* [gentoo-commits] proj/hardened-dev:XT_PAX commit in: app-arch/tar/files/, /, sys-boot/grub/files/, app-arch/tar/, ...
@ 2012-07-28 19:38 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2012-07-28 19:38 UTC (permalink / raw
To: gentoo-commits
commit: d6551facd1e26eeaf88bf0265fe1ec7e74ead5a8
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 28 19:37:52 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jul 28 19:37:52 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=d6551fac
Clear out the branch in case it causes problems
---
DEPRECATED | 3 +
HOWTO.txt | 314 -------
README | 7 -
app-arch/tar/ChangeLog | 24 -
app-arch/tar/files/rmt | 8 -
app-arch/tar/files/tar-1.26-full-xattr.patch | 953 --------------------
app-arch/tar/files/tar.1 | 816 -----------------
app-arch/tar/metadata.xml | 5 -
app-arch/tar/tar-1.26-r3.ebuild | 78 --
eclass/pax-utils.eclass | 137 ---
profiles/repo_name | 1 -
sys-boot/grub/ChangeLog | 2 -
sys-boot/grub/files/grub.conf.gentoo | 16 -
sys-boot/grub/grub-0.97-r11.ebuild | 292 ------
sys-boot/grub/metadata.xml | 5 -
sys-devel/binutils/ChangeLog | 8 -
sys-devel/binutils/binutils-2.21.1-r2.ebuild | 9 -
sys-devel/binutils/metadata.xml | 9 -
sys-kernel/xtpax-sources/ChangeLog | 20 -
sys-kernel/xtpax-sources/metadata.xml | 17 -
.../xtpax-sources/xtpax-sources-3.1.1.ebuild | 49 -
.../xtpax-sources/xtpax-sources-3.1.5.ebuild | 49 -
22 files changed, 3 insertions(+), 2819 deletions(-)
diff --git a/DEPRECATED b/DEPRECATED
new file mode 100644
index 0000000..8c89dc7
--- /dev/null
+++ b/DEPRECATED
@@ -0,0 +1,3 @@
+
+Don't use this anymore. Its here only for reference.
+
diff --git a/HOWTO.txt b/HOWTO.txt
deleted file mode 100644
index 9edc600..0000000
--- a/HOWTO.txt
+++ /dev/null
@@ -1,314 +0,0 @@
-Nov 22, 2011
-
- !!!!! DANGER WILL ROBINSON DANGER !!!!!
-
-We're going to build a system based on some untested code. I hope everything
-will work, but if something serious breaks, you may wind up with a heap of useless
-bits all over your floor. Please, for the love of all that is (un)holy, do not
-do this on a system you cannot afford to loose!
-
-If you find a problem, please report it to blueness@gentoo.org. You're feedback
-is much appreciated and will help to make this approach to PaX robust.
-
---------------------------------------------------------------------------------
-
-*Step 0. Get yourself a gentoo system. Then switch to an appropriate hardened profile
-using
-
- eselect profile set hardened/linux/x86
-
-but don't rebuild anything since we'll be doing that below.
-
---------------------------------------------------------------------------------
-
-*Step 1. This step builds a system where all ELF binaries lack the PT_PAX program
-header. While not strictly necessary, this makes testing less suspect because you
-can be sure that the kernel is not able to get the PaX flags from the PT_PAX phdr.
-It does, however, mean recompiling your entire system.
-
-
-1. First, lets get the overlay with the ebuilds to build an XT_PAX based system.
-The goodies are in a branch of the hardened-development overlay:
-
- layman -L # in case you don't have the list of overlays
- layman -a hardened-development
-
- cd /var/lib/layman/hardened-development/
- git checkout XT_PAX # switch branches
- git pull origin XT_PAX # and pull
-
-2. We need to override portage's pax-utils.eclass with the overlay's eclass, and
-make sure that we've added extended attribute support to our use flags:
-
- cat << EOF >> /etc/portage/repos.conf
- [DEFAULT]
- eclass-overrides = hardened-dev
- EOF
-
- echo "USE=\"\${USE} xattr\"" >> /etc/make.conf
-
-There is still a problem with portage preserving xattrs, so the eclass's pax-mark
-only works when called from pkg_postinst(), but we're working on fixing this! That's
-what our hacked up grub does in the next step.
-
-3. Now let's emerge the stuff we'll need later:
-
- emerge =sys-devel/binutils-2.21.1-r2 \ # these are all masked so
- =sys-kernel/xtpax-sources-3.1.1 \ # we'll have to unmask them
- =sys-apps/elfix-0.3.2 \
- =sys-boot/grub-0.97-r11 \
- --autounmask-write
-
- etc-update # accept changes the changes
-
- emerge =sys-devel/binutils-2.21.1-r2 \ # these are unmasked, so emerge
- =sys-kernel/xtpax-sources-3.1.1 \
- =sys-apps/elfix-0.3.2 \
- =sys-boot/grub-0.97-r11
-
- source /etc/profile # for binutils, if we keep using
- # the same shell
-
-4. Our version of binutils intentionally excluse the PT_PAX program header from
-ELF binaries, so let's make sure its really gone
-
- echo "int main(){;return 0;}" > test.c ; gcc -o test test.c ; readelf -l test
-
-If you see a PT_PAX header, or possibly one called LOOS+5041580 at the end of the list
-(ie after GNU_RELRO), then something went wrong.
-
-
-5. To be safe, let's rebuild our entire toolchain.
-
- emerge gcc glibc binutils
-
-6. Then let's rebuild world
-
- emerge --keep-going -eq world
-
-7. And finally, let's do any post-world rebuild cleanup:
-
- etc-update
-
-8. As a final test that all binaries under /bin (or /sbin or /usr/bin etc) really
-have not PT_PAX header:
-
- paxctl-ng -v /bin/*
-
-You should see a bunch of reports like this:
-
- /bin/ls:
- PT_PAX: not found
- XT_PAX: not found
-
---------------------------------------------------------------------------------
-
-*Step 2. Userland is ready, now let's get kernel land going
-
-1. Configure the kernel for XT_PAX. It should be emerged as of the above step:
-
- cd /usr/src/
- rm linux
- ln -s linux-3.1.1-xtpax linux
- cd linux
- make menuconfig
-
-Set up the kernel for your hardware/virtualware, and make sure you get the
-correct grsecurity setting:
-
- Security options --->
- Grsecurity --->
- Security Level (Hardened Gentoo [server]) #or workstation
-
-And as a check that XT_PAX was set, navigate to
-
- Security options --->
- PaX --->
- PaX Control --->
- -*- Use filesystem extended attribute marking
-
-Also, depending on what you're looking for. Among other options, you may also want:
-
- CONFIG_PAX_SOFTMODE not configure <- to make the kernel kill violators
- CONFIG_PAX_SEGMEXEC=y <- to test S marking on x86
- CONFIG_PAX_EMUTRAMP=y <- to test E marking
- CONFIG_PAX_PAGEEXEC=y <- should default on, to test P markings
- CONFIG_PAX_MPROTECT=y <- should default on, to test M marking
- CONFIG_PAX_RANDMMAP=y <- should default on, to test R marking
-
-2. Configure the kernel to support Extended File Attributes on whatever filesystem
-you want to use. I also recommend xattr support on tmpfs:
-
- File systems --->
- ...
- <*> The Extended 4 (ext4) filesystem # if ext4 is your cup of tea
- [*] Ext4 extended attributes
- ...
- Pseudo filesystems --->
- -*- Tmpfs extended attributes
- ...
- [*] Miscellaneous filesystems --->
- <*> SquashFS 4.0 - Squashed file system support # optional, as an eg
- [*] Squashfs XATTR support
- ...
-
-3. Compile the kernel and boot. If you didn't install grub on the MBR before the
-migration, do so now. Make sure it was properly pax marked before running it from
-the command line. paxctl-ng -v /sbin/grub should give
-
-/sbin/grub:
- PT_PAX: not found
- XT_PAX: --me-x
-
-If it doesn't, then manually mark it using:
-
- paxctl-ng -cv /sbin/grub # To create the XT_PAX field
- paxctl-ng -mexv /sbin/grub # To properly mark it
-
---------------------------------------------------------------------------------
-
-*Step 3. The new system should be now be a pure XT_PAX system. Let's test that
-PaX restrictions really work.
-
-1. First, make sure your kernel supports XATTRS else you'll get a false negative
-on the tests. Pick any file, not necessarily a binary:
-
- touch mytestfile.txt
- setfattr -n user.test -v "works" mytestfile.txt
-
-If you get
-
- setfattr: mytestfile.txt: Operation not supported
-
-then you need to figure out why XATTR support is not there. Check that you configured
-your kernel correctly. Also try adding user_xattr to your fstab:
-
- /dev/sda3 / ext3 noatime,user_xattr 0 1
-
-and reboot.
-
-NOTE: on my x86 test I needed the user_xattr option in fstab, but with my amd64
-I did not. I didn't investigate further why.
-
-
-2. The elfix package has a test suite. Let's run it manually:
-
- emerge yasm # you'll need this
- cp /usr/portage/distfiles/elfix-0.3.2.tar.gz . # should be in your DISTDIR
- tar -xf elfix-0.3.2.tar.gz
- cd elfix-0.3.2
- ./configure --enable-tests
- make check
-
-Among the output, you should see a table that looks like this:
-
- make[3]: Entering directory `/root/elfix-0.3.2/tests/pxtpax'
- ./dotest.sh
- xattr process
- pemrs pemrs
- pemrS pemrS
- pemRs pemRs
- pemRS pemRS
- peMrs no daemon
- peMrS peMrS
- peMRs no daemon
- peMRS peMRS
- pEmrs no daemon
- pEmrS pEmrS
- pEmRs no daemon
- pEmRS pEmRS
- pEMrs no daemon
- pEMrS pEMrS
- pEMRs no daemon
- pEMRS pEMRS
- Pemrs Pemrs
- PemrS Pemrs
- PemRs PemRs
- PemRS PemRs
- PeMrs PeMrs
- PeMrS PeMrs
- PeMRs PeMRs
- PeMRS PeMRs
- PEmrs PEmrs
- PEmrS PEmrs
- PEmRs PEmRs
- PEmRS PEmRs
- PEMrs PEMrs
- PEMrS PEMrs
- PEMRs PEMRs
- PEMRS PEMRs
-
-The first column of flags are the markings in the Extended Attributes of the
-file on the filesystem, and the second are the flags being imposed by the kernel
-on the running process. If everything worked, the first column should be setting
-the flags in the second column, and they should be equal --- well almost with
-a couple of exceptions:
-
- 1) "no daemon" means PaX killed the process
-
- 2) On x86, where pageexec is on (P), then segmexec is always off (s) in
- the running process. On amd64, segmexec is always off (s) since there
- is not segmentation on amd64.
-
- 3) If you didn't enable CONFIG_PAX_EMUTRAMP, then its always off (e) in
- the running process
-
-If however, you see the following:
-
-
- make[3]: Entering directory `/root/elfix-0.3.2/tests/pxtpax'
- ./dotest.sh
- xattr process
- pemrs PeMRs
- pemrS PeMRs
- pemRs PeMRs
- pemRS PeMRs
- peMrs PeMRs
- peMrS PeMRs
- peMRs PeMRs
- ... etc ...
-
-then it didn't work. Notice the second column is simply defaulting to PeMRs
-which is what the kernel does if it doesn't find PaX markings.
-
-
-3. Finally, you may want to do a generic pax test, to make sure pax is working
-in general, not just whether the markings are working:
-
- emerge paxtest --autounmask-write
- etc-update #accept chagnes
- paxtest blackhat
-
-You should see output something like the following:
-
-Executable anonymous mapping : Killed
-Executable bss : Killed
-Executable data : Killed
-Executable heap : Killed
-Executable stack : Killed
-Executable shared library bss : Killed
-Executable shared library data : Killed
-Executable anonymous mapping (mprotect) : Killed
-Executable bss (mprotect) : Killed
-Executable data (mprotect) : Killed
-Executable heap (mprotect) : Killed
-Executable stack (mprotect) : Killed
-Executable shared library bss (mprotect) : Killed
-Executable shared library data (mprotect): Killed
-Writable text segments : Killed
-Anonymous mapping randomisation test : 18 bits (guessed)
-Heap randomisation test (ET_EXEC) : 13 bits (guessed)
-Heap randomisation test (PIE) : 24 bits (guessed)
-Main executable randomisation (ET_EXEC) : No randomisation
-Main executable randomisation (PIE) : 16 bits (guessed)
-Shared library randomisation test : 18 bits (guessed)
-Stack randomisation test (SEGMEXEC) : 24 bits (guessed)
-Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
-Return to function (strcpy) : Vulnerable
-Return to function (memcpy) : Vulnerable
-Return to function (strcpy, PIE) : Vulnerable
-Return to function (memcpy, PIE) : Vulnerable
-
-
-
-
diff --git a/README b/README
deleted file mode 100644
index 60258a5..0000000
--- a/README
+++ /dev/null
@@ -1,7 +0,0 @@
-This is the README only for the XT_PAX branch. See the README in main branch
-for information about the entire overlay.
-
-This overlay/branch is to test a pure XT_PAX based system, that is a system in
-which the pax markins are made *only* in the filesystem extended attributes.
-Follow the HOWTO.txt to convert any Gentoo system to a pure XT_PAX based system.
-
diff --git a/app-arch/tar/ChangeLog b/app-arch/tar/ChangeLog
deleted file mode 100644
index 1106a6b..0000000
--- a/app-arch/tar/ChangeLog
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
-*tar-1.26-r3 (24 Sep 2011)
-
- 24 Sep 2011; Anthony G. Basile <blueness@gentoo.org> -tar-1.26-r2.ebuild,
- +tar-1.26-r3.ebuild, +files/tar-1.26-full-xattr.patch,
- -files/tar-1.26-xattr.patch:
- Added USE="acl caps selinux xattr" flags which --enable-xattr
-
-*tar-1.26-r2 (24 Sep 2011)
-
- 24 Sep 2011; Anthony G. Basile <blueness@gentoo.org> -tar-1.26-r1.ebuild,
- +tar-1.26-r2.ebuild, files/tar-1.26-xattr.patch:
- Switching to USE="xattr" for xattr only patch - bug #382067
-
- 10 Sep 2011; Anthony G. Basile <blueness@gentoo.org> tar-1.26-r1.ebuild:
- Switching to USE="selinux"
-
-*tar-1.26 (10 Sep 2011)
-
- 10 Sep 2011; Anthony G. Basile <blueness@gentoo.org> +tar-1.26-r1.ebuild,
- +files/tar-1.26-xattrs.patch, +files/rmt, +files/tar.1:
- Testing for bug #382067
-
diff --git a/app-arch/tar/files/rmt b/app-arch/tar/files/rmt
deleted file mode 100644
index 15ed6aa..0000000
--- a/app-arch/tar/files/rmt
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# This is not a mistake. This shell script (/etc/rmt) has been provided
-# for compatibility with other Unix-like systems, some of which have
-# utilities that expect to find (and execute) rmt in the /etc directory
-# on remote systems.
-#
-exec rmt "$@"
diff --git a/app-arch/tar/files/tar-1.26-full-xattr.patch b/app-arch/tar/files/tar-1.26-full-xattr.patch
deleted file mode 100644
index 7a5c7f8..0000000
--- a/app-arch/tar/files/tar-1.26-full-xattr.patch
+++ /dev/null
@@ -1,953 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index db69cb8..2afa463 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -223,6 +223,20 @@ AC_CHECK_TYPE(iconv_t,:,
- #endif
- ])
-
-+AC_ARG_ENABLE(xattr,
-+ AC_HELP_STRING([--enable-xattr],
-+ [enable Extended Attribute support (disabled by default)]),
-+ [xattr_enabled=$enableval],
-+ [xattr_enabled=no])
-+
-+if test "x$xattr_enabled" = xyes; then
-+ AC_CHECK_HEADERS(attr/xattr.h)
-+ AC_CHECK_FUNCS(getxattr fgetxattr lgetxattr \
-+ setxattr fsetxattr lsetxattr \
-+ listxattr flistxattr llistxattr,
-+ AC_DEFINE(HAVE_XATTRS,1,[Define if we have a working extended attributes]),)
-+fi
-+
- # Gettext.
- AM_GNU_GETTEXT([external], [need-formatstring-macros])
- AM_GNU_GETTEXT_VERSION([0.16])
-diff --git a/doc/tar.texi b/doc/tar.texi
-index db8f986..d861d12 100644
---- a/doc/tar.texi
-+++ b/doc/tar.texi
-@@ -3002,6 +3002,10 @@ mechanism.
- Treat all input file or member names literally, do not interpret
- escape sequences. @xref{input name quoting}.
-
-+@opsummary{no-xattrs}
-+@item --no-xattrs
-+Causes @command{tar} not to store and not to extract xattrs. @xref{Attributes}.
-+
- @opsummary{no-wildcards}
- @item --no-wildcards
- Do not use wildcards.
-@@ -3447,6 +3451,10 @@ Enable or disable warning messages identified by @var{keyword}. The
- messages are suppressed if @var{keyword} is prefixed with @samp{no-}.
- @xref{warnings}.
-
-+@opsummary{xattrs}
-+@item --xattrs
-+Causes @command{tar} to store xattrs. @xref{Attributes}.
-+
- @opsummary{wildcards}
- @item --wildcards
- Use wildcards when matching member names with patterns.
-@@ -8659,6 +8667,8 @@ implementation able to read @samp{ustar} archives will be able to read
- most @samp{posix} archives as well, with the only exception that any
- additional information (such as long file names etc.) will in such
- case be extracted as plain text files along with the files it refers to.
-+This is the only format that can store ACLs, SELinux context and extended
-+attributes.
-
- This archive format will be the default format for future versions
- of @GNUTAR{}.
-@@ -9293,6 +9303,20 @@ Same as both @option{--same-permissions} and @option{--same-order}.
-
- This option is deprecated, and will be removed in @GNUTAR{} version 1.23.
-
-+@opindex xattrs
-+@item --xattrs
-+This option causes @command{tar} to store the current extended attributes in
-+the archive.
-+
-+The @option{--xattrs} option has no equivalent short option name.
-+
-+@opindex no-xattrs
-+@item --no-xattrs
-+This option causes @command{tar} not to store the current extended attributes in
-+the archive and not to extract any extended attributes in an archive.
-+
-+The @option{--no-xattrs} option has no equivalent short option name.
-+
- @end table
-
- @node Portability
-diff --git a/src/Makefile.am b/src/Makefile.am
-index de310f4..27c28be 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -20,7 +20,7 @@
-
- bin_PROGRAMS = tar
-
--noinst_HEADERS = arith.h common.h tar.h
-+noinst_HEADERS = arith.h common.h tar.h xattrs.h
- tar_SOURCES = \
- buffer.c\
- checkpoint.c\
-@@ -42,10 +42,11 @@ tar_SOURCES = \
- unlink.c\
- update.c\
- utf8.c\
-- warning.c
-+ warning.c\
-+ xattrs.c
-
- INCLUDES = -I$(top_srcdir)/gnu -I../ -I../gnu -I$(top_srcdir)/lib -I../lib
-
- LDADD = ../lib/libtar.a ../gnu/libgnu.a $(LIBINTL) $(LIBICONV)
-
--tar_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_EACCESS)
-+tar_LDADD = $(LIBS) $(LDADD) $(LIB_CLOCK_GETTIME) $(LIB_EACCESS)
-diff --git a/src/common.h b/src/common.h
-index 0b9bd7a..e4ee345 100644
---- a/src/common.h
-+++ b/src/common.h
-@@ -253,6 +253,9 @@ GLOBAL int same_owner_option;
- /* If positive, preserve permissions when extracting. */
- GLOBAL int same_permissions_option;
-
-+/* If positive, save the user and root xattrs. */
-+GLOBAL int xattrs_option;
-+
- /* When set, strip the given number of file name components from the file name
- before extracting */
- GLOBAL size_t strip_name_components;
-@@ -707,6 +710,9 @@ extern char *output_start;
-
- void update_archive (void);
-
-+/* Module attrs.c. */
-+#include "xattrs.h"
-+
- /* Module xheader.c. */
-
- void xheader_decode (struct tar_stat_info *stat);
-@@ -727,6 +733,12 @@ bool xheader_string_end (struct xheader *xhdr, char const *keyword);
- bool xheader_keyword_deleted_p (const char *kw);
- char *xheader_format_name (struct tar_stat_info *st, const char *fmt,
- size_t n);
-+void xheader_xattr_init(struct tar_stat_info *st);
-+void xheader_xattr_free(struct xattr_array *vals, size_t sz);
-+void xheader_xattr_copy(const struct tar_stat_info *st,
-+ struct xattr_array **vals, size_t *sz);
-+void xheader_xattr_add(struct tar_stat_info *st,
-+ const char *key, const char *val, size_t len);
-
- /* Module system.c */
-
-diff --git a/src/create.c b/src/create.c
-index 43b5a4c..7ed5d10 100644
---- a/src/create.c
-+++ b/src/create.c
-@@ -936,6 +936,21 @@ start_header (struct tar_stat_info *st)
- GNAME_TO_CHARS (st->gname, header->header.gname);
- }
-
-+ if (archive_format == POSIX_FORMAT)
-+ {
-+ if (xattrs_option > 0)
-+ {
-+ size_t scan_xattr = 0;
-+ struct xattr_array *xattr_map = st->xattr_map;
-+
-+ while (scan_xattr < st->xattr_map_size)
-+ {
-+ xheader_store (xattr_map[scan_xattr].xkey, st, &scan_xattr);
-+ ++scan_xattr;
-+ }
-+ }
-+ }
-+
- return header;
- }
-
-@@ -1711,6 +1726,11 @@ dump_file0 (struct tar_stat_info *st, char const *name, char const *p)
- bool ok;
- struct stat final_stat;
-
-+ if (fd == 0)
-+ xattrs_xattrs_get(st, p, -1);
-+ else
-+ xattrs_xattrs_get(st, p, fd);
-+
- if (is_dir)
- {
- const char *tag_file_name;
-@@ -1829,6 +1849,8 @@ dump_file0 (struct tar_stat_info *st, char const *name, char const *p)
- if (NAME_FIELD_SIZE - (archive_format == OLDGNU_FORMAT) < size)
- write_long_link (st);
-
-+ xattrs_xattrs_get(st, p, -1);
-+
- block_ordinal = current_block_ordinal ();
- st->stat.st_size = 0; /* force 0 size on symlink */
- header = start_header (st);
-@@ -1847,11 +1869,20 @@ dump_file0 (struct tar_stat_info *st, char const *name, char const *p)
- }
- #endif
- else if (S_ISCHR (st->stat.st_mode))
-- type = CHRTYPE;
-+ {
-+ type = CHRTYPE;
-+ xattrs_xattrs_get(st, p, -1);
-+ }
- else if (S_ISBLK (st->stat.st_mode))
-- type = BLKTYPE;
-+ {
-+ type = BLKTYPE;
-+ xattrs_xattrs_get(st, p, -1);
-+ }
- else if (S_ISFIFO (st->stat.st_mode))
-- type = FIFOTYPE;
-+ {
-+ type = FIFOTYPE;
-+ xattrs_xattrs_get(st, p, -1);
-+ }
- else if (S_ISSOCK (st->stat.st_mode))
- {
- WARNOPT (WARN_FILE_IGNORED,
-diff --git a/src/extract.c b/src/extract.c
-index aaea56e..5c0a9c9 100644
---- a/src/extract.c
-+++ b/src/extract.c
-@@ -97,6 +97,9 @@ struct delayed_set_stat
- /* Directory that the name is relative to. */
- int change_dir;
-
-+ /* extended attributes*/
-+ size_t xattr_map_size; /* Size of the xattr map */
-+ struct xattr_array *xattr_map;
- /* Length and contents of name. */
- size_t file_name_len;
- char file_name[1];
-@@ -134,6 +137,9 @@ struct delayed_link
- hard-linked together. */
- struct string_list *sources;
-
-+ size_t xattr_map_size; /* Size of the xattr map */
-+ struct xattr_array *xattr_map;
-+
- /* The desired target of the desired link. */
- char target[1];
- };
-@@ -335,6 +341,8 @@ set_stat (char const *file_name,
- utime_error (file_name);
- }
-
-+ xattrs_xattrs_set(st, file_name, typeflag);
-+
- if (0 < same_owner_option && ! interdir)
- {
- /* Some systems allow non-root users to give files away. Once this
-@@ -431,6 +439,13 @@ delay_set_stat (char const *file_name, struct tar_stat_info const *st,
- data->atflag = atflag;
- data->after_links = 0;
- data->change_dir = chdir_current;
-+ if (st)
-+ xheader_xattr_copy (st, &data->xattr_map, &data->xattr_map_size);
-+ else
-+ {
-+ data->xattr_map = NULL;
-+ data->xattr_map_size = 0;
-+ }
- strcpy (data->file_name, file_name);
- delayed_set_stat_head = data;
- if (must_be_dot_or_slash (file_name))
-@@ -673,6 +688,31 @@ maybe_recoverable (char *file_name, bool regular, bool *interdir_made)
- return RECOVER_NO;
- }
-
-+/* Restore stat extended attributes (xattr) for FILE_NAME, using information
-+ given in *ST. Restore before extraction because they may affect layout.
-+ If not restoring permissions, invert the
-+ INVERT_PERMISSIONS bits from the file's current permissions.
-+ TYPEFLAG specifies the type of the file.
-+ FILE_CREATED indicates set_xattr has created the file */
-+static int
-+set_xattr (char const *file_name, struct tar_stat_info const *st,
-+ mode_t invert_permissions, char typeflag, int *file_created)
-+{
-+ int status = 0;
-+ bool interdir_made = false;
-+
-+ if ((xattrs_option >= 0) && st->xattr_map_size) {
-+ mode_t mode = current_stat_info.stat.st_mode & MODE_RWX & ~ current_umask;
-+
-+ do
-+ status = mknod (file_name, mode ^ invert_permissions, 0);
-+ while (status && maybe_recoverable ((char *)file_name, false, &interdir_made));
-+ xattrs_xattrs_set(st, file_name, typeflag);
-+ *file_created = 1;
-+ }
-+ return(status);
-+}
-+
- /* Fix the statuses of all directories whose statuses need fixing, and
- which are not ancestors of FILE_NAME. If AFTER_LINKS is
- nonzero, do this for all such directories; otherwise, stop at the
-@@ -733,12 +773,15 @@ apply_nonancestor_delayed_set_stat (char const *file_name, bool after_links)
- sb.stat.st_gid = data->gid;
- sb.atime = data->atime;
- sb.mtime = data->mtime;
-+ sb.xattr_map = data->xattr_map;
-+ sb.xattr_map_size = data->xattr_map_size;
- set_stat (data->file_name, &sb,
- -1, current_mode, current_mode_mask,
- DIRTYPE, data->interdir, data->atflag);
- }
-
- delayed_set_stat_head = data->next;
-+ xheader_xattr_free (data->xattr_map, data->xattr_map_size);
- free (data);
- }
- }
-@@ -854,6 +897,7 @@ extract_dir (char *file_name, int typeflag)
-
- static int
- open_output_file (char const *file_name, int typeflag, mode_t mode,
-+ int file_created,
- mode_t *current_mode, mode_t *current_mode_mask)
- {
- int fd;
-@@ -864,6 +908,10 @@ open_output_file (char const *file_name, int typeflag, mode_t mode,
- ? O_TRUNC | (dereference_option ? 0 : O_NOFOLLOW)
- : O_EXCL));
-
-+ /* File might be created in set_xattr. So clear O_EXCL to avoid open() failure */
-+ if (file_created)
-+ openflag = openflag & ~O_EXCL;
-+
- if (typeflag == CONTTYPE)
- {
- static int conttype_diagnosed;
-@@ -934,6 +982,7 @@ extract_file (char *file_name, int typeflag)
- bool interdir_made = false;
- mode_t mode = (current_stat_info.stat.st_mode & MODE_RWX
- & ~ (0 < same_owner_option ? S_IRWXG | S_IRWXO : 0));
-+ mode_t invert_permissions = 0 < same_owner_option ? mode & (S_IRWXG | S_IRWXO) : 0;
- mode_t current_mode = 0;
- mode_t current_mode_mask = 0;
-
-@@ -950,7 +999,17 @@ extract_file (char *file_name, int typeflag)
- }
- else
- {
-+ int file_created = 0;
-+ if (set_xattr (file_name, ¤t_stat_info, invert_permissions,
-+ typeflag, &file_created))
-+ {
-+ skip_member ();
-+ open_error (file_name);
-+ return 1;
-+ }
-+
- while ((fd = open_output_file (file_name, typeflag, mode,
-+ file_created,
- ¤t_mode, ¤t_mode_mask))
- < 0)
- {
-@@ -1091,6 +1150,7 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made)
- + strlen (file_name) + 1);
- p->sources->next = 0;
- strcpy (p->sources->string, file_name);
-+ xheader_xattr_copy (¤t_stat_info, &p->xattr_map, &p->xattr_map_size);
- strcpy (p->target, current_stat_info.link_name);
-
- h = delayed_set_stat_head;
-@@ -1525,6 +1585,8 @@ apply_delayed_links (void)
- st1.stat.st_gid = ds->gid;
- st1.atime = ds->atime;
- st1.mtime = ds->mtime;
-+ st1.xattr_map = ds->xattr_map;
-+ st1.xattr_map_size = ds->xattr_map_size;
- set_stat (source, &st1, -1, 0, 0, SYMTYPE,
- false, AT_SYMLINK_NOFOLLOW);
- valid_source = source;
-@@ -1539,6 +1601,8 @@ apply_delayed_links (void)
- sources = next;
- }
-
-+ xheader_xattr_free (ds->xattr_map, ds->xattr_map_size);
-+
- {
- struct delayed_link *next = ds->next;
- free (ds);
-diff --git a/src/list.c b/src/list.c
-index cf2de09..6f52579 100644
---- a/src/list.c
-+++ b/src/list.c
-@@ -604,6 +604,8 @@ decode_header (union block *header, struct tar_stat_info *stat_info,
- assign_string (&stat_info->gname,
- header->header.gname[0] ? header->header.gname : NULL);
-
-+ xheader_xattr_init(stat_info);
-+
- if (format == OLDGNU_FORMAT && incremental_option)
- {
- stat_info->atime.tv_sec = TIME_FROM_HEADER (header->oldgnu_header.atime);
-diff --git a/src/tar.c b/src/tar.c
-index 928cfdd..75510d8 100644
---- a/src/tar.c
-+++ b/src/tar.c
-@@ -304,6 +304,7 @@ enum
- NO_UNQUOTE_OPTION,
- NO_WILDCARDS_MATCH_SLASH_OPTION,
- NO_WILDCARDS_OPTION,
-+ NO_XATTR_OPTION,
- NULL_OPTION,
- NUMERIC_OWNER_OPTION,
- OCCURRENCE_OPTION,
-@@ -340,7 +341,8 @@ enum
- VOLNO_FILE_OPTION,
- WARNING_OPTION,
- WILDCARDS_MATCH_SLASH_OPTION,
-- WILDCARDS_OPTION
-+ WILDCARDS_OPTION,
-+ XATTR_OPTION
- };
-
- const char *argp_program_version = "tar (" PACKAGE_NAME ") " VERSION;
-@@ -516,6 +518,10 @@ static struct argp_option options[] = {
- {"preserve-order", 's', 0, 0,
- N_("sort names to extract to match archive"), GRID+1 },
- {"same-order", 0, 0, OPTION_ALIAS, NULL, GRID+1 },
-+ {"xattrs", XATTR_OPTION, 0, 0,
-+ N_("Save the user/root xattrs to the archive"), GRID+1 },
-+ {"no-xattrs", NO_XATTR_OPTION, 0, 0,
-+ N_("Don't extract the user/root xattrs from the archive"), GRID+1 },
- {"preserve", PRESERVE_OPTION, 0, 0,
- N_("same as both -p and -s"), GRID+1 },
- {"delay-directory-restore", DELAY_DIRECTORY_RESTORE_OPTION, 0, 0,
-@@ -2079,6 +2085,15 @@ parse_opt (int key, char *arg, struct argp_state *state)
- same_permissions_option = -1;
- break;
-
-+ case XATTR_OPTION:
-+ set_archive_format ("posix");
-+ xattrs_option = 1;
-+ break;
-+
-+ case NO_XATTR_OPTION:
-+ xattrs_option = -1;
-+ break;
-+
- case RECURSION_OPTION:
- recursion_option = FNM_LEADING_DIR;
- break;
-@@ -2461,6 +2476,15 @@ decode_options (int argc, char **argv)
- || subcommand_option != LIST_SUBCOMMAND))
- USAGE_ERROR ((0, 0, _("--pax-option can be used only on POSIX archives")));
-
-+ /* star create's non-POSIX typed archives with xattr support, so allow the
-+ extra headers */
-+ if ((xattrs_option > 0)
-+ && archive_format != POSIX_FORMAT
-+ && (subcommand_option != EXTRACT_SUBCOMMAND
-+ || subcommand_option != DIFF_SUBCOMMAND
-+ || subcommand_option != LIST_SUBCOMMAND))
-+ USAGE_ERROR ((0, 0, _("--xattrs can be used only on POSIX archives")));
-+
- /* If ready to unlink hierarchies, so we are for simpler files. */
- if (recursive_unlink_option)
- old_files_option = UNLINK_FIRST_OLD_FILES;
-@@ -2713,6 +2737,7 @@ void
- tar_stat_destroy (struct tar_stat_info *st)
- {
- tar_stat_close (st);
-+ xheader_xattr_free (st->xattr_map, st->xattr_map_size);
- free (st->orig_file_name);
- free (st->file_name);
- free (st->link_name);
-diff --git a/src/tar.h b/src/tar.h
-index ce9850c..955b18e 100644
---- a/src/tar.h
-+++ b/src/tar.h
-@@ -276,6 +276,14 @@ struct xheader
- uintmax_t string_length;
- };
-
-+/* Information about xattrs for a file. */
-+struct xattr_array
-+ {
-+ char *xkey;
-+ char *xval_ptr;
-+ size_t xval_len;
-+ };
-+
- struct tar_stat_info
- {
- char *orig_file_name; /* name of file read from the archive header */
-@@ -287,6 +295,7 @@ struct tar_stat_info
-
- char *uname; /* user name of owner */
- char *gname; /* group name of owner */
-+
- struct stat stat; /* regular filesystem stat */
-
- /* STAT doesn't always have access, data modification, and status
-@@ -309,6 +318,9 @@ struct tar_stat_info
- size_t sparse_map_size; /* Size of the sparse map */
- struct sp_array *sparse_map;
-
-+ size_t xattr_map_size; /* Size of the xattr map */
-+ struct xattr_array *xattr_map;
-+
- /* Extended headers */
- struct xheader xhdr;
-
-diff --git a/src/xattrs.c b/src/xattrs.c
-new file mode 100644
-index 0000000..6a9950e
---- /dev/null
-+++ b/src/xattrs.c
-@@ -0,0 +1,181 @@
-+/* Create a tar archive.
-+
-+ Copyright (C) 2006 Free Software Foundation, Inc.
-+
-+ Written by James Antill, on 2006-07-27.
-+
-+ This program is free software; you can redistribute it and/or modify it
-+ under the terms of the GNU General Public License as published by the
-+ Free Software Foundation; either version 2, or (at your option) any later
-+ version.
-+
-+ This program is distributed in the hope that it will be useful, but
-+ WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
-+ Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License along
-+ with this program; if not, write to the Free Software Foundation, Inc.,
-+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
-+
-+#include <system.h>
-+
-+#include <quotearg.h>
-+
-+#include "common.h"
-+
-+
-+#ifndef HAVE_ATTR_XATTR_H
-+# undef HAVE_XATTRS
-+#endif
-+
-+#ifdef HAVE_ATTR_XATTR_H
-+# include <attr/xattr.h>
-+#endif
-+
-+
-+void xattrs_xattrs_get(struct tar_stat_info *st, char const *file_name, int fd)
-+{
-+ if (xattrs_option > 0)
-+ { /* get all xattrs ... this include security.* and system.* if
-+ available. We filter them here, but we have to filter them
-+ in xattrs_xattrs_set() anyway.
-+ */
-+ static ssize_t xsz = 1024;
-+ static char *xatrs = NULL;
-+ ssize_t xret = -1;
-+
-+#ifndef HAVE_XATTRS
-+ static int done = 0;
-+ if ((xattrs_option > 0) && !done)
-+ WARN ((0, 0, _("Xattr support requested, but not available")));
-+ done = 1;
-+#else
-+
-+ if (!xatrs) xatrs = xmalloc (xsz);
-+
-+ while (((fd == -1) ?
-+ ((xret = llistxattr (file_name, xatrs, xsz)) == -1) :
-+ ((xret = flistxattr (fd, xatrs, xsz)) == -1)) &&
-+ (errno == ERANGE))
-+ {
-+ xsz <<= 1;
-+ xatrs = xrealloc (xatrs, xsz);
-+ }
-+
-+ if (xret == -1)
-+ call_arg_warn ((fd == -1) ? "llistxattrs" : "flistxattrs", file_name);
-+ else
-+ {
-+ const char *attr = xatrs;
-+ static ssize_t asz = 1024;
-+ static char *val = NULL;
-+
-+ if (!val) val = xmalloc (asz);
-+
-+ while (xret > 0)
-+ {
-+ size_t len = strlen (attr);
-+ ssize_t aret = 0;
-+
-+ /* Archive all xattrs during creation, decide at extraction time
-+ * which ones are of interest/use for the target filesystem. */
-+ while (((fd == -1) ?
-+ ((aret = lgetxattr (file_name, attr, val, asz)) == -1) :
-+ ((aret = fgetxattr (fd, attr, val, asz)) == -1)) &&
-+ (errno == ERANGE))
-+ {
-+ asz <<= 1;
-+ val = xrealloc (val, asz);
-+ }
-+
-+ if (aret != -1)
-+ xheader_xattr_add (st, attr, val, aret);
-+ else if (errno != ENOATTR)
-+ call_arg_warn ((fd==-1) ? "lgetxattr" : "fgetxattr", file_name);
-+
-+ attr += len + 1;
-+ xret -= len + 1;
-+ }
-+ }
-+#endif
-+ }
-+}
-+
-+static void xattrs__fd_set(struct tar_stat_info const *st,
-+ char const *file_name, char typeflag,
-+ const char *attr,
-+ const char *ptr, size_t len)
-+{
-+#ifdef HAVE_XATTRS
-+ if (ptr)
-+ {
-+ const char *sysname = "setxattr";
-+ int ret = -1;
-+
-+ if (typeflag != SYMTYPE)
-+ ret = setxattr (file_name, attr, ptr, len, 0);
-+ else
-+ {
-+ sysname = "lsetxattr";
-+ ret = lsetxattr (file_name, attr, ptr, len, 0);
-+ }
-+
-+ /* do not print warnings when SELinux is disabled */
-+ if ((ret == -1) && (errno != EPERM) && (errno != ENOTSUP))
-+ call_arg_error(sysname, file_name);
-+ }
-+#endif
-+}
-+
-+static char *skip_to_ext_fields(char *ptr)
-+{
-+ ptr += strcspn(ptr, ":,\n"); /* skip tag name. Ie. user/group/default/mask */
-+
-+ if (*ptr != ':')
-+ return (ptr); /* error? no user/group field */
-+ ++ptr;
-+
-+ ptr += strcspn(ptr, ":,\n"); /* skip user/group name */
-+
-+ if (*ptr != ':')
-+ return (ptr); /* error? no perms field */
-+ ++ptr;
-+
-+ ptr += strcspn(ptr, ":,\n"); /* skip perms */
-+
-+ if (*ptr != ':')
-+ return (ptr); /* no extra fields */
-+
-+ return (ptr);
-+}
-+
-+void xattrs_xattrs_set(struct tar_stat_info const *st,
-+ char const *file_name, char typeflag)
-+{
-+ if ((xattrs_option >= 0) && st->xattr_map_size)
-+ {
-+ size_t scan = 0;
-+
-+#ifndef HAVE_XATTRS
-+ static int done = 0;
-+ if (!done)
-+ WARN ((0, 0, _("Xattr support requested, but not available")));
-+ done = 1;
-+#else
-+ while (scan < st->xattr_map_size)
-+ {
-+ char *keyword = st->xattr_map[scan].xkey;
-+
-+ /* assert (!memcpy (keyword, "SCHILY.xattr.", strlen("SCHILY.xattr."))); */
-+ keyword += strlen("SCHILY.xattr.");
-+
-+ xattrs__fd_set (st, file_name, typeflag, keyword,
-+ st->xattr_map[scan].xval_ptr,
-+ st->xattr_map[scan].xval_len);
-+
-+ ++scan;
-+ }
-+#endif
-+ }
-+}
-diff --git a/src/xattrs.h b/src/xattrs.h
-new file mode 100644
-index 0000000..7ffdce1
---- /dev/null
-+++ b/src/xattrs.h
-@@ -0,0 +1,6 @@
-+
-+extern void xattrs_xattrs_get(struct tar_stat_info *st,
-+ char const *file_name, int fd);
-+
-+extern void xattrs_xattrs_set(struct tar_stat_info const *st,
-+ char const *file_name, char typeflag);
-diff --git a/src/xheader.c b/src/xheader.c
-index 2284e97..557b3e5 100644
---- a/src/xheader.c
-+++ b/src/xheader.c
-@@ -460,6 +460,74 @@ xheader_write_global (struct xheader *xhdr)
- }
- }
-
-+void xheader_xattr_init(struct tar_stat_info *st)
-+{
-+ st->xattr_map = NULL;
-+ st->xattr_map_size = 0;
-+}
-+
-+void xheader_xattr_free(struct xattr_array *xattr_map, size_t xattr_map_size)
-+{
-+ size_t scan = 0;
-+
-+ while (scan < xattr_map_size)
-+ {
-+ free (xattr_map[scan].xkey);
-+ free (xattr_map[scan].xval_ptr);
-+
-+ ++scan;
-+ }
-+ free (xattr_map);
-+}
-+
-+static void xheader_xattr__add(struct xattr_array **xattr_map,
-+ size_t *xattr_map_size,
-+ const char *key, const char *val, size_t len)
-+{
-+ size_t pos = (*xattr_map_size)++;
-+
-+ *xattr_map = xrealloc (*xattr_map,
-+ *xattr_map_size * sizeof(struct xattr_array));
-+ (*xattr_map)[pos].xkey = xstrdup (key);
-+ (*xattr_map)[pos].xval_ptr = xmemdup (val, len + 1);
-+ (*xattr_map)[pos].xval_len = len;
-+}
-+
-+void xheader_xattr_add(struct tar_stat_info *st,
-+ const char *key, const char *val, size_t len)
-+{
-+ size_t klen = strlen (key);
-+ char *xkey = xmalloc (strlen("SCHILY.xattr.") + klen + 1);
-+ char *tmp = xkey;
-+
-+ tmp = stpcpy (tmp, "SCHILY.xattr.");
-+ tmp = stpcpy (tmp, key);
-+
-+ xheader_xattr__add (&st->xattr_map, &st->xattr_map_size, xkey, val, len);
-+
-+ free (xkey);
-+}
-+
-+void xheader_xattr_copy(const struct tar_stat_info *st,
-+ struct xattr_array **xattr_map, size_t *xattr_map_size)
-+{
-+ size_t scan = 0;
-+
-+ *xattr_map = NULL;
-+ *xattr_map_size = 0;
-+
-+ while (scan < st->xattr_map_size)
-+ {
-+ char *key = st->xattr_map[scan].xkey;
-+ char *val = st->xattr_map[scan].xval_ptr;
-+ size_t len = st->xattr_map[scan].xval_len;
-+
-+ xheader_xattr__add(xattr_map, xattr_map_size, key, val, len);
-+
-+ ++scan;
-+ }
-+}
-+
- \f
- /* General Interface */
-
-@@ -473,6 +541,7 @@ struct xhdr_tab
- struct xheader *, void const *data);
- void (*decoder) (struct tar_stat_info *, char const *, char const *, size_t);
- int flags;
-+ bool prefix;
- };
-
- /* This declaration must be extern, because ISO C99 section 6.9.2
-@@ -489,8 +558,17 @@ locate_handler (char const *keyword)
- struct xhdr_tab const *p;
-
- for (p = xhdr_tab; p->keyword; p++)
-- if (strcmp (p->keyword, keyword) == 0)
-- return p;
-+ if (p->prefix)
-+ {
-+ if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0)
-+ return p;
-+ }
-+ else
-+ {
-+ if (strcmp (p->keyword, keyword) == 0)
-+ return p;
-+ }
-+
- return NULL;
- }
-
-@@ -500,7 +578,7 @@ xheader_protected_pattern_p (const char *pattern)
- struct xhdr_tab const *p;
-
- for (p = xhdr_tab; p->keyword; p++)
-- if ((p->flags & XHDR_PROTECTED) && fnmatch (pattern, p->keyword, 0) == 0)
-+ if (!p->prefix && (p->flags & XHDR_PROTECTED) && fnmatch (pattern, p->keyword, 0) == 0)
- return true;
- return false;
- }
-@@ -511,7 +589,7 @@ xheader_protected_keyword_p (const char *keyword)
- struct xhdr_tab const *p;
-
- for (p = xhdr_tab; p->keyword; p++)
-- if ((p->flags & XHDR_PROTECTED) && strcmp (p->keyword, keyword) == 0)
-+ if (!p->prefix && (p->flags & XHDR_PROTECTED) && strcmp (p->keyword, keyword) == 0)
- return true;
- return false;
- }
-@@ -1470,6 +1548,27 @@ volume_filename_decoder (struct tar_stat_info *st,
- }
-
- static void
-+xattr_coder (struct tar_stat_info const *st , char const *keyword,
-+ struct xheader *xhdr, void const *data)
-+{
-+ struct xattr_array *xattr_map = st->xattr_map;
-+ const size_t *off = data;
-+ xheader_print_n (xhdr, keyword,
-+ xattr_map[*off].xval_ptr, xattr_map[*off].xval_len);
-+}
-+
-+static void
-+xattr_decoder (struct tar_stat_info *st,
-+ char const *keyword, char const *arg, size_t size)
-+{
-+ char *xstr = NULL;
-+
-+ xstr = xmemdup(arg, size + 1);
-+ xheader_xattr_add(st, keyword + strlen("SCHILY.xattr."), xstr, size);
-+ free(xstr);
-+}
-+
-+static void
- sparse_major_coder (struct tar_stat_info const *st, char const *keyword,
- struct xheader *xhdr, void const *data)
- {
-@@ -1506,53 +1605,53 @@ sparse_minor_decoder (struct tar_stat_info *st,
- }
-
- struct xhdr_tab const xhdr_tab[] = {
-- { "atime", atime_coder, atime_decoder, 0 },
-- { "comment", dummy_coder, dummy_decoder, 0 },
-- { "charset", dummy_coder, dummy_decoder, 0 },
-- { "ctime", ctime_coder, ctime_decoder, 0 },
-- { "gid", gid_coder, gid_decoder, 0 },
-- { "gname", gname_coder, gname_decoder, 0 },
-- { "linkpath", linkpath_coder, linkpath_decoder, 0 },
-- { "mtime", mtime_coder, mtime_decoder, 0 },
-- { "path", path_coder, path_decoder, 0 },
-- { "size", size_coder, size_decoder, 0 },
-- { "uid", uid_coder, uid_decoder, 0 },
-- { "uname", uname_coder, uname_decoder, 0 },
-+ { "atime", atime_coder, atime_decoder, 0, false },
-+ { "comment", dummy_coder, dummy_decoder, 0, false },
-+ { "charset", dummy_coder, dummy_decoder, 0, false },
-+ { "ctime", ctime_coder, ctime_decoder, 0, false },
-+ { "gid", gid_coder, gid_decoder, 0, false },
-+ { "gname", gname_coder, gname_decoder, 0, false },
-+ { "linkpath", linkpath_coder, linkpath_decoder, 0, false },
-+ { "mtime", mtime_coder, mtime_decoder, 0, false },
-+ { "path", path_coder, path_decoder, 0, false },
-+ { "size", size_coder, size_decoder, 0, false },
-+ { "uid", uid_coder, uid_decoder, 0, false },
-+ { "uname", uname_coder, uname_decoder, 0, false },
-
- /* Sparse file handling */
- { "GNU.sparse.name", path_coder, path_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- { "GNU.sparse.major", sparse_major_coder, sparse_major_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- { "GNU.sparse.minor", sparse_minor_coder, sparse_minor_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- { "GNU.sparse.realsize", sparse_size_coder, sparse_size_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- { "GNU.sparse.numblocks", sparse_numblocks_coder, sparse_numblocks_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
-
- /* tar 1.14 - 1.15.90 keywords. */
- { "GNU.sparse.size", sparse_size_coder, sparse_size_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- /* tar 1.14 - 1.15.1 keywords. Multiple instances of these appeared in 'x'
- headers, and each of them was meaningful. It confilcted with POSIX specs,
- which requires that "when extended header records conflict, the last one
- given in the header shall take precedence." */
- { "GNU.sparse.offset", sparse_offset_coder, sparse_offset_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- { "GNU.sparse.numbytes", sparse_numbytes_coder, sparse_numbytes_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
- /* tar 1.15.90 keyword, introduced to remove the above-mentioned conflict. */
- { "GNU.sparse.map", NULL /* Unused, see pax_dump_header() */,
-- sparse_map_decoder, 0 },
-+ sparse_map_decoder, 0, false },
-
- { "GNU.dumpdir", dumpdir_coder, dumpdir_decoder,
-- XHDR_PROTECTED },
-+ XHDR_PROTECTED, false },
-
- /* Keeps the tape/volume label. May be present only in the global headers.
- Equivalent to GNUTYPE_VOLHDR. */
- { "GNU.volume.label", volume_label_coder, volume_label_decoder,
-- XHDR_PROTECTED | XHDR_GLOBAL },
-+ XHDR_PROTECTED | XHDR_GLOBAL, false },
-
- /* These may be present in a first global header of the archive.
- They provide the same functionality as GNUTYPE_MULTIVOL header.
-@@ -1561,11 +1660,14 @@ struct xhdr_tab const xhdr_tab[] = {
- GNU.volume.offset keeps the offset of the start of this volume,
- otherwise kept in oldgnu_header.offset. */
- { "GNU.volume.filename", volume_label_coder, volume_filename_decoder,
-- XHDR_PROTECTED | XHDR_GLOBAL },
-+ XHDR_PROTECTED | XHDR_GLOBAL, false },
- { "GNU.volume.size", volume_size_coder, volume_size_decoder,
-- XHDR_PROTECTED | XHDR_GLOBAL },
-+ XHDR_PROTECTED | XHDR_GLOBAL, false },
- { "GNU.volume.offset", volume_offset_coder, volume_offset_decoder,
-- XHDR_PROTECTED | XHDR_GLOBAL },
-+ XHDR_PROTECTED | XHDR_GLOBAL, false },
-+
-+ /* xattrs use the star format. note we only save some variants... */
-+ { "SCHILY.xattr", xattr_coder, xattr_decoder, 0, true },
-
-- { NULL, NULL, NULL, 0 }
-+ { NULL, NULL, NULL, 0, false }
- };
diff --git a/app-arch/tar/files/tar.1 b/app-arch/tar/files/tar.1
deleted file mode 100644
index 42fd22f..0000000
--- a/app-arch/tar/files/tar.1
+++ /dev/null
@@ -1,816 +0,0 @@
-.TH TAR 1 "Mar 2010" "GNU" "tar"
-.SH NAME
-tar \- The GNU version of the tape archiver (tar) utility
-.SH SYNOPSIS
-.B tar
-.I <operation> [options]
-
-.I Operations:
-.nf
-.B [-]A --catenate --concatenate
-.B [-]c --create
-.B [-]d --diff --compare
-.B [-]r --append
-.B [-]t --list
-.B [-]u --update
-.B [-]x --extract --get
-.B --delete
-.fi
-
-.I Common Options:
-.nf
-.BR -C ", " --directory " DIR"
-.BR -f ", " --file " FILE"
-.BR -j ", " --bzip2
-.BR -J ", " --xz
-.BR -p ", " --preserve-permissions
-.BR -v ", " --verbose
-.BR -z ", " --gzip
-.fi
-
-.I All Options:
-.br
-[
-.BR -a ", " --auto-compress
-]
-[
-.BR --add-file " FILE"
-]
-[
-.BR --anchored
-]
-[
-.BR --atime-preserve
-]
-[
-.BR -b ", " --blocking-factor " N"
-]
-[
-.BR -B ", " --read-full-records
-]
-[
-.BR --backup " BACKUP-TYPE"
-]
-[
-.BR --block-compress
-]
-[
-.BR -C ", " --directory " DIR"
-]
-[
-.BR --checkpoint
-]
-[
-.BR --delay-directory-restore
-]
-[
-.BR --exclude " PATTERN"
-]
-[
-.BR --exclude-caches
-]
-[
-.BR --exclude-caches-all
-]
-[
-.BR --exclude-caches-under
-]
-[
-.BR --exclude-tag " FILE"
-]
-[
-.BR --exclude-tag-all " FILE"
-]
-[
-.BR --exclude-tag-under " FILE"
-]
-[
-.BR -f ", " --file " [HOSTNAME:]FILE"
-]
-[
-.BR -F ", " --info-script " FILE, " --new-volume-script " FILE"
-]
-[
-.BR --force-local
-]
-[
-.BR --format " FORMAT"
-]
-[
-.BR -g ", " --listed-incremental " SNAPSHOT"
-]
-[
-.BR -G ", " --incremental
-]
-[
-.BR --group " GROUP"
-]
-[
-.BR -h ", " --dereference
-]
-[
-.BR --help
-]
-[
-.BR -i ", " --ignore-zeros
-]
-[
-.BR -I ", " --use-compress-program " PROG"
-]
-[
-.BR --ignore-case
-]
-[
-.BR --ignore-command-error
-]
-[
-.BR --ignore-failed-read
-]
-[
-.BR --index-file " FILE"
-]
-[
-.BR -j ", " --bzip2
-]
-[
-.BR -J ", " --xz
-]
-[
-.BR -k ", " --keep-old-files
-]
-[
-.BR -K ", " --starting-file " FILE"
-]
-[
-.BR --keep-newer-files
-]
-[
-.BR -l ", " --check-links
-]
-[
-.BR -L ", " --tape-length " N"
-]
-[
-.BR --lzip
-]
-[
-.BR --lzma
-]
-[
-.BR --lzop
-]
-[
-.BR -m ", " --touch ", " --modification-time
-]
-[
-.BR -M ", " --multi-volume
-]
-[
-.BR --mode " PERMISSIONS"
-]
-[
-.BR --mtime " DATE"
-]
-[
-.BR -N ", " --after-date " DATE, " --newer " DATE"
-]
-[
-.BR --newer-mtime " DATE"
-]
-[
-.BR --no-anchored
-]
-[
-.BR --no-auto-compress
-]
-[
-.BR --no-delay-directory-restore
-]
-[
-.BR --no-ignore-case
-]
-[
-.BR --no-ignore-command-error
-]
-[
-.BR --no-overwrite-dir
-]
-[
-.BR --no-quote-chars
-]
-[
-.BR --no-recursion
-]
-[
-.BR --no-same-permissions
-]
-[
-.BR --no-unquote
-]
-[
-.BR --no-wildcards
-]
-[
-.BR --no-wildcards-match-slash
-]
-[
-.BR --null
-]
-[
-.BR --numeric-owner
-]
-[
-.BR -o ", " --old-archive ", " --portability ", " --no-same-owner
-]
-[
-.BR -O ", " --to-stdout
-]
-[
-.BR --occurrence " NUM"
-]
-[
-.BR --one-file-system
-]
-[
-.BR --overwrite
-]
-[
-.BR --overwrite-dir
-]
-[
-.BR --owner " USER"
-]
-[
-.BR -p ", " --same-permissions ", " --preserve-permissions
-]
-[
-.BR -P ", " --absolute-names
-]
-[
-.BR --pax-option " KEYWORD-LIST"
-]
-[
-.BR --posix
-]
-[
-.BR --preserve
-]
-[
-.BR --quote-chars " STRING"
-]
-[
-.BR --quote-style " STYLE"
-]
-[
-.BR -R ", " --block-number
-]
-[
-.BR --record-size " SIZE"
-]
-[
-.BR --recursion
-]
-[
-.BR --recursive-unlink
-]
-[
-.BR --remove-files
-]
-[
-.BR --restrict
-]
-[
-.BR --rmt-command " CMD"
-]
-[
-.BR --rsh-command " CMD"
-]
-[
-.BR -s ", " --same-order ", " --preserve-order
-]
-[
-.BR -S ", " --sparse
-]
-[
-.BR --same-owner
-]
-[
-.BR --show-defaults
-]
-[
-.BR --show-omitted-dirs
-]
-[
-.BR --show-transformed-names ", " --show-stored-names
-]
-[
-.BR --strip-components " NUMBER"
-]
-[
-.BR --suffix " SUFFIX"
-]
-[
-.BR -T ", " --files-from " FILE"
-]
-[
-.BR --test-label
-]
-[
-.BR --to-command " COMMAND"
-]
-[
-.BR --transform " EXPRESSION"
-]
-[
-.BR --totals
-]
-[
-.BR -U ", " --unlink-first
-]
-[
-.BR --unquote
-]
-[
-.BR --utc
-]
-[
-.BR -v ", " --verbose
-]
-[
-.BR -V ", " --label " NAME"
-]
-[
-.BR --version
-]
-[
-.BR --volno-file " FILE"
-]
-[
-.BR -w ", " --interactive ", " --confirmation
-]
-[
-.BR -W ", " --verify
-]
-[
-.BR --wildcards
-]
-[
-.BR --wildcards-match-slash
-]
-[
-.BR -X ", " --exclude-from " FILE"
-]
-[
-.BR -z ", " --gzip ", " --gunzip ", " --ungzip
-]
-[
-.BR -Z ", " --compress ", " --uncompress
-]
-[
-.BR -[0-7][lmh]
-]
-.SH DESCRIPTION
-This manual page documents the GNU version of \fBtar\fR, an archiving
-program designed to store and extract files from an archive file known
-as a \fItarfile\fR. A \fItarfile\fR may be made on a tape drive,
-however, it is also common to write a \fItarfile\fR to a normal file.
-The first argument to \fBtar\fR must be one of the options \fBAcdrtux\fR,
-followed by any optional functions. The final arguments to \fBtar\fR
-are the names of the files or directories which should be archived. The
-use of a directory name always implies that the subdirectories below
-should be included in the archive.
-.SH EXAMPLES
-.TP
-.B tar -xvf foo.tar
-verbosely extract foo.tar
-.TP
-.B tar -xzf foo.tar.gz
-extract gzipped foo.tar.gz
-.TP
-.B tar -cjf foo.tar.bz2 bar/
-create bzipped tar archive of the directory bar called foo.tar.bz2
-.TP
-.B tar -xjf foo.tar.bz2 -C bar/
-extract bzipped foo.tar.bz2 after changing directory to bar
-.TP
-.B tar -xzf foo.tar.gz blah.txt
-extract the file blah.txt from foo.tar.gz
-.P
-Note: When working with archives, specifying the compression option is often
-times unnecessary as \fBtar\fR will automatically detect the compression type
-based on the suffix of the archive.
-.SH "FUNCTION LETTERS"
-.TP
-.B One of the following options must be used:
-.TP
-.BR -A ", " --catenate ", " --concatenate
-append tar files to an archive
-.TP
-.BR -c ", " --create
-create a new archive
-.TP
-.BR -d ", " --diff ", " --compare
-find differences between archive and file system
-.TP
-.BR -r ", " --append
-append files to the end of an archive
-.TP
-.BR -t ", " --list
-list the contents of an archive
-.TP
-.BR -u ", " --update
-only append files that are newer than the existing in archive
-.TP
-.BR -x ", " --extract ", " --get
-extract files from an archive
-.TP
-.BR --delete
-delete from the archive (not for use on magnetic tapes!)
-.SH "COMMON OPTIONS"
-.TP
-.BR -C ", " --directory " DIR"
-change to directory DIR
-.TP
-.BR -f ", " --file " [HOSTNAME:]FILE"
-use archive file or device FILE (default is "-", meaning stdin/stdout)
-.TP
-.BR -j ", " --bzip2
-filter archive through bzip2; use to decompress .bz2 files
-.TP
-.BR -J ", " --xz
-filter archive through xz; use to decompress .xz files
-.TP
-.BR -p ", " --preserve-permissions
-extract all protection information
-.TP
-.BR -v ", " --verbose
-verbosely list files processed
-.TP
-.BR -z ", " --gzip ", " --ungzip
-filter the archive through gzip
-.SH "ALL OPTIONS"
-.TP
-.BR -a ", " --auto-compress
-use archive suffix to determine the compression program
-.TP
-.BR --add-file " FILE"
-add specified FILE to the archive (useful if FILE starts with a dash)
-.TP
-.BR --anchored
-patterns will match the start of file names
-.TP
-.BR --atime-preserve
-don't change access times of files that are archived
-.TP
-.BR -b ", " --blocking-factor " N"
-block size of Nx512 bytes (default N=20)
-.TP
-.BR -B ", " --read-full-blocks
-reblock as we read (for reading 4.2BSD pipes)
-.TP
-.BR --backup " BACKUP-TYPE"
-backup files instead of deleting them using BACKUP-TYPE simple or
-numbered
-.TP
-.BR --block-compress
-block the output of compression program for tapes
-.TP
-.BR -C ", " --directory " DIR"
-change to directory DIR
-.TP
-.BR --checkpoint
-print directory names while reading the archive
-.TP
-.BR --delay-directory-restore
-delay setting modification times and permissions of extracted directories
-until the end of extraction
-.TP
-.BR --exclude " PATTERN"
-exclude files based upon PATTERN
-.TP
-.BR --exclude-caches
-exclude directories that contain a cache directory tag
-.TP
-.BR --exclude-tag " FILE"
-exclude directories that contain a file named FILE
-.TP
-.BR -f ", " --file " [HOSTNAME:]FILE"
-use archive file or device FILE (default "-", meaning stdin/stdout)
-.TP
-.BR -F ", " --info-script " FILE, " --new-volume-script " FILE"
-run script at end of each tape (implies \fI--multi-volume\fR)
-.TP
-.BR --force-local
-archive file is local even if its name contains a colon
-.TP
-.BR --format " FORMAT"
-selects the format of the created archive
-.nf
-\fIv7\fR - Unix V7
-\fIoldgnu\fR - GNU tar <=1.12
-\fIgnu\fR - GNU tar 1.13
-\fIustar\fR - POSIX.1-1988
-\fIposix\fR - POSIX.1-2001
-.fi
-.TP
-.BR -g ", " --listed-incremental " SNAPSHOT"
-create/list/extract new GNU-format incremental backup
-.TP
-.BR --group " GROUP"
-give files added to the archive a group id of GROUP instead of the group id
-of the source file; this option does not affect extraction
-.TP
-.BR -G ", " --incremental
-create/list/extract old GNU-format incremental backup
-.TP
-.BR -h ", " --dereference
-don't archive symlinks; archive the files they point to
-.TP
-.BR --help
-like this manpage, but not as cool
-.TP
-.BR -i ", " --ignore-zeros
-ignore blocks of zeros in archive (normally mean EOF)
-.TP
-.BR -I ", " --use-compress-program " PROG"
-access the archive through PROG (which is generally a compression program;
-it must accept the \fI-d\fR option)
-.TP
-.BR --ignore-case
-ignore case when excluding files
-.TP
-.BR --ignore-command-error
-ignore exit codes of subprocesses
-.TP
-.BR --ignore-failed-read
-don't exit with non-zero status on unreadable files
-.TP
-.BR --index-file " FILE"
-send verbose output to FILE instead of stdout
-.TP
-.BR -j ", " --bzip2
-filter archive through bzip2, use to decompress .bz2 files
-.TP
-.BR -J ", " --xz
-filter archive through xz; use to decompress .xz files
-.TP
-.BR -k ", " --keep-old-files
-keep existing files; don't overwrite them from archive
-.TP
-.BR -K ", " --starting-file " FILE"
-begin at file FILE in the archive
-.TP
-.BR --keep-newer-files
-do not overwrite files which are newer than the archive
-.TP
-.BR -l ", " --check-links
-warn if number of hard links to the file on the filesystem mismatchs
-the number of links recorded in the archive
-.TP
-.BR -L ", " --tape-length " N"
-change tapes after writing N*1024 bytes
-.TP
-.BR -m ", " --touch ", " --modification-time
-don't extract file modified time
-.TP
-.BR -M ", " --multi-volume
-create/list/extract multi-volume archive
-.TP
-.BR --mode " PERMISSIONS"
-apply PERMISSIONS while adding files (see \fBchmod\fR(1))
-.TP
-.BR --mtime " DATE"
-when creating archives, use DATE as the modification time of the members,
-instead of their actual modification times
-.TP
-.BR -N ", " --after-date " DATE, " --newer " DATE"
-only store files that were modified or had status updates (permissions,
-ACLs, extended attributes, ...) since DATE
-.TP
-.BR --newer-mtime " DATE"
-like \fI--newer\fR, but only store files that were modified since DATE
-.TP
-.BR --no-anchored
-match any subsequenceof the name's components with \fI--exclude\fR
-.TP
-.BR --no-auto-compress
-do not use archive suffix to determine the compression program
-.TP
-.BR --no-delay-directory-restore
-modification times and permissions of extracted directories are set when
-all files from this directory have been extracted; this is the default
-.TP
-.BR --no-ignore-command-error
-print warnings about subprocesses that terminated with a non-zero exit code
-.TP
-.BR --no-ignore-case
-use case-sensitive matching with \fI--exclude\fR
-.TP
-.BR --no-overwrite-dir
-preserve metadata of existing directories when extracting files from an
-archive
-.TP
-.BR --no-quote-chars " STRING"
-remove characters listed in STRING from the list of quoted characters
-set by a previous \fI--quote-chars\fR option
-.TP
-.BR --no-recursion
-don't recurse into directories
-.TP
-.BR --no-same-permissions
-apply user's umask when extracting files instead of recorded permissions
-.TP
-.BR --no-unquote
-treat all input file or member names literally, do not interpret
-escape sequences
-.TP
-.BR --no-wildcards
-don't use wildcards with \fI--exclude\fR
-.TP
-.BR --no-wildcards-match-slash
-wildcards do not match slashes (/) with \fI--exclude\fR
-.TP
-.BR --null
-\fI--files-from\fR reads null-terminated names, disable \fI--directory\fR
-.TP
-.BR --numeric-owner
-always use numbers for user/group names
-.TP
-.BR -o ", " --old-archive ", " --portability
-like \fI--format=v7\fR; \fI-o\fR exhibits this behavior when creating an
-archive (deprecated behavior)
-.TP
-.BR -o ", " --no-same-owner
-do not attempt to restore ownership when extracting; \fI-o\fR exhibits
-this behavior when extracting an archive
-.TP
-.BR -O ", " --to-stdout
-extract files to standard output
-.TP
-.BR --occurrence " NUM"
-process only NUM occurrences of each named file; used with
-\fI--delete\fR, \fI--diff\fR, \fI--extract\fR, or \fI--list\fR
-.TP
-.BR --one-file-system
-stay in local file system when creating an archive
-.TP
-.BR --one-file-system
-stay in local file system when creating an archive
-.TP
-.BR --overwrite
-overwrite existing files and directory metadata when extracting
-.TP
-.BR --overwrite-dir
-overwrite directory metadata when extracting
-.TP
-.BR --owner " USER"
-give files added to the archive a user id of USER instead of the user id
-of the source file; this option does not affect extraction
-.TP
-.BR -p ", " --preserve-permissions ", " --same-permissions
-extract all protection information
-.TP
-.BR -P ", " --absolute-names
-don't strip leading `/'s from file names
-.TP
-.BR --pax-option " KEYWORD-LIST"
-used only with POSIX.1-2001 archives to modify the way \fBtar\fR handles
-extended header keywords
-.TP
-.BR --posix
-like \fI--format=posix\fR
-.TP
-.BR --preserve
-like \fI--preserve-permissions\fR plus \fI--same-order\fR
-.TP
-.BR --quote-chars " STRING"
-always quote the characters from STRING, even if the selected quoting
-style would not quote them
-.TP
-.BR --quote-style " STYLE"
-set the quoting style to be used when printing member and file names
-.TP
-.BR -R ", " --record-number
-show record number within archive with each message
-.TP
-.BR --record-size " SIZE"
-use SIZE bytes per record when accessing archives
-.TP
-.BR --recursion
-recurse into directories
-.TP
-.BR --recursive-unlink
-remove existing directories before extracting directories of the same name
-.TP
-.BR --remove-files
-remove files after adding them to the archive
-.TP
-.BR --restrict
-disable the use of some potentially harmful options; currently this
-disables shell invocation from the multi-volume menu
-.TP
-.BR --rmt-command " CMD"
-use CMD instead of the default /usr/sbin/rmt
-.TP
-.BR --rsh-command " CMD"
-use remote CMD instead of \fBrsh\fR(1)
-.TP
-.BR -s ", " --same-order ", " --preserve-order
-list of names to extract is sorted to match archive
-.TP
-.BR -S ", " --sparse
-handle sparse files efficiently
-.TP
-.BR --same-owner
-create extracted files with the same ownership
-.TP
-.BR --show-defaults
-display the default options used by \fBtar\fR
-.TP
-.BR --show-omitted-dirs
-print directories \fBtar\fR skips while operating on an archive
-.TP
-.BR --show-transformed-names ", " --show-stored-names
-display file or member names after applying any \fBsed\fR transformations
-.TP
-.BR --strip-components " NUMBER"
-strip NUMBER of leading path components from file names before extraction
-.TP
-.BR --suffix " SUFFIX"
-use SUFFIX instead of default '~' when backing up files
-.TP
-.BR -T ", " --files-from " FILE"
-get names to extract or create from file FILE
-.TP
-.BR --test-label
-read the volume label; if an argument is specified, test whether it
-matches the volume label
-.TP
-.BR --to-command " COMMAND"
-during extraction, pipe extracted files to the standard input of COMMAND
-.TP
-.BR --totals
-print total bytes written with --create
-.TP
-.BR --transform " EXPRESSION"
-transform file or member names using the \fBsed\fR replacement expression
-EXPRESSION
-.TP
-.BR -U ", " --unlink-first
-remove existing files before extracting files of the same name
-.TP
-.BR --unquote
-enable unquoting input file or member names; this is the default
-.TP
-.BR --utc
-display file modification dates in UTC
-.TP
-.BR -v ", " --verbose
-verbosely list files processed
-.TP
-.BR -V ", " --label " NAME"
-create archive with volume name NAME
-.TP
-.BR --version
-print \fBtar\fR program version number
-.TP
-.BR --volno-file " FILE"
-keep track of which volume of a multi-volume archive its working in
-FILE; used with \fI--multi-volume\fR
-.TP
-.BR -w ", " --interactive ", " --confirmation
-ask for confirmation for every action
-.TP
-.BR -W ", " --verify
-attempt to verify the archive after writing it
-.TP
-.BR --wildcards
-use wildcards with \fI--exclude\fR
-.TP
-.BR --wildcards-match-slash
-wildcards match slashes (/) with \fI--exclude\fR
-.TP
-.BR -X ", " --exclude-from " FILE"
-exclude files listed in FILE
-.TP
-.BR -z ", " --gzip ", " --gunzip ", " --ungzip
-filter the archive through gzip
-.TP
-.BR -Z ", " --compress ", " --uncompress
-filter the archive through compress
-.TP
-.BR -[0-7][lmh]
-specify drive and density
-.SH BUGS
-The GNU folks, in general, abhor man pages and create info documents instead.
-The maintainer of \fBtar\fR falls into this category. Thus, this man page may
-not be complete nor current, and it is included in the Gentoo portage tree
-because man is a great tool :). This man page was first taken from Debian
-Linux and has since been lovingly updated here.
-.SH "REPORTING BUGS"
-Please report bugs via http://bugs.gentoo.org/
-.SH "AUTHORS"
-.nf
-Debian Linux http://www.debian.org/
-Mike Frysinger <vapier@gentoo.org>
-.fi
diff --git a/app-arch/tar/metadata.xml b/app-arch/tar/metadata.xml
deleted file mode 100644
index 96a2d58..0000000
--- a/app-arch/tar/metadata.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<herd>base-system</herd>
-</pkgmetadata>
diff --git a/app-arch/tar/tar-1.26-r3.ebuild b/app-arch/tar/tar-1.26-r3.ebuild
deleted file mode 100644
index 4049bac..0000000
--- a/app-arch/tar/tar-1.26-r3.ebuild
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.26.ebuild,v 1.1 2011/03/13 20:46:42 vapier Exp $
-
-EAPI="3"
-
-inherit autotools flag-o-matic
-
-DESCRIPTION="Use this to make tarballs :)"
-HOMEPAGE="http://www.gnu.org/software/tar/"
-SRC_URI="http://ftp.gnu.org/gnu/tar/${P}.tar.bz2
- ftp://alpha.gnu.org/gnu/tar/${P}.tar.bz2
- mirror://gnu/tar/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="nls static userland_GNU acl caps selinux xattr"
-
-RDEPEND=""
-DEPEND="${RDEPEND}
- nls? ( >=sys-devel/gettext-0.10.35 )"
-
-src_prepare() {
- epatch "${FILESDIR}"/${P}-full-xattr.patch #382067
- eautoreconf
-
- if ! use userland_GNU ; then
- sed -i \
- -e 's:/backup\.sh:/gbackup.sh:' \
- scripts/{backup,dump-remind,restore}.in \
- || die "sed non-GNU"
- fi
-}
-
-src_configure() {
- local myconf
- use static && append-ldflags -static
- use userland_GNU || myconf="--program-prefix=g"
- if use acl || use caps || use selinux || use xattr ; then
- myconf+=" --enable-xattr"
- fi
- # Work around bug in sandbox #67051
- gl_cv_func_chown_follows_symlink=yes \
- FORCE_UNSAFE_CONFIGURE=1 \
- econf \
- --enable-backup-scripts \
- --bindir="${EPREFIX}"/bin \
- --libexecdir="${EPREFIX}"/usr/sbin \
- $(use_enable nls) \
- ${myconf}
-}
-
-src_install() {
- local p=""
- use userland_GNU || p=g
-
- emake DESTDIR="${D}" install || die
-
- if [[ -z ${p} ]] ; then
- # a nasty yet required piece of baggage
- exeinto /etc
- doexe "${FILESDIR}"/rmt || die
- fi
-
- # autoconf looks for gtar before tar (in configure scripts), hence
- # in Prefix it is important that it is there, otherwise, a gtar from
- # the host system (FreeBSD, Solaris, Darwin) will be found instead
- # of the Prefix provided (GNU) tar
- if use prefix ; then
- dosym tar /bin/gtar
- fi
-
- dodoc AUTHORS ChangeLog* NEWS README* THANKS
- newman "${FILESDIR}"/tar.1 ${p}tar.1
- mv "${ED}"/usr/sbin/${p}backup{,-tar}
- mv "${ED}"/usr/sbin/${p}restore{,-tar}
-}
diff --git a/eclass/pax-utils.eclass b/eclass/pax-utils.eclass
deleted file mode 100644
index 216b89a..0000000
--- a/eclass/pax-utils.eclass
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.15 2011/08/22 04:46:32 vapier Exp $
-
-# @ECLASS: pax-utils.eclass
-# @MAINTAINER:
-# The Gentoo Linux Hardened Team <hardened@gentoo.org>
-# @AUTHOR:
-# Original Author: Kevin F. Quinn <kevquinn@gentoo.org>
-# Modifications for bug #365825, @ ECLASS markup: Anthony G. Basile <blueness@gentoo.org>
-# Modifications for XT_PAX markings: Anthony G. Basile <blueness@gentoo.org>
-# @BLURB: functions to provide pax markings
-# @DESCRIPTION:
-# This eclass provides support for manipulating PaX markings on ELF binaries,
-# wrapping the use of the paxctl-ng utilities.
-#
-# To control what markings are made, set PAX_MARKINGS in /etc/make.conf to
-# contain either "XT", "PT" or "none".
-#
-# If PAX_MARKINGS is set to "XT" and paxctl-ng is installed, then both XT_PAX
-# and PT_PAX markings will be made, where possible: XT_PAX will not be made if
-# the file system doesn't support extended attributes and PT_PAX will not be
-# made if the ELF binary doesn't have a PT_PAX header.
-#
-# If PAX_MARKINGS is setto "PT" and paxctl is installed, then only PT_PAX
-# markings will be made.
-#
-# Finally, if neither utility is found, or PAX_MARKINGS is set to "none",
-# then no markings will be made.
-#
-# Note: unlike the original pax-utils.eclass, we will not try to use paxctl -c
-# or paxctl -C to convert or create a PT_PAX program header. Nor will we fall
-# back on scanelf.
-
-inherit eutils
-
-RDEPEND="=sys-apps/elfix-0.3.2"
-
-# Default to XT markings.
-PAX_MARKINGS=${PAX_MARKINGS:="XT"}
-
-# @FUNCTION: pax-mark
-# @USAGE: <flags> {<ELF files>}
-# @RETURN: Shell true if we succeed, shell false otherwise
-# @DESCRIPTION:
-# Marks <ELF files> with provided PaX <flags>
-#
-# Flags are passed directly to the utilities unchanged. Possible flags at the
-# time of writing, taken from /usr/sbin/paxctl-ng, are:
-#
-# p: disable PAGEEXEC P: enable PAGEEXEC
-# e: disable EMUTRMAP E: enable EMUTRMAP
-# m: disable MPROTECT M: enable MPROTECT
-# r: disable RANDMMAP R: enable RANDMMAP
-# s: disable SEGMEXEC S: enable SEGMEXEC
-#
-# Default flags are 'PeMRS', which are the most restrictive settings.
-# Do not use the obsolete flag 'x'/'X'.
-pax-mark() {
- local f flags fail=0 failures="" zero_load_alignment
- # Remove all dashes from the flags
- flags=${1//-}
- shift
- if type -p paxctl-ng > /dev/null && has XT ${PAX_MARKINGS}; then
- elog "XT PaX marking -${flags}"
- _pax_list_files elog "$@"
- for f in "$@"; do
- paxctl-ng -C "${f}"
- paxctl-ng -${flags} "${f}" && continue
- fail=1
- failures="${failures} ${f}"
- done
- elif type -p paxctl > /dev/null && has PT ${PAX_MARKINGS}; then
- elog "PT PaX marking -${flags}"
- _pax_list_files elog "$@"
- for f in "$@"; do
- paxctl -q${flags} "${f}" && continue
- fail=1
- failures="${failures} ${f}"
- done
- elif [[ ${PAX_MARKINGS} != "none" ]]; then
- failures="$*"
- fail=1
- fi
- if [[ ${fail} == 1 ]]; then
- ewarn "Failed to set PaX markings -${flags} for:"
- _pax_list_files ewarn ${failures}
- ewarn "Executables may be killed by PaX kernels."
- fi
- return ${fail}
-}
-
-# @FUNCTION: list-paxables
-# @USAGE: {<files>}
-# @RETURN: Subset of {<files>} which are ELF executables or shared objects
-# @DESCRIPTION:
-# Print to stdout all of the <files> that are suitable to have PaX flag
-# markings, i.e., filter out the ELF executables or shared objects from a list
-# of files. This is useful for passing wild-card lists to pax-mark, although
-# in general it is preferable for ebuilds to list precisely which ELFS are to
-# be marked. Often not all the ELF installed by a package need remarking.
-# @EXAMPLE:
-# pax-mark -m $(list-paxables ${S}/{,usr/}bin/*)
-list-paxables() {
- file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//'
-}
-
-# @FUNCTION: host-is-pax
-# @RETURN: Shell true if the build process is PaX enabled, shell false otherwise
-# @DESCRIPTION:
-# This is intended for use where the build process must be modified conditionally
-# depending on whether the host is PaX enabled or not. It is not intedened to
-# determine whether the final binaries need PaX markings. Note: if procfs is
-# not mounted on /proc, this returns shell false (e.g. Gentoo/FBSD).
-host-is-pax() {
- grep -qs ^PaX: /proc/self/status
-}
-
-
-# INTERNAL FUNCTIONS
-# ------------------
-#
-# These functions are for use internally by the eclass - do not use
-# them elsewhere as they are not supported (i.e. they may be removed
-# or their function may change arbitratily).
-
-# Display a list of things, one per line, indented a bit, using the
-# display command in $1.
-_pax_list_files() {
- local f cmd
- cmd=$1
- shift
- for f in "$@"; do
- ${cmd} " ${f}"
- done
-}
-
diff --git a/profiles/repo_name b/profiles/repo_name
deleted file mode 100644
index e8748ed..0000000
--- a/profiles/repo_name
+++ /dev/null
@@ -1 +0,0 @@
-hardened-dev
diff --git a/sys-boot/grub/ChangeLog b/sys-boot/grub/ChangeLog
deleted file mode 100644
index 139597f..0000000
--- a/sys-boot/grub/ChangeLog
+++ /dev/null
@@ -1,2 +0,0 @@
-
-
diff --git a/sys-boot/grub/files/grub.conf.gentoo b/sys-boot/grub/files/grub.conf.gentoo
deleted file mode 100644
index 0027099..0000000
--- a/sys-boot/grub/files/grub.conf.gentoo
+++ /dev/null
@@ -1,16 +0,0 @@
-# This is a sample grub.conf for use with Genkernel, per the Gentoo handbook
-# http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=10#doc_chap2
-# If you are not using Genkernel and you need help creating this file, you
-# should consult the handbook. Alternatively, consult the grub.conf.sample that
-# is included with the Grub documentation.
-
-default 0
-timeout 30
-#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
-
-#title Gentoo Linux 2.6.24-r5
-#root (hd0,0)
-#kernel /boot/kernel-genkernel-x86-2.6.24-gentoo-r5 root=/dev/ram0 real_root=/dev/sda3
-#initrd /boot/initramfs-genkernel-x86-2.6.24-gentoo-r5
-
-# vim:ft=conf:
diff --git a/sys-boot/grub/grub-0.97-r11.ebuild b/sys-boot/grub/grub-0.97-r11.ebuild
deleted file mode 100644
index 0c9e652..0000000
--- a/sys-boot/grub/grub-0.97-r11.ebuild
+++ /dev/null
@@ -1,292 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/grub-0.97-r10.ebuild,v 1.11 2011/09/10 02:33:59 dirtyepic Exp $
-
-# XXX: we need to review menu.lst vs grub.conf handling. We've been converting
-# all systems to grub.conf (and symlinking menu.lst to grub.conf), but
-# we never updated any of the source code (it still all wants menu.lst),
-# and there is no indication that upstream is making the transition.
-
-# If you need to roll a new grub-static distfile, here is how.
-# - Robin H. Johnson <robbat2@gentoo.org> - 29 Nov 2010
-# USE='static -ncurses -netboot -custom-cflags' \
-# GRUB_STATIC_PACKAGE_BUILDING=1 ebuild \
-# grub-${PVR}.ebuild package && \
-# cp -f ${PKGDIR}/${CAT}/${PF}.tbz2 ${DISTDIR}/grub-static-${PVR}.tar.bz2
-
-inherit mount-boot eutils flag-o-matic toolchain-funcs autotools linux-info pax-utils
-
-PATCHVER="1.11" # Should match the revision ideally
-DESCRIPTION="GNU GRUB Legacy boot loader"
-HOMEPAGE="http://www.gnu.org/software/grub/"
-SRC_URI="mirror://gentoo/${P}.tar.gz
- ftp://alpha.gnu.org/gnu/${PN}/${P}.tar.gz
- mirror://gentoo/splash.xpm.gz
- mirror://gentoo/${P}-patches-${PATCHVER}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="custom-cflags ncurses netboot static"
-
-RDEPEND="ncurses? (
- >=sys-libs/ncurses-5.2-r5
- amd64? ( app-emulation/emul-linux-x86-baselibs )
- )"
-DEPEND="${RDEPEND}"
-
-pkg_setup() {
- local arch="$(tc-arch)"
- case ${arch} in
- amd64) CONFIG_CHECK='~IA32_EMULATION' check_extra_config ;;
- esac
-}
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- # patch breaks booting for some people #111885
- rm "${WORKDIR}"/patch/400_*reiser4*
-
- # Grub will not handle a kernel larger than EXTENDED_MEMSIZE Mb as
- # discovered in bug 160801. We can change this, however, using larger values
- # for this variable means that Grub needs more memory to run and boot. For a
- # kernel of size N, Grub needs (N+1)*2. Advanced users should set a custom
- # value in make.conf, it is possible to make kernels ~16Mb in size, but it
- # needs the kitchen sink built-in.
- local t="custom"
- if [[ -z ${GRUB_MAX_KERNEL_SIZE} ]] ; then
- case $(tc-arch) in
- amd64) GRUB_MAX_KERNEL_SIZE=9 ;;
- x86) GRUB_MAX_KERNEL_SIZE=5 ;;
- esac
- t="default"
- fi
- einfo "Grub will support the ${t} maximum kernel size of ${GRUB_MAX_KERNEL_SIZE} Mb (GRUB_MAX_KERNEL_SIZE)"
-
- sed -i \
- -e "/^#define.*EXTENDED_MEMSIZE/s,3,${GRUB_MAX_KERNEL_SIZE},g" \
- "${S}"/grub/asmstub.c \
- || die "Failed to hack memory size"
-
- if [[ -n ${PATCHVER} ]] ; then
- EPATCH_SUFFIX="patch"
- epatch "${WORKDIR}"/patch
- eautoreconf
- fi
-}
-
-src_compile() {
- filter-flags -fPIE #168834
-
- use amd64 && multilib_toolchain_setup x86
-
- unset BLOCK_SIZE #73499
-
- ### i686-specific code in the boot loader is a bad idea; disabling to ensure
- ### at least some compatibility if the hard drive is moved to an older or
- ### incompatible system.
-
- # grub-0.95 added -fno-stack-protector detection, to disable ssp for stage2,
- # but the objcopy's (faulty) test fails if -fstack-protector is default.
- # create a cache telling configure that objcopy is ok, and add -C to econf
- # to make use of the cache.
- #
- # CFLAGS has to be undefined running econf, else -fno-stack-protector detection fails.
- # STAGE2_CFLAGS is not allowed to be used on emake command-line, it overwrites
- # -fno-stack-protector detected by configure, removed from netboot's emake.
- use custom-cflags || unset CFLAGS
-
- export grub_cv_prog_objcopy_absolute=yes #79734
- use static && append-ldflags -static
-
- # Per bug 216625, the emul packages do not provide .a libs for performing
- # suitable static linking
- if use amd64 && use static ; then
- if [ -z "${GRUB_STATIC_PACKAGE_BUILDING}" ]; then
- die "You must use the grub-static package if you want a static Grub on amd64!"
- else
- eerror "You have set GRUB_STATIC_PACKAGE_BUILDING. This"
- eerror "is specifically intended for building the tarballs for the"
- eerror "grub-static package via USE='static -ncurses'."
- eerror "All bets are now off."
- ebeep 10
- fi
- fi
-
- # build the net-bootable grub first, but only if "netboot" is set
- if use netboot ; then
- econf \
- --libdir=/lib \
- --datadir=/usr/lib/grub \
- --exec-prefix=/ \
- --disable-auto-linux-mem-opt \
- --enable-diskless \
- --enable-{3c{5{03,07,09,29,95},90x},cs89x0,davicom,depca,eepro{,100}} \
- --enable-{epic100,exos205,ni5210,lance,ne2100,ni{50,65}10,natsemi} \
- --enable-{ne,ns8390,wd,otulip,rtl8139,sis900,sk-g16,smc9000,tiara} \
- --enable-{tulip,via-rhine,w89c840} || die "netboot econf failed"
-
- emake w89c840_o_CFLAGS="-O" || die "making netboot stuff"
-
- mv -f stage2/{nbgrub,pxegrub} "${S}"/
- mv -f stage2/stage2 stage2/stage2.netboot
-
- make clean || die "make clean failed"
- fi
-
- # Now build the regular grub
- # Note that FFS and UFS2 support are broken for now - stage1_5 files too big
- econf \
- --libdir=/lib \
- --datadir=/usr/lib/grub \
- --exec-prefix=/ \
- --disable-auto-linux-mem-opt \
- $(use_with ncurses curses) \
- || die "econf failed"
-
- # sanity check due to common failure
- use ncurses && ! grep -qs "HAVE_LIBCURSES.*1" config.h && die "USE=ncurses but curses not found"
-
- emake || die "making regular stuff"
-}
-
-src_test() {
- # non-default block size also give false pass/fails.
- unset BLOCK_SIZE
- make check || die "make check failed"
-}
-
-src_install() {
- emake DESTDIR="${D}" install || die
- if use netboot ; then
- exeinto /usr/lib/grub/${CHOST}
- doexe nbgrub pxegrub stage2/stage2.netboot || die "netboot install"
- fi
-
- dodoc AUTHORS BUGS ChangeLog NEWS README THANKS TODO
- newdoc docs/menu.lst grub.conf.sample
- dodoc "${FILESDIR}"/grub.conf.gentoo
- prepalldocs
-
- [ -n "${GRUB_STATIC_PACKAGE_BUILDING}" ] && \
- mv \
- "${D}"/usr/share/doc/${PF} \
- "${D}"/usr/share/doc/grub-static-${PF/grub-}
-
- insinto /usr/share/grub
- doins "${DISTDIR}"/splash.xpm.gz
-}
-
-setup_boot_dir() {
- local boot_dir=$1
- local dir=${boot_dir}
-
- mkdir -p "${dir}"
- [[ ! -L ${dir}/boot ]] && ln -s . "${dir}/boot"
- dir="${dir}/grub"
- if [[ ! -e ${dir} ]] ; then
- mkdir "${dir}" || die "${dir} does not exist!"
- fi
-
- # change menu.lst to grub.conf
- if [[ ! -e ${dir}/grub.conf ]] && [[ -e ${dir}/menu.lst ]] ; then
- mv -f "${dir}"/menu.lst "${dir}"/grub.conf
- ewarn
- ewarn "*** IMPORTANT NOTE: menu.lst has been renamed to grub.conf"
- ewarn
- fi
-
- if [[ ! -e ${dir}/menu.lst ]]; then
- einfo "Linking from new grub.conf name to menu.lst"
- ln -snf grub.conf "${dir}"/menu.lst
- fi
-
- if [[ -e ${dir}/stage2 ]] ; then
- mv "${dir}"/stage2{,.old}
- ewarn "*** IMPORTANT NOTE: you must run grub and install"
- ewarn "the new version's stage1 to your MBR. Until you do,"
- ewarn "stage1 and stage2 will still be the old version, but"
- ewarn "later stages will be the new version, which could"
- ewarn "cause problems such as an unbootable system."
- ewarn "This means you must use either grub-install or perform"
- ewarn "root/setup manually! For more help, see the handbook:"
- ewarn "http://www.gentoo.org/doc/en/handbook/handbook-${ARCH}.xml?part=1&chap=10#grub-install-auto"
- ebeep
- fi
-
- einfo "Copying files from /lib/grub, /usr/lib/grub and /usr/share/grub to ${dir}"
- for x in \
- "${ROOT}"/lib*/grub/*/* \
- "${ROOT}"/usr/lib*/grub/*/* \
- "${ROOT}"/usr/share/grub/* ; do
- [[ -f ${x} ]] && cp -p "${x}" "${dir}"/
- done
-
- if [[ ! -e ${dir}/grub.conf ]] ; then
- s="${ROOT}/usr/share/doc/${PF}/grub.conf.gentoo"
- [[ -e "${s}" ]] && cat "${s}" >${dir}/grub.conf
- [[ -e "${s}.gz" ]] && zcat "${s}.gz" >${dir}/grub.conf
- [[ -e "${s}.bz2" ]] && bzcat "${s}.bz2" >${dir}/grub.conf
- fi
-
- # Per bug 218599, we support grub.conf.install for users that want to run a
- # specific set of Grub setup commands rather than the default ones.
- grub_config=${dir}/grub.conf.install
- [[ -e ${grub_config} ]] || grub_config=${dir}/grub.conf
- if [[ -e ${grub_config} ]] ; then
- egrep \
- -v '^[[:space:]]*(#|$|default|fallback|initrd|password|splashimage|timeout|title)' \
- "${grub_config}" | \
- /sbin/grub --batch \
- --device-map="${dir}"/device.map \
- > /dev/null
- fi
-
- # the grub default commands silently piss themselves if
- # the default file does not exist ahead of time
- if [[ ! -e ${dir}/default ]] ; then
- grub-set-default --root-directory="${boot_dir}" default
- fi
- einfo "Grub has been installed to ${boot_dir} successfully."
-}
-
-pkg_postinst() {
- mount-boot_mount_boot_partition
-
- # bug 330745
- # must be pax-marked before setup_boot_dir
- pax-mark -m /sbin/grub
-
- if [[ -n ${DONT_MOUNT_BOOT} ]]; then
- elog "WARNING: you have DONT_MOUNT_BOOT in effect, so you must apply"
- elog "the following instructions for your /boot!"
- elog "Neglecting to do so may cause your system to fail to boot!"
- elog
- else
- setup_boot_dir "${ROOT}"/boot
- # Trailing output because if this is run from pkg_postinst, it gets mixed into
- # the other output.
- einfo ""
- fi
- elog "To interactively install grub files to another device such as a USB"
- elog "stick, just run the following and specify the directory as prompted:"
- elog " emerge --config =${PF}"
- elog "Alternately, you can export GRUB_ALT_INSTALLDIR=/path/to/use to tell"
- elog "grub where to install in a non-interactive way."
-
- # needs to be after we call setup_boot_dir
- mount-boot_pkg_postinst
-}
-
-pkg_config() {
- local dir
- if [ ! -d "${GRUB_ALT_INSTALLDIR}" ]; then
- einfo "Enter the directory where you want to setup grub:"
- read dir
- else
- dir="${GRUB_ALT_INSTALLDIR}"
- fi
- setup_boot_dir "${dir}"
-}
diff --git a/sys-boot/grub/metadata.xml b/sys-boot/grub/metadata.xml
deleted file mode 100644
index 96a2d58..0000000
--- a/sys-boot/grub/metadata.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<herd>base-system</herd>
-</pkgmetadata>
diff --git a/sys-devel/binutils/ChangeLog b/sys-devel/binutils/ChangeLog
deleted file mode 100644
index 9c2ac33..0000000
--- a/sys-devel/binutils/ChangeLog
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-*binutils-2.21.1-r2 (22 Nov 2011)
-
- 22 Nov 2011; Anthony G. Basile <blueness@gentoo.org>
- +binutils-2.21.1-r2.ebuild, +metadata.xml:
- Remove patch which adds PT_PAX headers
-
diff --git a/sys-devel/binutils/binutils-2.21.1-r2.ebuild b/sys-devel/binutils/binutils-2.21.1-r2.ebuild
deleted file mode 100644
index f364066..0000000
--- a/sys-devel/binutils/binutils-2.21.1-r2.ebuild
+++ /dev/null
@@ -1,9 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/binutils/binutils-2.21.1-r1.ebuild,v 1.9 2011/11/19 21:15:07 vapier Exp $
-
-PATCHVER="1.3"
-ELF2FLT_VER=""
-inherit toolchain-binutils
-EPATCH_EXCLUDE="63_all_binutils-2.21.1-pt-pax-flags-20110918.patch"
-KEYWORDS=""
diff --git a/sys-devel/binutils/metadata.xml b/sys-devel/binutils/metadata.xml
deleted file mode 100644
index b756437..0000000
--- a/sys-devel/binutils/metadata.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<herd>toolchain</herd>
-<use>
-<flag name='multislot'>Allow for multiple versions of binutils to be emerged at once for same CTARGET</flag>
-<flag name='multitarget'>Adds support to binutils for cross compiling (does not work with gas)</flag>
-</use>
-</pkgmetadata>
diff --git a/sys-kernel/xtpax-sources/ChangeLog b/sys-kernel/xtpax-sources/ChangeLog
deleted file mode 100644
index 08b16c9..0000000
--- a/sys-kernel/xtpax-sources/ChangeLog
+++ /dev/null
@@ -1,20 +0,0 @@
-
-
-*xtpax-sources-3.1.5 (13 Dec 2011)
-
- 13 Dec 2011; Anthony G. Basile <blueness@gentoo.org>
- +xtpax-sources-3.1.5.ebuild:
- Version bump
-
-*xtpax-sources-3.1.1 (20 Nov 2011)
-
- 20 Nov 2011; Anthony G. Basile <blueness@gentoo.org>
- +xtpax-sources-3.1.1.ebuild, +metadata.xml:
- Renamed hardened-xtpax-sources to xtpax-sources to avoid name collision
-
-*hardened-xtpax-sources-3.1.1 (20 Nov 2011)
-
- 20 Nov 2011; Anthony G. Basile <blueness@gentoo.org>
- +hardened-xtpax-sources-3.1.1.ebuild, +metadata.xml:
- Initial commit XT_PAX based kernel
-
diff --git a/sys-kernel/xtpax-sources/metadata.xml b/sys-kernel/xtpax-sources/metadata.xml
deleted file mode 100644
index 6fa414d..0000000
--- a/sys-kernel/xtpax-sources/metadata.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>kernel</herd>
- <herd>hardened</herd>
- <maintainer>
- <email>blueness@gentoo.org</email>
- <name>Anthony G. Basile</name>
- </maintainer>
- <longdescription>
- hardened-sources is based upon genpatches, and adds the grsecurity
- patch from http://www.grsecurity.net, which also includes PaX.
- </longdescription>
- <use>
- <flag name='deblob'>Remove binary blobs from kernel sources to provide libre license compliance.</flag>
- </use>
-</pkgmetadata>
diff --git a/sys-kernel/xtpax-sources/xtpax-sources-3.1.1.ebuild b/sys-kernel/xtpax-sources/xtpax-sources-3.1.1.ebuild
deleted file mode 100644
index c30f6af..0000000
--- a/sys-kernel/xtpax-sources/xtpax-sources-3.1.1.ebuild
+++ /dev/null
@@ -1,49 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-3.1.1.ebuild,v 1.1 2011/11/19 18:57:05 blueness Exp $
-
-EAPI="4"
-
-ETYPE="sources"
-K_WANT_GENPATCHES="base extras"
-K_GENPATCHES_VER="4"
-K_DEBLOB_AVAILABLE="1"
-
-inherit kernel-2
-detect_version
-
-HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-1"
-HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-xtpax-patches-${HGPV}.extras.tar.bz2"
-SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}"
-
-UNIPATCH_LIST="${DISTDIR}/hardened-xtpax-patches-${HGPV}.extras.tar.bz2"
-UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch"
-
-DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/"
-IUSE="deblob"
-
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-pkg_postinst() {
- kernel-2_pkg_postinst
-
- local GRADM_COMPAT="sys-apps/gradm-2.2.2*"
-
- ewarn
- ewarn "Hardened Gentoo provides three different predefined grsecurity level:"
- ewarn "[server], [workstation], and [virtualization]."
- ewarn
- ewarn "Those who intend to use one of these predefined grsecurity levels"
- ewarn "should read the help associated with the level. Users importing a"
- ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32,"
- ewarn "should review their selected grsecurity/PaX options carefully."
- ewarn
- ewarn "Users of grsecurity's RBAC system must ensure they are using"
- ewarn "${GRADM_COMPAT}, which is compatible with ${PF}."
- ewarn "It is strongly recommended that the following command is issued"
- ewarn "prior to booting a ${PF} kernel for the first time:"
- ewarn
- ewarn "emerge -na =${GRADM_COMPAT}"
- ewarn
-}
diff --git a/sys-kernel/xtpax-sources/xtpax-sources-3.1.5.ebuild b/sys-kernel/xtpax-sources/xtpax-sources-3.1.5.ebuild
deleted file mode 100644
index 1942045..0000000
--- a/sys-kernel/xtpax-sources/xtpax-sources-3.1.5.ebuild
+++ /dev/null
@@ -1,49 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-3.1.1.ebuild,v 1.1 2011/11/19 18:57:05 blueness Exp $
-
-EAPI="4"
-
-ETYPE="sources"
-K_WANT_GENPATCHES="base extras"
-K_GENPATCHES_VER="8"
-K_DEBLOB_AVAILABLE="1"
-
-inherit kernel-2
-detect_version
-
-HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-1"
-HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/xtpax-patches-${HGPV}.extras.tar.bz2"
-SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}"
-
-UNIPATCH_LIST="${DISTDIR}/xtpax-patches-${HGPV}.extras.tar.bz2"
-UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch"
-
-DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})"
-HOMEPAGE="http://www.gentoo.org/proj/en/hardened/"
-IUSE="deblob"
-
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-pkg_postinst() {
- kernel-2_pkg_postinst
-
- local GRADM_COMPAT="sys-apps/gradm-2.2.2*"
-
- ewarn
- ewarn "Hardened Gentoo provides three different predefined grsecurity level:"
- ewarn "[server], [workstation], and [virtualization]."
- ewarn
- ewarn "Those who intend to use one of these predefined grsecurity levels"
- ewarn "should read the help associated with the level. Users importing a"
- ewarn "kernel configuration from a kernel prior to ${PN}-2.6.32,"
- ewarn "should review their selected grsecurity/PaX options carefully."
- ewarn
- ewarn "Users of grsecurity's RBAC system must ensure they are using"
- ewarn "${GRADM_COMPAT}, which is compatible with ${PF}."
- ewarn "It is strongly recommended that the following command is issued"
- ewarn "prior to booting a ${PF} kernel for the first time:"
- ewarn
- ewarn "emerge -na =${GRADM_COMPAT}"
- ewarn
-}
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-07-28 21:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-07-28 19:38 [gentoo-commits] proj/hardened-dev:XT_PAX commit in: app-arch/tar/files/, /, sys-boot/grub/files/, app-arch/tar/, Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox