Wed Feb 5 03:36:49 UTC 2014

10 files changed, 0 insertions, 527 deletions

diff --git a/kernels/pax-flags-libre/clamav.conf b/kernels/pax-flags-libre/clamav.conf
deleted file mode 100644
index 7cb614bca..000000000
--- a/kernels/pax-flags-libre/clamav.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# MPROTECT off
-PSmXER:
-	- /usr/bin/clamscan
-	- /usr/bin/freshclam
-	- /usr/sbin/clamd:
-		type: systemd
diff --git a/kernels/pax-flags-libre/java.conf b/kernels/pax-flags-libre/java.conf
deleted file mode 100644
index 7c10aa16e..000000000
--- a/kernels/pax-flags-libre/java.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# All off :(
-psmxer:
-	- /opt/java/bin/java
-	- /opt/java/bin/javac
-	- /usr/lib/jvm/java-6-openjdk/bin/java
-	- /usr/lib/jvm/java-6-openjdk/bin/javac
-	- /usr/lib/jvm/java-6-openjdk/jre/bin/java
-	- /usr/lib/jvm/java-7-openjdk/bin/javac
-	- /usr/lib/jvm/java-7-openjdk/jre/bin/java
-
-# MPROTECT off
-PSmXER:
-	- /usr/lib/jvm/java-7-openjdk/bin/jar
diff --git a/kernels/pax-flags-libre/kde.conf b/kernels/pax-flags-libre/kde.conf
deleted file mode 100644
index 09c03cc51..000000000
--- a/kernels/pax-flags-libre/kde.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# MPROTECT off
-PSmXER:
-	- /usr/bin/akonadi_sendlater_agent
-	- /usr/bin/akonadi_archivemail_agent
-	- /usr/bin/akonadi_mailfilter_agent
-	- /usr/bin/akonadiconsole
-	- /usr/bin/akregator
-	- /usr/bin/blogilo
-	- /usr/bin/kdeinit4
-	- /usr/bin/kdenlive
-	- /usr/bin/kmail
-	- /usr/bin/knode
-	- /usr/bin/knotify4
-	- /usr/bin/kontact
-	- /usr/bin/kwin
-	- /usr/bin/okular
-	- /usr/lib/kde4/libexec/drkonqi
-	- /usr/lib/kde4/libexec/kwin_opengl_test
-
-# MPROTECT and RANDMMAP off
-PSmXEr:
-	- /usr/lib/kde4/libexec/kscreenlocker_greet
diff --git a/kernels/pax-flags-libre/pax-flags-libre.8 b/kernels/pax-flags-libre/pax-flags-libre.8
deleted file mode 100644
index f27ae82f8..000000000
--- a/kernels/pax-flags-libre/pax-flags-libre.8
+++ /dev/null
@@ -1,112 +0,0 @@
-.TH pax-flags-libre 8 "" 2013-02-18
-.SH NAME
-\fBpax-flags-libre\fR \- Configure PaX flags for several binaries
-.SH SYNOPSIS
-\fBpax-flags-libre\fR [options] [filter]
-.SH DESCRIPTION
-\fBpax-flags-libre\fR is written to configure PaX flags for a set of binaries.
-It is intended to ease the usage of PaX (linux-libre-pax) or grsecurity (linux-libre-grsec,
-linux-libre-grsec-lts) enabled kernel on Parabola GNU/Linux-libre.
-.P
-PaX flags for a set of binaries are collected in YAML format configuration
-files. By default, every .conf file from /etc/pax-flags and
-/usr/share/pax-flags-libre is read. See the CONFIGURATION section for the file
-format.
-.P
-Root privileges are needed. If you set a value to $PAX_FLAGS_SUDO,
-\fBpax-flags-libre\fR will be called with sudo.
-.SH OPTIONS
-.TP
-\-c, \-\-config  <path>
-Override default configuration paths. Requires one path argument. Can contain
-globs (escape them in some shells (zsh for example)).
-.TP
-\-h, \-\-help
-Displays a short usage message and option summary.
-.TP
-\-p, \-\-prepend
-Do not actually change anything.
-.TP
-\-x, \-\-xattr
-Sets the PaX flags through setfattr, underlying filesystems need xattr support.
-.TP
-\-y, \-\-yes
-Non-interactive mode. Assume yes on any question.
-.SH FILES
-.TP
-/etc/pax-flags/*.conf
-Files for overriding the standard flag set and path pattern configuration.
-.TP
-/usr/share/pax-flags-libre/*.conf
-The shipped configuration.
-.SH CONFIGURATION
-There are \fBsimple\fR configuration entries and \fBcomplex\fR ones. Complex
-configuration for a certain flag set and path pattern overrides simple. To
-override a simple entry with a complex one, the flag sets and path patterns have
-to match exactly.
-.SS "Simple entries"
-Simple configuration entries just set the PaX flags for a set of binaries. The
-format is as follows:
-.P
-PSmXER:
-.br
-  \- /usr/bin/ruby
-  \- /usr/bin/glx*
-.P
-\fBPSmXER\fR is the set of flags. Every letter represents a PaX flag. Uppercase
-enables the flag, lowercase disables it. See paxctl(1) for more details. This
-example disables MPROTECT on /usr/bin/ruby and /usr/bin/glx*.
-.SS "Complex entries"
-With complex entries it is possible to stop a daemon before setting the flags
-and starting it afterwards. The format is as follows:
-.P
-PSmXER:
-.br
-  \- /usr/sbin/clamd:
-    type: systemd
-.P
-This would stop clamd, disable MPROTECT for the binary and start the daemon
-again. The \fBtype\fR option values correspond to presets of status, start, stop
-actions. Currently there exists only "systemd". By default the systemd unit file
-would be "clamd" in this case or the basename of the path in general.
-.P
-PSmXEr:
-.br
-  \- /usr/lib/polkit-1/polkitd:
-    type: systemd
-    systemd_name: polkit
-.P
-The \fBsystemd_name\fR option can be used to configure a differing systemd unit
-name.
-.P
-PSmXEr:
-.br
-  \- /usr/lib/iceweasel/iceweasel:
-    status: "pidof iceweasel"
-    start: "iceweasel &"
-    stop: "killall iceweasel"
-.P
-This would configure custom actions for \fBstatus\fR, \fBstart\fR and
-\fBstop\fR.
-.P
-PSmXER:
-.br
-  \- /usr/bin/ruby:
-    skip: true
-.P
-This would override a simple entry for the same flag set and path pattern and
-cause it to be skipped.
-.P
-PSmXER:
-.br
-  \- /usr/lib32/somebinary:
-    header: create
-.P
-This would cause paxctl to not convert the old binary header, but create a new
-one. See paxctl(1) for more details.
-.SH AUTHOR
-henning mueller <henning@orgizm.net>
-.SH SEE ALSO
-\- paxctl(1)
-.br
-\- http://www.yaml.org
diff --git a/kernels/pax-flags-libre/pax-flags-libre.rb b/kernels/pax-flags-libre/pax-flags-libre.rb
deleted file mode 100755
index f2362a157..000000000
--- a/kernels/pax-flags-libre/pax-flags-libre.rb
+++ /dev/null
@@ -1,278 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'getoptlong'
-require 'readline'
-require 'singleton'
-require 'yaml'
-
-# Monkey-path the Array class.
-class Array
-  # ["foo", {"foo" => 1}].cleanup => [{"foo" => 1}]
-  # If the key in a Hash element of an Array is also present as an element of
-  # the Array, delete the latter.
-  def cleanup
-    array = self.dup
-    self.grep(Hash).map(&:keys).flatten.each do |x|
-      array.delete x
-    end
-    array
-  end
-end
-
-# Class handles configuration parameters.
-class FlagsConfig < Hash
-  # This is a singleton class.
-  include Singleton
-
-  # Merges a Hash or YAML file (containing a Hash) with itself.
-  def load config
-    if config.class == Hash
-      merge! config
-      return
-    end
-
-    unless config.nil?
-      merge_yaml! config
-    end
-  end
-
-  # Merge Config Hash with Hash in YAML file.
-  def merge_yaml! path
-    merge!(load_file path) do |key, old, new|
-      (old + new).uniq.cleanup if old.is_a? Array and new.is_a? Array
-    end
-  end
-
-  # Load YAML file and work around tabs not working for identation.
-  def load_file path
-    YAML.load open(path).read.gsub(/\t/, '   ')
-  rescue Psych::SyntaxError => e
-    print path, ':', e.message.split(':').last, "\n"
-    exit 1
-  end
-end
-
-# A method to print a beautiful usage message.
-def usage
-  $stderr.puts <<EOF
-#{File.basename($0)} [options] [filters]
-
-  OPTIONS
-
-    -c, --config     Override default configuration paths. Requires one
-                     argument. Can contain globs (escape them in some shells
-                     (zsh for example)). 
-    -h, --help       This help.
-    -p, --prepend    Do not change anything.
-    -y, --yes        Non-interactive mode. Assume yes on questions.
-    -x, --xattr      Sets the PaX flags through setfattr, underlying
-                     filesystems need xattr support.
-
-  FILTERS
-
-    Only change flags for paths, which contain one of these filters as a string.
-
-EOF
-  exit 1
-end
-
-# This iterates each config entry (which matches the filters). It yields flags,
-# entry, pattern and path of the config entry to the block code.
-def each_entry config, filters
-  config.each do |flags, entries|
-    entries.each do |entry|
-      # Distinguish easy (String) and complex (Hash) config entries.
-      if entry.is_a? String
-        pattern = entry
-      elsif entry.is_a? Hash
-        pattern = entry.keys.first
-      end
-
-      # Skip this entry, if its path pattern does not contain one of the
-      # filters.
-      # TODO Do this for every matching path.
-      unless filters.empty?
-        temp_filters = filters.dup
-        temp_filters.keep_if do |filter|
-          pattern.downcase.include? filter.downcase
-        end
-        next if temp_filters.empty?
-      end
-
-      # If this runs with sudo, the ~ (for the users home path) have to point to
-      # the user who runs it, not to root.
-      unless ENV['SUDO_USER'].nil?
-        paths = File.expand_path pattern.gsub('~', '~' + ENV['SUDO_USER'])
-      else
-        paths = File.expand_path pattern
-      end
-
-      # Now yield for every matching path.
-      Dir.glob(paths).each do |path|
-        yield flags, entry, pattern, path
-      end
-    end
-  end
-end
-
-# Trap SIGINT (ctrl+c)
-trap(:INT) { exit 1 }
-
-# Define the possible options.
-options = GetoptLong.new(
-  ['--config',  '-c', GetoptLong::REQUIRED_ARGUMENT],
-  ['--help',    '-h', GetoptLong::NO_ARGUMENT],
-  ['--prepend', '-p', GetoptLong::NO_ARGUMENT],
-  ['--xattr',   '-x', GetoptLong::NO_ARGUMENT],
-  ['--yes',     '-y', GetoptLong::NO_ARGUMENT],
-)
-
-# Initialize option variables.
-new_configs = []
-prepend = false
-yes = false
-xattr = false
-
-# Set option variables.
-begin
-  options.each do |option, argument|
-    case option
-      when '--config'
-        new_configs = Dir.glob argument
-      when '--help'
-        usage
-      when '--prepend'
-        prepend = true
-      when '--xattr'
-        xattr = true
-      when '--yes'
-        yes = true
-    end
-  end
-rescue GetoptLong::InvalidOption => e
-  usage
-end
-
-# Whatever is left over is a filter.
-filters = ARGV
-
-# Exit if we are not running with root privileges.
-if Process.uid != 0
-  $stderr << "Root privileges needed.\n"
-  exit 1
-end
-
-# Either default config paths or overridden ones.
-config_paths = if new_configs.empty?
-  ['/etc/pax-flags/*.conf', '/usr/share/pax-flags-libre/*.conf']
-else
-  new_configs
-end
-
-# Initialize the singleton config object...
-config = FlagsConfig.instance
-
-# ... and load every config file.
-config_paths.each do |path|
-  Dir.glob(path).each do |file|
-    config.load file
-  end
-end
-
-# Helper text for simple entries.
-puts <<EOF
-Some programs do not work properly without deactivating some of the PaX
-features. Please close all instances of them if you want to change the
-configuration for the following binaries.
-EOF
-
-# Show every simple entry.
-each_entry config, filters do |flags, entry, pattern, path|
-  puts ' * ' + path if File.exists? path and entry.is_a? String
-end
-
-# Let us sum up the complex entries...
-autopaths = []
-each_entry config, filters do |flags, entry, pattern, path|
-  if File.exists? path and entry.is_a? Hash
-    autopaths.push path if not (entry.nil? and entry[path]['skip'])
-  end
-end
-
-# ... to decide, if we need to print them.
-unless autopaths.empty?
-  puts <<EOF
-
-For the following programs there are also changes neccessary but you do not have
-to close or restart instances of them manually.
-EOF
-
-  autopaths.each do |path|
-    puts ' * ' + path
-  end
-end
-
-puts
-puts 'Continue writing PaX headers? [Y/n]'
-
-$stdout.flush
-
-unless yes
-  a = Readline.readline.chomp.downcase
-  exit 1 if a.downcase != 'y' unless a.empty?
-end
-
-# Iterate each entry to actually set the flags.
-each_entry config, filters do |flags, entry, pattern, path|
-  if File.exists? path
-    e = entry[pattern]
-    actions = %w(status start stop)
-    start_again = false
-
-    # Get action commands from entries config.
-    status = e['status']
-    start  = e['start']
-    stop   = e['stop']
-
-    # If the type attribute is set to systemd, we set the action command
-    # variables again but to systemd defaults.
-    if e['type'] == 'systemd'
-      name = e['systemd_name'] || File.basename(path)
-      actions.each do |action|
-        eval "#{action} = \"systemctl #{action} #{name}.service\""
-      end
-    end
-
-    # If the entry is complex, stop it if it is running.
-    if entry.is_a? Hash
-      if status and system(status + '> /dev/null')
-        system stop unless prepend
-        start_again = true if start
-      end
-    end
-
-    if xattr
-      # setfattr seems to be picky about the order of the flags,
-      # rearrange it beforehand
-      xflags = flags[/[Pp]/] + flags[/[Ee]/] + flags[/[Mm]/] +
-               flags[/[Rr]/] + flags[/[Ss]/]
-      print xflags, ' ', path, "\n"
-    else
-      print flags, ' ', path, "\n"
-    end
-
-    # Set the flags and notify the user.
-    unless prepend
-      if xattr
-        `setfattr -n user.pax.flags -v #{xflags} "#{path}"`
-      else
-        header = 'c'
-        header = 'C' if e['header'] == 'create'
-        `paxctl -#{header}#{flags} "#{path}"`
-      end
-    end
-
-    # Start the complex entries service again, if it is neccessary.
-    system start unless prepend if start_again
-  end
-end
diff --git a/kernels/pax-flags-libre/polkit.conf b/kernels/pax-flags-libre/polkit.conf
deleted file mode 100644
index 5a97136d2..000000000
--- a/kernels/pax-flags-libre/polkit.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# MPROTECT and RANDMMAP off
-PSmXEr:
-	- /usr/lib/polkit-1/polkitd:
-		type: systemd
-		systemd_name: polkit
diff --git a/kernels/pax-flags-libre/qemu.conf b/kernels/pax-flags-libre/qemu.conf
deleted file mode 100644
index 428d2928b..000000000
--- a/kernels/pax-flags-libre/qemu.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-# SEGMEXEC and MPROTECT off
-# (RANDEXEC is not activatable for qemu. The binaries seem to be compiled
-# with PIE enabled, though.)
-PsmxER:
-	- /usr/bin/qemu-alpha
-	- /usr/bin/qemu-arm
-	- /usr/bin/qemu-armeb
-	- /usr/bin/qemu-cris
-	- /usr/bin/qemu-i386
-	- /usr/bin/qemu-m68k
-	- /usr/bin/qemu-microblaze
-	- /usr/bin/qemu-microblazeel
-	- /usr/bin/qemu-mips
-	- /usr/bin/qemu-mipsel
-	- /usr/bin/qemu-ppc
-	- /usr/bin/qemu-ppc64
-	- /usr/bin/qemu-ppc64abi32
-	- /usr/bin/qemu-s390x
-	- /usr/bin/qemu-sh4
-	- /usr/bin/qemu-sh4eb
-	- /usr/bin/qemu-sparc
-	- /usr/bin/qemu-sparc32plus
-	- /usr/bin/qemu-sparc64
-	- /usr/bin/qemu-unicore32
-	- /usr/bin/qemu-x86_64
-
-# MPROTECT off
-PSmXER:
-	- /usr/bin/qemu-system-alpha
-	- /usr/bin/qemu-system-arm
-	- /usr/bin/qemu-system-cris
-	- /usr/bin/qemu-system-i386
-	- /usr/bin/qemu-system-lm32
-	- /usr/bin/qemu-system-m68k
-	- /usr/bin/qemu-system-microblaze
-	- /usr/bin/qemu-system-microblazeel
-	- /usr/bin/qemu-system-mips
-	- /usr/bin/qemu-system-mips64
-	- /usr/bin/qemu-system-mips64el
-	- /usr/bin/qemu-system-mipsel
-	- /usr/bin/qemu-system-ppc
-	- /usr/bin/qemu-system-ppc64
-	- /usr/bin/qemu-system-ppcemb
-	- /usr/bin/qemu-system-s390x
-	- /usr/bin/qemu-system-sh4
-	- /usr/bin/qemu-system-sh4eb
-	- /usr/bin/qemu-system-sparc
-	- /usr/bin/qemu-system-sparc64
-	- /usr/bin/qemu-system-x86_64
-	- /usr/bin/qemu-system-xtensa
-	- /usr/bin/qemu-system-xtensaeb
diff --git a/kernels/pax-flags-libre/replicant.conf b/kernels/pax-flags-libre/replicant.conf
deleted file mode 100644
index a916c34b8..000000000
--- a/kernels/pax-flags-libre/replicant.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# MPROTECT off
-PSmXER:
-	- /opt/replicant-sdk/tools/emulator-arm
-	- /opt/replicant-sdk/tools/emulator-x86
-	- /opt/replicant-sdk/platform-tools/adb:
-		status: "pidof adb"
-		start: "adb start-server"
-		stop: "adb kill-server"
diff --git a/kernels/pax-flags-libre/ruby.conf b/kernels/pax-flags-libre/ruby.conf
deleted file mode 100644
index ec595d462..000000000
--- a/kernels/pax-flags-libre/ruby.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# MPROTECT off
-PSmXER:
-	- ~/.rbenv/versions/?.?.?{,-p*}/bin/ruby
-	- ~/.rbenv/versions/?.?.?{,-p*}/lib/ruby/gems/*/gems/capybara-webkit-*/bin/webkit_server
-	- ~/.rvm/rubies/ruby-?.?.?{,-p*}/bin/ruby
-	- ~/.rvm/gems/ruby-?.?.?{,-p*}/gems/capybara-webkit-*/bin/webkit_server
-	- /usr/bin/ruby
diff --git a/kernels/pax-flags-libre/valgrind.conf b/kernels/pax-flags-libre/valgrind.conf
deleted file mode 100644
index 6d25559ae..000000000
--- a/kernels/pax-flags-libre/valgrind.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# MPROTECT off
-PSmXER:
-	- /usr/bin/valgrind
-	- /usr/lib/valgrind/cachegrind-amd64-linux
-	- /usr/lib/valgrind/cachegrind-x86-linux
-	- /usr/lib/valgrind/callgrind-amd64-linux
-	- /usr/lib/valgrind/callgrind-x86-linux
-	- /usr/lib/valgrind/drd-amd64-linux
-	- /usr/lib/valgrind/drd-x86-linux
-	- /usr/lib/valgrind/exp-bbv-amd64-linux
-	- /usr/lib/valgrind/exp-bbv-x86-linux
-	- /usr/lib/valgrind/exp-dhat-amd64-linux
-	- /usr/lib/valgrind/exp-dhat-x86-linux
-	- /usr/lib/valgrind/exp-sgcheck-amd64-linux
-	- /usr/lib/valgrind/exp-sgcheck-x86-linux
-	- /usr/lib/valgrind/helgrind-amd64-linux
-	- /usr/lib/valgrind/helgrind-x86-linux
-	- /usr/lib/valgrind/lackey-amd64-linux
-	- /usr/lib/valgrind/lackey-x86-linux
-	- /usr/lib/valgrind/massif-amd64-linux
-	- /usr/lib/valgrind/massif-x86-linux
-	- /usr/lib/valgrind/memcheck-amd64-linux
-	- /usr/lib/valgrind/memcheck-x86-linux
-	- /usr/lib/valgrind/none-amd64-linux
-	- /usr/lib/valgrind/none-x86-linux