mirror of
https://github.com/openwall/lkrg.git
synced 2023-12-13 21:30:29 +01:00
Add RPM spec file for Red Hat'ish distros
This commit is contained in:
parent
5cfc92c0a3
commit
db35e0e207
2 changed files with 65 additions and 1 deletions
4
CHANGES
4
CHANGES
|
@ -2,8 +2,10 @@ The following major changes have been since LKRG 0.9.6:
|
|||
|
||||
*) Support new mainline kernels 6.4 to 6.5.x, and hopefully beyond
|
||||
*) Support new RHEL 9.1 and 9.2 kernels, and hopefully beyond
|
||||
*) Bootup script changes
|
||||
*) Add RPM spec file for Red Hat'ish distros (usable via "rpmbuild -tb" on our
|
||||
release tarball)
|
||||
*) Add Arch Linux's /usr/bin/modprobe path to usermodehelper allow list
|
||||
*) Bootup script changes
|
||||
*) Continuous Integration updates
|
||||
|
||||
|
||||
|
|
62
lkrg.spec
Normal file
62
lkrg.spec
Normal file
|
@ -0,0 +1,62 @@
|
|||
%define kmod_headers_version %(rpm -qa kernel-devel | sed 's/^kernel-devel-//' | sort -r | head -1)
|
||||
%define module_dir /lib/modules/%kmod_headers_version
|
||||
%global debug_package %nil
|
||||
|
||||
Summary: Linux Kernel Runtime Guard (LKRG)
|
||||
Name: lkrg
|
||||
Version: 0.9.6
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://lkrg.org
|
||||
Source: https://lkrg.org/download/%name-%version.tar.gz
|
||||
ExclusiveArch: %ix86 x86_64 %arm32 %arm64
|
||||
BuildRequires: make, gcc, kernel-devel
|
||||
BuildRoot: /override/%name-%version
|
||||
|
||||
%description
|
||||
LKRG performs runtime integrity checking of the Linux kernel and detection of
|
||||
security vulnerability exploits against the kernel.
|
||||
|
||||
As controversial as this concept is, LKRG attempts to post-detect and
|
||||
hopefully promptly respond to unauthorized modifications to the running Linux
|
||||
kernel (integrity checking) or to credentials such as user IDs of the running
|
||||
processes (exploit detection). For process credentials, LKRG attempts to
|
||||
detect the exploit and take action before the kernel would grant access (such
|
||||
as open a file) based on the unauthorized credentials.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
rm -rf %buildroot
|
||||
install -D -p -m 644 lkrg.ko %buildroot%module_dir/lkrg.ko
|
||||
install -D -p -m 644 scripts/bootup/systemd/lkrg.service %buildroot%_unitdir/lkrg.service
|
||||
install -D -p -m 644 scripts/bootup/lkrg.conf %buildroot%_sysconfdir/sysctl.d/01-lkrg.conf
|
||||
|
||||
%post
|
||||
%sbindir/depmod -a
|
||||
echo 'To start LKRG please use: systemctl start lkrg'
|
||||
echo 'To enable LKRG on bootup please use: systemctl enable lkrg'
|
||||
|
||||
%preun
|
||||
%systemd_preun lkrg.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart lkrg.service
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc CHANGES CONCEPTS LICENSE PATREONS PERFORMANCE README
|
||||
%module_dir/*
|
||||
%_unitdir/*
|
||||
%_sysconfdir/sysctl.d/*
|
||||
|
||||
%changelog
|
||||
* Wed Sep 13 2023 Solar Designer <solar@openwall.com> 0.9.6-1
|
||||
- Wrote this rough RPM spec file for Red Hat'ish distros, seems to work fine on
|
||||
RHEL 7, 8, 9 rebuilds, but is only reliable when there's exactly one
|
||||
kernel-devel package installed at build time and it exactly matches the target
|
||||
kernel version.
|
Loading…
Reference in a new issue