Hi! I'm trying to compile grsec, unofficial, by minipli[1]: https://github.com/minipli/linux-unofficial_grsec/tree/linux-4.9.x-unofficial_grsec
I think I got (maybe only) one serious hurdle (left to go) to install grsec-hardened kernel in my Devuan machine[2]. I used the script that a lot of users followed in pre-corsac grsecurity-packages for Debian, so actively until some two years ago, passively still visited, and I'm (finally[3]) starting to adapt it for Devuan[4]: Grsecurity/Pax installation on Debian GNU/Linux http://forums.debian.net/viewtopic.php?f=16&t=108616 and the very first poor-quality preview of Devuan-only script I attach: grsec-dev1-compile.sh.gz (pls. note that's a preview even worse than my usual poor-quality scripting, no time yet) And with that script I have the following hurdle to overcome. It's at the very end of the srcipt, at the run of: fakeroot make deb-pkg (line 258) Here is the excerpt (and Dev1_170512_fakeroot_make_deb-pkg_ERROR.txt.gz is a much larger stretch of): ... CC lib/swiotlb.o CC lib/iommu-helper.o CC lib/iommu-common.o CC lib/syscall.o CC lib/nlattr.o CC lib/cpu_rmap.o CC lib/dynamic_queue_limits.o CC lib/glob.o ... CC lib/string.o CC lib/timerqueue.o CC lib/vsprintf.o CC lib/win_minmax.o AR lib/lib.a EXPORTS lib/lib-ksyms.o LD lib/built-in.o CC arch/x86/lib/msr-smp.o CC arch/x86/lib/cache-smp.o CC arch/x86/lib/msr.o AS arch/x86/lib/msr-reg.o ... CC arch/x86/lib/usercopy.o CC arch/x86/lib/usercopy_64.o AR arch/x86/lib/lib.a EXPORTS arch/x86/lib/lib-ksyms.o LD arch/x86/lib/built-in.o CC virt/lib/irqbypass.o LD virt/lib/built-in.o LD virt/built-in.o LD vmlinux.o MODPOST vmlinux.o ... GEN .version CHK include/generated/compile.h UPD include/generated/compile.h CC init/version.o LD init/built-in.o KSYM .tmp_kallsyms1.o KSYM .tmp_kallsyms2.o LD vmlinux SORTEX vmlinux SYSMAP System.map CC arch/x86/boot/a20.o AS arch/x86/boot/bioscall.o CC arch/x86/boot/cmdline.o AS arch/x86/boot/copy.o HOSTCC arch/x86/boot/mkcpustr CPUSTR arch/x86/boot/cpustr.h CC arch/x86/boot/cpu.o CC arch/x86/boot/cpuflags.o CC arch/x86/boot/cpucheck.o CC arch/x86/boot/early_serial_console.o CC arch/x86/boot/edd.o LDS arch/x86/boot/compressed/vmlinux.lds AS arch/x86/boot/compressed/head_64.o VOFFSET arch/x86/boot/compressed/../voffset.h ... CC arch/x86/boot/video-vga.o CC arch/x86/boot/video-vesa.o CC arch/x86/boot/video-bios.o LD arch/x86/boot/setup.elf OBJCOPY arch/x86/boot/setup.bin OBJCOPY arch/x86/boot/vmlinux.bin HOSTCC arch/x86/boot/tools/build BUILD arch/x86/boot/bzImage Setup is 15596 bytes (padded to 15872 bytes). System is 7291 kB CRC b8db2ca1 Kernel: arch/x86/boot/bzImage is ready (#1) Building modules, stage 2. MODPOST 5 modules ... CC drivers/video/backlight/lcd.mod.o LD [M] drivers/video/backlight/lcd.ko BUILDDEB INSTALL arch/x86/kernel/test_nx.ko INSTALL drivers/media/dvb-frontends/helene.ko INSTALL drivers/media/dvb-frontends/mn88472.ko INSTALL drivers/media/dvb-frontends/mn88473.ko INSTALL drivers/video/backlight/lcd.ko DEPMOD 4.9.27-unofficial_grsec170512-14 CHK include/generated/uapi/linux/version.h HOSTCC scripts/unifdef INSTALL usr/include/asm-generic/ (35 files) INSTALL usr/include/drm/ (21 files) INSTALL usr/include/linux/android/ (1 file) ... INSTALL usr/include/xen/ (4 files) INSTALL usr/include/uapi/ (0 file) INSTALL usr/include/asm/ (65 files) CHECK usr/include/asm-generic/ (35 files) CHECK usr/include/drm/ (21 files) CHECK usr/include/linux/android/ (1 files) CHECK usr/include/linux/byteorder/ (2 files) CHECK usr/include/linux/caif/ (2 files) ... CHECK usr/include/sound/ (15 files) CHECK usr/include/video/ (3 files) CHECK usr/include/xen/ (4 files) CHECK usr/include/uapi/ (0 files) CHECK usr/include/asm/ (65 files) CHK include/generated/uapi/linux/version.h INSTALL debian/headertmp/usr/include/asm-generic/ (35 files) INSTALL debian/headertmp/usr/include/drm/ (21 files) INSTALL debian/headertmp/usr/include/linux/android/ (1 file) INSTALL debian/headertmp/usr/include/linux/byteorder/ (2 files) ... INSTALL debian/headertmp/usr/include/video/ (3 files) INSTALL debian/headertmp/usr/include/xen/ (4 files) INSTALL debian/headertmp/usr/include/uapi/ (0 file) INSTALL debian/headertmp/usr/include/asm/ (65 files) Using default distribution of 'unstable' in the changelog Install lsb-release or set $KDEB_CHANGELOG_DIST explicitly dpkg-gencontrol: error: illegal package name 'linux-headers-4.9.27-unofficial_grsec170512-14': character '_' not allowed scripts/package/Makefile:91: recipe for target 'deb-pkg' failed make[1]: *** [deb-pkg] Error 255 Makefile:1334: recipe for target 'deb-pkg' failed make: *** [deb-pkg] Error 2 ... I understand some of that error just above, and I think I see what needs to be different. Also I think I saw (but wasn't able to find it) that Mathias Krause made a notice about it in his github (but he hasn't yet fixed it in that minipli repo of his, the link way in the top; hi, Mathias, I decide to send this question to you as well[5]). Here: # find linux-4.9.27 -name 'control' linux-4.9.27/debian/control # ( see attachment control.gz, it's full of 4.9.27-unofficial_grsec170512-14 where underscore is the illegal character ) and: # find linux-4.9.27 -name '*linux-headers-4.9.27-unofficial_grsec170512-14*' linux-4.9.27/debian/hdrtmp/usr/share/doc/linux-headers-4.9.27-unofficial_grsec170512-14 linux-4.9.27/debian/hdrtmp/usr/src/linux-headers-4.9.27-unofficial_grsec170512-14 # ( see attachment changelog.Debian.gz, same issue; the second find is only in the name: # find linux-4.9.27/debian/hdrtmp/usr/src/ -name '*unofficial_grsec*' linux-4.9.27/debian/hdrtmp/usr/src/linux-headers-4.9.27-unofficial_grsec170512-14 # ) So my hope is, if I fix those files, rename that one just above, and sed 's/_/-/g' (or so) on the other ones, manually, should dpkg-gencontrol accept to go on and would dpkg-gencontrol be able to roll up its part and then... Ha!, that's another issue here, that's actually my real issue...! And then what, how to finish creating the packages? I hope I've explained the issue... Can this be fixed, post-error, after the erroring out of the compilation process as in the Dev1_170512_fakeroot_make_deb-pkg_ERROR.txt.gz (or the above briefer excerpt)? I mean, without recompiling. With the source as it is right after that error, but with these deficiencies manually fixed? --- [1] Mathias Krause, one of the Mempo creators, and also a contributors to KSPP and a critic of it (KSPP is under umbrella of the big Schmoog, and lots of us will consider it a defeat of the free software if those fragments and pieces of grsecurity/PaX that KSPP will be allowed to get into the kernel by the few (sic!) who decide what gets and what doesn't into the kernel should one day be all that has remained of the great grsecurity project), and I really prefer to hope that his/his team's/other adopters' unofficial grsecurity patches to vanilla kernel should take the baton ( https://grsecurity.net/passing_the_baton.php ) and move on with a post-grsecurity, but who knows, only genii can continue from where spender and PaX Team left... [2] which I installed in Air-Gapped. No jokes in the (censorial/intrusional) environment for me. Have a look at what some subject(s)/something turned my Gentoo into, even though I was building in Air-Gapped, and used only cloned system for online: Strange script planted with Bash https://www.croatiafidelis.hr/foss/cap/cap-170504-strange-bash/ [3] That has become possible for me only with the availability of verifiably available-in-offline repo ( which is the Devuan Jessie RC2 DVD; in pre-systemDestruction Debian I used to build from Debian Weekly Testing, which used to be some 50G or so, some 12 DVDs, by using jigdo with my own jigdo-automate-scripts: https://github.com/miroR/jigdo-automate-scripts ) because I build my systems in Air-Gapped, the Gentoo of the cap-170504-strange-bash above lasted some four years, and it is only now limitedly (I believe) broken into, and if I weren't building it in Air-Gapped, it wouldn't have lasted even only a few weeks/months... Any plans to get a Testing Weekly Devuan PGP-signed media and to be getting it with jigdo? But I am patient... and happy already... I finally installed Devuan proper, and with encrypted root and swap... [4] Will git.devuan.org be getting more reliable in availability, is that expected? I wouldn't mind that it couldn't possibly be as perfect and fast as gihub, for that the Team would need to collude with the mighty, which I hope they never will (some distros do...), but just solidly reliably available, any hope for that? Because I would prefer using git.devuan.org instead of github... [5] Mathias has already been kind to teach me with a quick tip how to build his unoffic-grsec in Gentoo: Technical repercussions of grsecurity removal https://lists.gt.net/gentoo/hardened/326262#326262 and readers should read that thread, to learn things about KSPP and kernel and the very few who decide for us all, recently even openly but quietly against free software: < same subject > https://lists.gt.net/gentoo/hardened/326254#326254 and the links from there, esp.: find "Shawn", and "Karen Sandler" Sincere regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr
grsec-dev1-compile.sh.gz
Description: Binary data
Dev1_170512_fakeroot_make_deb-pkg_ERROR.txt.gz
Description: Binary data
changelog.Debian.gz
Description: Binary data
control.gz
Description: Binary data
signature.asc
Description: Digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng