Re: [DNG] unoffic-grsec 4.9.27 kernel compile, one last hurdle
On 170513-00:21+0200, Miroslav Rovis wrote: > On 170512-22:49+0200, Mathias Krause wrote: > > Hi Miroslav, > > > > On 12 May 2017 at 22:06, Miroslav Rovis> > wrote: > > > [...] ... > > Thanks for testing! > Very glad that I'm getting useful... Been working hard for years... > > > > Regards, > > Mathias > > > > [1] > > https://github.com/minipli/linux-unofficial_grsec/commit/fc6850f573063e8b02a2b6d756abbe2c7ae8618f > Right: > > $ git describe fc6850f573063 > v4.9.27-unofficial_grsec-1-gfc6850f57306 > $ ... > $ git diff v4.9.27..v4.9.27-unofficial_grsec-1-gfc6850f57306 > \ > ~/Downloads/unofficial_grsec-v4.9.27-unofficial_grsec-1-gfc6850f57306.diff > > And that is being built. And then, for my dear Devuaners, then (once it > hopefully all works) It works. I have installed that grsecurity-hardened kernel. It's in the other boot available in this online machine. Both my Air-Gapped and my for-online machine/the clone of it, are dual booting to Gentoo and to Devuan, in encrypted root and encrypted swap, and the Devuan feels so great! > I make a tip on dev1galaxy.org. I have been wishing > to teach newbies grsec for years! I've created: Grsecurity/Pax installation on Devuan GNU/Linux https://dev1galaxy.org/viewtopic.php?id=596 (reason explained there) and also: Install Devuan into encrypted root and swap partitions https://dev1galaxy.org/viewtopic.php?id=597 so I can go to sleep... and tomorrow I boot into Devuan and do the first introductory revisions of those tips... Good night! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] unoffic-grsec 4.9.27 kernel compile, one last hurdle
On 170512-22:49+0200, Mathias Krause wrote: > Hi Miroslav, > > On 12 May 2017 at 22:06, Miroslav Roviswrote: > > [...] > > dpkg-gencontrol: error: illegal package name > > 'linux-headers-4.9.27-unofficial_grsec170512-14': character '_' not allowed > > scripts/package/Makefile:91: recipe for target 'deb-pkg' failed > > make[1]: *** [deb-pkg] Error 255 > > Makefile:1334: recipe for target 'deb-pkg' failed > > make: *** [deb-pkg] Error 2 > > > > [...] Also I think I saw (but wasn't able to find it) that > > Mathias Krause made a notice about it in his github (but he hasn't yet > > fixed it in that minipli repo of his, the link way in the top; > > well, this one *is* actually fixed in the git repo already, see [1]. > I haven't tagged that release, though. So maybe you just apply that > patch locally? It's really just a 'sed s/_/+/ localversion-*'. Yeah, I figured out. See below. Yes, I hope so. It's churning on (slow machine). I hope so: > After applying the diff, just re-do the 'make deb-pkg'. It should't > rebuild everything, just a few files and the Debian packages. > > Thanks for testing! Very glad that I'm getting useful... Been working hard for years... > > Regards, > Mathias > > [1] > https://github.com/minipli/linux-unofficial_grsec/commit/fc6850f573063e8b02a2b6d756abbe2c7ae8618f Right: $ git describe fc6850f573063 v4.9.27-unofficial_grsec-1-gfc6850f57306 $ which shows it: $ diff ~/Downloads/unofficial_grsec-v4.9.27.diff ~/Downloads/unofficial_grsec-v4.9.27-unofficial_grsec-1-gfc6850f57306.diff 153902c153902 < index ..3c4df767c6cd --- > index ..ca785b0383c4 153906c153906 < +-unofficial_grsec --- > +-unofficial+grsec $ And then: $ git diff v4.9.27..v4.9.27-unofficial_grsec-1-gfc6850f57306 > \ ~/Downloads/unofficial_grsec-v4.9.27-unofficial_grsec-1-gfc6850f57306.diff And that is being built. And then, for my dear Devuaners, then (once it hopefully all works) I make a tip on dev1galaxy.org. I have been wishing to teach newbies grsec for years! My thanks to you, Mathias! Ah, for everybody who is interested in the KSPP[*] and grsecurity long standing controversy, here's a must read: It looks like there will be no more public versions of PaX and Grsec http://openwall.com/lists/kernel-hardening/2017/05/11/2 (it's the reply by PaX Team :) and it's delicious, has shut some mouths stiff closed, as I see it; repent, rippers in the shadows, if you can, you --in your mind and in appearance, but you're small-- big guys... I don't have it so much with the servants of yours... ) --- [*] Kernel Self Protection Project, basically, regarded by many as some kind of a ripoff of grsecurity's code Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] unoffic-grsec 4.9.27 kernel compile, one last hurdle
On 170512-22:32+0200, Jaromil wrote: > dear Miroslav, > > On Fri, 12 May 2017, Miroslav Rovis wrote: > > > [4] Will git.devuan.org be getting more reliable in availability, is > > that expected? I wouldn't mind that it couldn't possibly be as > > perfect and fast as gihub, for that the Team would need to > > collude with the mighty, which I hope they never will (some > > distros do...), but just solidly reliably available, any hope > > for that? Because I would prefer using git.devuan.org instead of > > github... > > yes, our intention is to move it from the current location to a bigger > host which is going to make it more scalable. after that we can debate > if gitlab is really the best solution or not, however for the time > being the goal is to make it more reliable, despite its rather high > demand of resources (gitlab is in ruby...) > I see. Thanks for a quick reply! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] unoffic-grsec 4.9.27 kernel compile, one last hurdle
dear Miroslav, On Fri, 12 May 2017, Miroslav Rovis wrote: > [4] Will git.devuan.org be getting more reliable in availability, is > that expected? I wouldn't mind that it couldn't possibly be as > perfect and fast as gihub, for that the Team would need to > collude with the mighty, which I hope they never will (some > distros do...), but just solidly reliably available, any hope > for that? Because I would prefer using git.devuan.org instead of > github... yes, our intention is to move it from the current location to a bigger host which is going to make it more scalable. after that we can debate if gitlab is really the best solution or not, however for the time being the goal is to make it more reliable, despite its rather high demand of resources (gitlab is in ruby...) ciao ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] unoffic-grsec 4.9.27 kernel compile, one last hurdle
Hi! I'm trying to compile grsec, unofficial, by minipli[1]: https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec I think I got (maybe only) one serious hurdle (left to go) to install grsec-hardened kernel in my Devuan machine[2]. I used the script that a lot of users followed in pre-corsac grsecurity-packages for Debian, so actively until some two years ago, passively still visited, and I'm (finally[3]) starting to adapt it for Devuan[4]: Grsecurity/Pax installation on Debian GNU/Linux http://forums.debian.net/viewtopic.php?f=16=108616 and the very first poor-quality preview of Devuan-only script I attach: grsec-dev1-compile.sh.gz (pls. note that's a preview even worse than my usual poor-quality scripting, no time yet) And with that script I have the following hurdle to overcome. It's at the very end of the srcipt, at the run of: fakeroot make deb-pkg (line 258) Here is the excerpt (and Dev1_170512_fakeroot_make_deb-pkg_ERROR.txt.gz is a much larger stretch of): ... CC lib/swiotlb.o CC lib/iommu-helper.o CC lib/iommu-common.o CC lib/syscall.o CC lib/nlattr.o CC lib/cpu_rmap.o CC lib/dynamic_queue_limits.o CC lib/glob.o ... CC lib/string.o CC lib/timerqueue.o CC lib/vsprintf.o CC lib/win_minmax.o AR lib/lib.a EXPORTS lib/lib-ksyms.o LD lib/built-in.o CC arch/x86/lib/msr-smp.o CC arch/x86/lib/cache-smp.o CC arch/x86/lib/msr.o AS arch/x86/lib/msr-reg.o ... CC arch/x86/lib/usercopy.o CC arch/x86/lib/usercopy_64.o AR arch/x86/lib/lib.a EXPORTS arch/x86/lib/lib-ksyms.o LD arch/x86/lib/built-in.o CC virt/lib/irqbypass.o LD virt/lib/built-in.o LD virt/built-in.o LD vmlinux.o MODPOST vmlinux.o ... GEN .version CHK include/generated/compile.h UPD include/generated/compile.h CC init/version.o LD init/built-in.o KSYM.tmp_kallsyms1.o KSYM.tmp_kallsyms2.o LD vmlinux SORTEX vmlinux SYSMAP System.map CC arch/x86/boot/a20.o AS arch/x86/boot/bioscall.o CC arch/x86/boot/cmdline.o AS arch/x86/boot/copy.o HOSTCC arch/x86/boot/mkcpustr CPUSTR arch/x86/boot/cpustr.h CC arch/x86/boot/cpu.o CC arch/x86/boot/cpuflags.o CC arch/x86/boot/cpucheck.o CC arch/x86/boot/early_serial_console.o CC arch/x86/boot/edd.o LDS arch/x86/boot/compressed/vmlinux.lds AS arch/x86/boot/compressed/head_64.o VOFFSET arch/x86/boot/compressed/../voffset.h ... CC arch/x86/boot/video-vga.o CC arch/x86/boot/video-vesa.o CC arch/x86/boot/video-bios.o LD arch/x86/boot/setup.elf OBJCOPY arch/x86/boot/setup.bin OBJCOPY arch/x86/boot/vmlinux.bin HOSTCC arch/x86/boot/tools/build BUILD arch/x86/boot/bzImage Setup is 15596 bytes (padded to 15872 bytes). System is 7291 kB CRC b8db2ca1 Kernel: arch/x86/boot/bzImage is ready (#1) Building modules, stage 2. MODPOST 5 modules ... CC drivers/video/backlight/lcd.mod.o LD [M] drivers/video/backlight/lcd.ko BUILDDEB INSTALL arch/x86/kernel/test_nx.ko INSTALL drivers/media/dvb-frontends/helene.ko INSTALL drivers/media/dvb-frontends/mn88472.ko INSTALL drivers/media/dvb-frontends/mn88473.ko INSTALL drivers/video/backlight/lcd.ko DEPMOD 4.9.27-unofficial_grsec170512-14 CHK include/generated/uapi/linux/version.h HOSTCC scripts/unifdef INSTALL usr/include/asm-generic/ (35 files) INSTALL usr/include/drm/ (21 files) INSTALL usr/include/linux/android/ (1 file) ... INSTALL usr/include/xen/ (4 files) INSTALL usr/include/uapi/ (0 file) INSTALL usr/include/asm/ (65 files) CHECK usr/include/asm-generic/ (35 files) CHECK usr/include/drm/ (21 files) CHECK usr/include/linux/android/ (1 files) CHECK usr/include/linux/byteorder/ (2 files) CHECK usr/include/linux/caif/ (2 files) ... CHECK usr/include/sound/ (15 files) CHECK usr/include/video/ (3 files) CHECK usr/include/xen/ (4 files) CHECK usr/include/uapi/ (0 files) CHECK usr/include/asm/ (65 files) CHK include/generated/uapi/linux/version.h INSTALL debian/headertmp/usr/include/asm-generic/ (35 files) INSTALL debian/headertmp/usr/include/drm/ (21 files) INSTALL debian/headertmp/usr/include/linux/android/ (1 file) INSTALL debian/headertmp/usr/include/linux/byteorder/ (2 files) ... INSTALL debian/headertmp/usr/include/video/ (3 files) INSTALL debian/headertmp/usr/include/xen/ (4 files) INSTALL debian/headertmp/usr/include/uapi/ (0 file) INSTALL debian/headertmp/usr/include/asm/ (65 files) Using default distribution of 'unstable' in the changelog Install lsb-release or set $KDEB_CHANGELOG_DIST explicitly dpkg-gencontrol: error: illegal package name 'linux-headers-4.9.27-unofficial_grsec170512-14': character '_' not allowed scripts/package/Makefile:91: recipe for target