Group :: Desenvolvimento/Kernel
RPM: kernel-source-lkrg
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
%define module_name lkrg
%define module_version 0.9.6
Name: kernel-source-lkrg
Version: %module_version
Release: alt2
Summary: Linux Kernel Runtime Guard module sources
License: GPL-2.0
Group: Development/Kernel
Url: https://lkrg.org/
VCS: https://github.com/lkrg-org/lkrg.git
Source: %module_name-%version.tar
Source1: %module_name.init
Patch: %name-%version-%release.patch
ExclusiveArch: aarch64 armh %ix86 x86_64
BuildRequires(pre): rpm-build-kernel
%{?!_without_check:%{?!_disable_check:BuildRequires: kernel-headers-modules-un-def}}
BuildArch: noarch
%description
Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs
runtime integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. As controversial as this concept is,
LKRG attempts to post-detect and hopefully promptly respond to unauthorized
modifications to the running Linux kernel (integrity checking) or to
credentials (such as user IDs) of the running processes (exploit
detection). For process credentials, LKRG attempts to detect the exploit and
take action before the kernel would grant the process access (such as open a
file) based on the unauthorized credentials.
This package contains the LKRG sources.
%package -n lkrg-common
Summary: Common files for Linux Kernel Runtime Guard module
BuildArch: noarch
Group: System/Configuration/Other
Provides: lkrg-config = %version
Obsoletes: lkrg-config < %version
%description -n lkrg-common
Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs
runtime integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. As controversial as this concept is,
LKRG attempts to post-detect and hopefully promptly respond to unauthorized
modifications to the running Linux kernel (integrity checking) or to
credentials (such as user IDs) of the running processes (exploit
detection). For process credentials, LKRG attempts to detect the exploit and
take action before the kernel would grant the process access (such as open a
file) based on the unauthorized credentials.
This package contains common files fo Linux Kernel Runtime Guard.
%prep
%setup -q -c
pushd %module_name-%version
%patch -p1
popd
cp -a %SOURCE1 .
%install
mkdir -p %kernel_srcdir
tar -cjf %kernel_srcdir/%name-%version.tar.bz2 %module_name-%version
mkdir -p %buildroot%_sysconfdir
cp -a %module_name-%version/scripts/bootup/lkrg.conf %buildroot%_sysconfdir/lkrg.conf
mkdir -p %buildroot%_initdir
install -pm755 lkrg.init %buildroot%_initdir/lkrg
mkdir -p %buildroot%_unitdir
cat <<EOF >%buildroot%_unitdir/lkrg.service
[Unit]
Description=Linux Kernel Runtime Guard
DefaultDependencies=no
After=systemd-modules-load.service
Before=systemd-sysctl.service
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
ConditionKernelCommandLine=!nolkrg
[Service]
Type=oneshot
ExecStart=/etc/rc.d/init.d/lkrg start
ExecStop=/etc/rc.d/init.d/lkrg stop
RemainAfterExit=yes
[Install]
WantedBy=sysinit.target
EOF
mkdir -p %buildroot%_presetdir
cat <<EOF >%buildroot%_presetdir/30-lkrg.preset
enable lkrg.service
EOF
%check
# Just a test build on un-def kernel.
cd %module_name-%version
for V in $(ls /lib/modules); do
make -s %_smp_mflags KERNELRELEASE=$V
done
%triggerun -n lkrg-common -- lkrg-config < 0.9.2.0.1.git10ba314-alt2 lkrg-common < 0.9.2.0.1.git10ba314-alt2
if [ -e %_sysconfdir/sysctl.d/lkrg.conf ]; then
echo "Migrating an LKRG config to the new place"
if ! diff -q %_sysconfdir/{,sysctl.d/}lkrg.conf >/dev/null; then
mv %_sysconfdir/lkrg.conf{,.rpmnew}
fi
mv %_sysconfdir/sysctl.d/lkrg.conf %_sysconfdir/lkrg.conf
fi
%preun -n lkrg-common
%preun_service lkrg
%files
%attr(0644,root,root) %kernel_src/%name-%version.tar.bz2
%files -n lkrg-common
%config(noreplace) %_sysconfdir/lkrg.conf
%_initdir/lkrg
%_unitdir/lkrg.service
%_presetdir/30-lkrg.preset
%changelog
…
Todas as alterações você pod ver aqui
%define module_version 0.9.6
Name: kernel-source-lkrg
Version: %module_version
Release: alt2
Summary: Linux Kernel Runtime Guard module sources
License: GPL-2.0
Group: Development/Kernel
Url: https://lkrg.org/
VCS: https://github.com/lkrg-org/lkrg.git
Source: %module_name-%version.tar
Source1: %module_name.init
Patch: %name-%version-%release.patch
ExclusiveArch: aarch64 armh %ix86 x86_64
BuildRequires(pre): rpm-build-kernel
%{?!_without_check:%{?!_disable_check:BuildRequires: kernel-headers-modules-un-def}}
BuildArch: noarch
%description
Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs
runtime integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. As controversial as this concept is,
LKRG attempts to post-detect and hopefully promptly respond to unauthorized
modifications to the running Linux kernel (integrity checking) or to
credentials (such as user IDs) of the running processes (exploit
detection). For process credentials, LKRG attempts to detect the exploit and
take action before the kernel would grant the process access (such as open a
file) based on the unauthorized credentials.
This package contains the LKRG sources.
%package -n lkrg-common
Summary: Common files for Linux Kernel Runtime Guard module
BuildArch: noarch
Group: System/Configuration/Other
Provides: lkrg-config = %version
Obsoletes: lkrg-config < %version
%description -n lkrg-common
Linux Kernel Runtime Guard (LKRG) is a loadable kernel module that performs
runtime integrity checking of the Linux kernel and detection of security
vulnerability exploits against the kernel. As controversial as this concept is,
LKRG attempts to post-detect and hopefully promptly respond to unauthorized
modifications to the running Linux kernel (integrity checking) or to
credentials (such as user IDs) of the running processes (exploit
detection). For process credentials, LKRG attempts to detect the exploit and
take action before the kernel would grant the process access (such as open a
file) based on the unauthorized credentials.
This package contains common files fo Linux Kernel Runtime Guard.
%prep
%setup -q -c
pushd %module_name-%version
%patch -p1
popd
cp -a %SOURCE1 .
%install
mkdir -p %kernel_srcdir
tar -cjf %kernel_srcdir/%name-%version.tar.bz2 %module_name-%version
mkdir -p %buildroot%_sysconfdir
cp -a %module_name-%version/scripts/bootup/lkrg.conf %buildroot%_sysconfdir/lkrg.conf
mkdir -p %buildroot%_initdir
install -pm755 lkrg.init %buildroot%_initdir/lkrg
mkdir -p %buildroot%_unitdir
cat <<EOF >%buildroot%_unitdir/lkrg.service
[Unit]
Description=Linux Kernel Runtime Guard
DefaultDependencies=no
After=systemd-modules-load.service
Before=systemd-sysctl.service
Before=sysinit.target shutdown.target
Conflicts=shutdown.target
ConditionKernelCommandLine=!nolkrg
[Service]
Type=oneshot
ExecStart=/etc/rc.d/init.d/lkrg start
ExecStop=/etc/rc.d/init.d/lkrg stop
RemainAfterExit=yes
[Install]
WantedBy=sysinit.target
EOF
mkdir -p %buildroot%_presetdir
cat <<EOF >%buildroot%_presetdir/30-lkrg.preset
enable lkrg.service
EOF
%check
# Just a test build on un-def kernel.
cd %module_name-%version
for V in $(ls /lib/modules); do
make -s %_smp_mflags KERNELRELEASE=$V
done
%triggerun -n lkrg-common -- lkrg-config < 0.9.2.0.1.git10ba314-alt2 lkrg-common < 0.9.2.0.1.git10ba314-alt2
if [ -e %_sysconfdir/sysctl.d/lkrg.conf ]; then
echo "Migrating an LKRG config to the new place"
if ! diff -q %_sysconfdir/{,sysctl.d/}lkrg.conf >/dev/null; then
mv %_sysconfdir/lkrg.conf{,.rpmnew}
fi
mv %_sysconfdir/sysctl.d/lkrg.conf %_sysconfdir/lkrg.conf
fi
%preun -n lkrg-common
%preun_service lkrg
%files
%attr(0644,root,root) %kernel_src/%name-%version.tar.bz2
%files -n lkrg-common
%config(noreplace) %_sysconfdir/lkrg.conf
%_initdir/lkrg
%_unitdir/lkrg.service
%_presetdir/30-lkrg.preset
%changelog
…
Todas as alterações você pod ver aqui