David Oberhollenzer
52427236e7
Add gcron package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-25 01:34:32 +01:00
David Oberhollenzer
c5206e403b
Clenaup some less usefull or test programs from kbd
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-14 19:59:49 +01:00
David Oberhollenzer
118df82d67
Cleanup installed bash completions for util-linux
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-14 19:38:31 +01:00
David Oberhollenzer
6e3b2ab4f9
Cleanup shadow-utils installed programs
...
- Remove programs for converting shadow/regular files into each other
- Remove programs for working with group passwords
- Remove batch processing programs
- Remove namespace related programs
- Remove other convoluted group management programs
- Remove password expiry and finger information utilites
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-14 16:23:25 +01:00
David Oberhollenzer
2c394f4246
Bump init version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-05 21:55:15 +01:00
David Oberhollenzer
5e11afa1f6
Bump tzdb version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
3432245e78
Bump OpenSSH version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
6c0ec9a4ab
Bump iproute2 version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
41aa911d92
Bump ethtool version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
0645f44a1f
Fix /lib64 substitution pattern in tc-gcc1
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
45cc27ca40
Bump binutils version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
6ad8ed37f7
Cleanup binutils confgiure flags, add relro, PIC, deterministic ar
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
1aa829699c
Explicitly disable libquadmath in second stage gcc
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
544ac03d1f
Allways build libssp_noshared, even for non hardened toolchains
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
e87a8ec43c
Explicitly turn on size optimizations
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
cf2e438a45
Bump Raspberry Pi 3 vendor kernel version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
35e72a4ae7
Bump Raspberry Pi 3 firmware version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
82a00e5a1b
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
60f9a68807
Bump file version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
81f4f36044
Bump tzdata version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
e91029b64e
Bump unbound version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
0b5e2ccc38
Bump dnsmasq version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
1786c65c4c
Bump init version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-11-03 19:28:43 +01:00
David Oberhollenzer
d6030cd898
Replace gcc libssp with built musl builtins
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-20 12:52:06 +02:00
David Oberhollenzer
d06083c96d
Propperly process Linux package targets in deploy function
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-19 21:50:57 +02:00
David Oberhollenzer
7dd6306b30
cleanup: derive LINUX_CPU from TARGET, merge linux packages
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-19 21:50:57 +02:00
David Oberhollenzer
b5d4ece03d
cleanup: derive MUSL_CPU from TARGET in Musl package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-19 21:50:57 +02:00
David Oberhollenzer
569f7d5e0c
cleanup: derive OPENSSL_TARGET from TARGET in OpenSSL package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-19 21:50:57 +02:00
David Oberhollenzer
8e5c6d3a2e
Make toolchain and user space hardening configurable
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-19 21:50:57 +02:00
David Oberhollenzer
69aa1d33e9
Set hardening options for packages with custom build system
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-19 00:18:51 +02:00
David Oberhollenzer
8063550d4e
Add libc agnostic fortify-headers package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-17 01:11:02 +02:00
David Oberhollenzer
52933c58c9
Enable hardening flags for stage-1 gcc
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-17 00:52:10 +02:00
David Oberhollenzer
0958272eb3
Export CROSS_COMPILE environment variable for Musl build script
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-17 00:52:10 +02:00
David Oberhollenzer
c16ff53c14
Remove overlay partition setup from release shell scripts
...
The initial ram disk does that for us (with the propper permissions
in the case of Qemu).
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-11 19:02:11 +02:00
David Oberhollenzer
2a1add41e7
Enable stack protection flags in GCC cross compiler
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-11 19:02:11 +02:00
David Oberhollenzer
f1be060f7c
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-07 16:35:25 +02:00
David Oberhollenzer
62345ef7bb
Cleanup nginx user and directory setup
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-07 16:35:25 +02:00
David Oberhollenzer
dcadff7637
Init version rebase
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-07 02:16:28 +02:00
David Oberhollenzer
8d75cb83fd
Add nginx package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-06 20:32:44 +02:00
David Oberhollenzer
f3861b9df1
Add PCRE package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-06 17:25:52 +02:00
David Oberhollenzer
a71c45aec0
Fix final image copy in Linux LTS build script
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-06 17:25:52 +02:00
David Oberhollenzer
e7101d5400
Unfuck libtool archives for libnl3
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-06 17:25:52 +02:00
David Oberhollenzer
86dcb7d8c1
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-01 20:49:03 +02:00
David Oberhollenzer
e61ca9decf
Another overlay mount overhaul
...
- Directly pass the device type to the mount command
- Use the special default type "hwdevice" to wait for a device node
before mounting it
- Initialize the overlay partition from the initrd script
- Do the bind mount setup as document
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-01 19:11:12 +02:00
David Oberhollenzer
121fee7e97
Add configuration for testing with qemu
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-30 01:28:33 +02:00
David Oberhollenzer
59d01432b1
More sophisticated filesystem setup from initrd
...
- Let us specify the "type" of the root and overlay filesystem.
At the moment we have raw device that we wait for (default) and
qemu virtio 9pfs.
- If no squasfs image is specified, mount the root partition as
root filesystem.
- If no overlay device is specified, don't touch the new root
filesystem.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-29 21:32:58 +02:00
David Oberhollenzer
2d74caf06b
Remove perl scripts from ntp package installed files
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-29 17:10:07 +02:00
David Oberhollenzer
90fc4f4e9e
Patch gcc to install 64 bit libraries to /lib instead of /lib64
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-29 17:10:07 +02:00
David Oberhollenzer
6ced6fc948
Minor fixes for main line Linux LTS build
...
- Patch the config first, don't touch it after running make oldconfig
- Add modules target to toolchain config, don't directly call it
- Only try to install modules if we actually have support for loadable
modules
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-29 17:10:07 +02:00
David Oberhollenzer
8faae986b6
Bump psmisc version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-27 23:58:12 +02:00
David Oberhollenzer
b0da273179
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-27 23:56:34 +02:00
David Oberhollenzer
de14b86043
Build coreutils as single call binary
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-22 21:29:29 +02:00
David Oberhollenzer
de90e7bcbb
Bump nano version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-21 22:27:18 +02:00
David Oberhollenzer
0b8ffdbb7f
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-21 22:25:49 +02:00
David Oberhollenzer
e865ae2d1c
Bump Raspberry Pi 3 vendor kernel version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-21 22:23:08 +02:00
David Oberhollenzer
ad3b6d19a2
Bump Raspberry Pi 3 firmware version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-21 22:22:50 +02:00
David Oberhollenzer
bbac1391dc
Bump init version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-21 22:11:58 +02:00
David Oberhollenzer
51a2c5ea17
Fix permissions for root user home directory
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:25:27 +02:00
David Oberhollenzer
700395b508
Bump OpenSSL version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:18:19 +02:00
David Oberhollenzer
0f3d04a3b8
Bump unbound version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:18:19 +02:00
David Oberhollenzer
76fba828f3
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:18:19 +02:00
David Oberhollenzer
48e6358906
Bump busybox version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:18:19 +02:00
David Oberhollenzer
fc6d7292c5
Bump nano version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:18:19 +02:00
David Oberhollenzer
6aff04a1fd
Shadow: provide configuration files directly
...
Instead of patching around in the build/deploy directories, simply
provide a set of default configuration files directly from the package
directory.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 20:18:19 +02:00
David Oberhollenzer
d515f0dde2
Minor default settings cleanup
...
- Add 'rm -I' and 'cp -i' aliases to bashrc
- Make sure tmpfsvar creates the log files that the login program expects
- Restore 'tty' group; some scripts actually rely on that
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-15 16:01:06 +02:00
David Oberhollenzer
7eb727e26f
Remove programs depending on non-existant utmp data
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-10 09:26:47 +02:00
David Oberhollenzer
b4502eaf80
Add time zone data
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 15:05:49 +02:00
David Oberhollenzer
3e75dc1e37
Add ntp package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 15:05:49 +02:00
David Oberhollenzer
03a11e26ef
Bump Raspberry Pi 3 firmware version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 15:05:49 +02:00
David Oberhollenzer
8b1e3e0b6b
Bump Raspberry Pi 3 vendor kernel version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 15:05:49 +02:00
David Oberhollenzer
79ac5f1293
Propperly handle symlinks to directories in rootfs package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 14:51:52 +02:00
David Oberhollenzer
4498b0ccb0
Bump mainline LTS linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 14:51:52 +02:00
David Oberhollenzer
136ff32374
Bump musl version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-08 14:51:52 +02:00
David Oberhollenzer
50dce293c1
Add helper macro for running configure with standard arguments
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-03 13:58:35 +02:00
David Oberhollenzer
7f020c855b
Remove defunct nettle and support libraries
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-02 14:25:56 +02:00
David Oberhollenzer
c29955adf5
Add default configuration for OpenSSH server
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-01 17:49:18 +02:00
David Oberhollenzer
601068d8ed
Bump init version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-09-01 17:49:18 +02:00
David Oberhollenzer
054464e16b
Change/add bash aliases to enable ls colors by default
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-31 22:49:18 +02:00
David Oberhollenzer
ab17c95cf9
Redirect bzip2 URL
...
The domain bzip2.org has expired and is now held by someone placing ads.
Aparently bzip2 development is pretty dead for now.
Redirect source URL to the debian snapshot archive.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-31 18:41:07 +02:00
David Oberhollenzer
382f2b9bfe
Bump OpenSSH version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-31 18:41:07 +02:00
David Oberhollenzer
02f2fdcb4d
Bump ethtool version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-24 22:00:09 +02:00
David Oberhollenzer
80ae626080
Bump dhcpcd version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-24 22:00:09 +02:00
David Oberhollenzer
c75c488e4f
Bump main line Linux version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-24 22:00:09 +02:00
David Oberhollenzer
7d53200b9c
Remove arpd and Oracle BDB it depends on
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-19 15:59:43 +02:00
David Oberhollenzer
9684f7bb92
Cleanup users and groups
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-19 15:57:06 +02:00
David Oberhollenzer
6472fbe9c0
Remove further unneded programs
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-19 15:56:48 +02:00
David Oberhollenzer
53c93938ac
Remove programs for which we have bash shell builtins
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-19 15:55:58 +02:00
David Oberhollenzer
e8f94f293b
Remove unused eudev package
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-19 12:24:37 +02:00
David Oberhollenzer
048229bb71
Bump sqlite version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-18 17:59:25 +02:00
David Oberhollenzer
0faf37f421
Bump iproute2 version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-18 17:59:25 +02:00
David Oberhollenzer
ebee030b86
Bump btrfs-progs version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-18 17:59:25 +02:00
David Oberhollenzer
5c60596853
Bump dhcpcd version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-18 17:59:25 +02:00
David Oberhollenzer
b31bd42a93
Bump libexpat version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-18 17:59:25 +02:00
David Oberhollenzer
49f0751c11
Mover mainline kernel version to newest LTS
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-17 10:35:43 +02:00
David Oberhollenzer
0584cd076c
Add routing configuration
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-16 22:54:28 +02:00
David Oberhollenzer
360a9538c5
Bump init version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-16 22:54:28 +02:00
David Oberhollenzer
e7a86f1f70
Downgrade binutils to 2.30
...
This is a workaround for an issue with binutils on statically linked x86
binaries. The tls section has some loading flag set wrong and is not mapped
into memory by the kernel. The musl startup code tries to parse the section
information and segfaults.
See: http://www.openwall.com/lists/musl/2018/07/18/5
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-16 17:39:12 +02:00
David Oberhollenzer
8e4ff996e8
Bump openssl version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-15 01:19:21 +02:00
David Oberhollenzer
512fb7bc28
Bump file version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-15 01:19:21 +02:00
David Oberhollenzer
16e7c6da93
Bump gcc version
...
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-08-15 01:19:21 +02:00