Commit 9bf61c37 authored by hark's avatar hark
Browse files

la

parent 951ddcec
......@@ -64,7 +64,7 @@ stable_version="$1"
imagename="${stable_version}_$config_shasum.vmlinuz"
}
function get_specific_version() {
function get_grsec_version() {
grsec_releases="http://ftp.lag/grsec/"
# stable_version=$(curl -s "${stable_releases}" | grep -E -o 'linux-([0-9]{1,}\.)+[0-9]{1,}' | sort -Vr | head -n 1 | cut -d '-' -f 2)
stable_version="$1"
......@@ -80,12 +80,16 @@ get_kernel() {
if [ "$KERNELVERSION" == "latest" ]
then
echo 'latest'
get_latest_version
elif [ "$KERNELVERSION" == *"-grsec" ]
elif [[ "$KERNELVERSION" == *"grsec" ]]
then
echo "grsec"
get_grsec_version $KERNELVERSION
TYPE='grsec'
else
echo 'specific'
get_specific_version $KERNELVERSION
fi
......@@ -125,7 +129,7 @@ function download_and_unpack() {
fi
echo "checking sig"
if [ $type == 'grsec ' ]
if [[ $TYPE == 'grsec' ]]
then
if verify_signature ${stable_sigfile} ${stable_file}
then
......
......@@ -3,7 +3,9 @@
export WORKDIR=/root/kernelbuilder
export KERNELDIR=/etc/xen/boot
export KERNELCONFIG=$WORKDIR/config_latest.kconf
export KERNELVERSION=4.20.15
export KERNELVERSION=4.4.162-grsec
export KERNELNAME=ALDSF
/usr/local/bin/check_kernel.sh
/usr/local/bin/build_kernel.sh
class buildkernel::kernelprep (
String $kernel_workdir = '/root/kernelbuilder',
String $kernel_kerneldir = '/etc/xen/boot',
String $signingkey = '647F28654894E3BD457199BE38DBBDC86092693E'
String $signingkey = '647F28654894E3BD457199BE38DBBDC86092693E',
String $signingkeys = [ '647F28654894E3BD457199BE38DBBDC86092693E', 'F81962A54902300F72ECB83AA1FC1F6AD2D09049' ]
)
{
file { '/usr/local/bin/build_kernel.sh':
......@@ -12,15 +14,49 @@ class buildkernel::kernelprep (
source => "puppet:///modules/$module_name/scripts/build_kernel.sh",
}
file { "/tmp/$signingkey.gpg":
ensure => present,
owner => root,
group => root,
mode => '0700',
source => "puppet:///modules/$module_name/$signingkey.gpg",
$signingkeys.each |$fp| {
file { "/tmp/$fp.gpg":
ensure => present,
owner => root,
group => root,
mode => '0700',
source => "puppet:///modules/$module_name/$fp.gpg",
}
Exec { "/usr/bin/gpg --recv 647F28654894E3BD457199BE38DBBDC86092693E":
# require => [
# File['/usr/local/bin/build_kernel.sh'],
# File['/usr/local/bin/check_kernel.sh'],
# File[$kernel_workdir],
# File[$kernel_kerneldir],
# ],
}
}
/*
Exec { "/usr/bin/gpg --recv 647F28654894E3BD457199BE38DBBDC86092693E":
require => [
File['/usr/local/bin/build_kernel.sh'],
File['/usr/local/bin/check_kernel.sh'],
File[$kernel_workdir],
File[$kernel_kerneldir],
],
}
*/
Exec { "/usr/bin/gpg --import /tmp/$signingkey.gpg":
require => [
File["/tmp/$signingkey.gpg"],
File['/usr/local/bin/build_kernel.sh'],
File['/usr/local/bin/check_kernel.sh'],
File[$kernel_workdir],
File[$kernel_kerneldir],
],
}
file { '/usr/local/bin/kernel_functions.sh':
ensure => present,
owner => root,
......@@ -72,26 +108,6 @@ class buildkernel::kernelprep (
]
ensure_packages($packages)
/*
Exec { "/usr/bin/gpg --recv 647F28654894E3BD457199BE38DBBDC86092693E":
require => [
File['/usr/local/bin/build_kernel.sh'],
File['/usr/local/bin/check_kernel.sh'],
File[$kernel_workdir],
File[$kernel_kerneldir],
],
}
*/
Exec { "/usr/bin/gpg --import /tmp/$signingkey.gpg":
require => [
File["/tmp/$signingkey.gpg"],
File['/usr/local/bin/build_kernel.sh'],
File['/usr/local/bin/check_kernel.sh'],
File[$kernel_workdir],
File[$kernel_kerneldir],
],
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment