}"/ rc-update add kmod-static-nodes sysinit
- chroot "${ROOTFS}"/ rc-update add udev-mount sysinit
-}
+source run-base.sh
setup_usergroups() {
local DCONF_LOCAL="http://dev.gentoo.org/~blueness/lilblue/user";
@@ -156,52 +68,23 @@ setup_confs() {
chroot "${ROOTFS}"/ eselect locale set 3
cp -a files/locale/02locale "${ROOTFS}"/etc/conf.d/
# In kernels 3.9 and above, we must disallow-other-stacks because of
SO_REUSEPORT
- # NOTE: Current TinHat kernel uses kernel-3.7.5-hardened-r1
- #sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g'
"${ROOTFS}"/etc/avahi/avahi-daemon.conf
-}
-
-cleanup_dirs() {
- rm -rf "${ROOTFS}"/tmp/*
- rm -rf "${ROOTFS}"/var/cache/*
- rm -rf "${ROOTFS}"/var/log/*
- rm -rf "${ROOTFS}"/var/tmp/*
- rm -rf "${ROOTFS}"/etc/resolv.conf
- rm -rf "${ROOTFS}"/etc/ssh/*key*
- rm -rf "${ROOTFS}"/root/.viminfo
- for i in ${ROOTFS}/root/.bash_history ; do >$i; done
- find ${ROOTFS}*/var/log -size +1c -type f -exec rm {} +
-}
-
-unmount_dirs() {
- umount "${ROOTFS}"/sys/
- umount "${ROOTFS}"/dev/shm
- umount "${ROOTFS}"/dev/pts/
- umount "${ROOTFS}"/dev/
- umount "${ROOTFS}"/proc/
- umount "${ROOTFS}"/usr/portage/
-
- mkdir "${ROOTFS}"/usr/portage/profiles/
- echo "gentoo" >> "${ROOTFS}"/usr/portage/profiles/repo_name
-}
-
-make_iso() {
- MYROOT="${ROOTFS}" ./make.sh
+ sed -i 's/^#\(disallow-other-stacks=\)no/\1yes/g'
"${ROOTFS}"/etc/avahi/avahi-daemon.conf
}
main() {
- #unpack_stage3
- #mount_dirs
- #populate_etc
- #rebuild_toolchain
- #rebuild_world
- #update_world
+ unpack_stage3
+ mount_dirs
+ populate_etc
+ rebuild_toolchain
+ rebuild_world
+ update_world
build_kernel
- #setup_initrc
- #setup_usergroups
- #setup_confs
- #cleanup_dirs
- #unmount_dirs
- #make_iso
+ setup_initrc
+ setup_usergroups
+ setup_confs
+ cleanup_dirs
+ unmount_dirs
+ make_iso
}
main > xfce4-"${ARCH}"-build.log 2>&1 &
