diff options
| author | Silvino Silva <silvino@bk.ru> | 2017-08-02 01:01:58 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2017-08-02 01:01:58 +0100 |
| commit | 65167272a3ba52dc4d032a1c60a9ff030408047d (patch) | |
| tree | 0f40548a2b5c8eaf9bd99423e21b8baf63b83d65 /core/conf | |
| parent | 079066bc153f3a6fe84b5da0b8fa8e584641b46d (diff) | |
| download | doc-65167272a3ba52dc4d032a1c60a9ff030408047d.tar.gz | |
first hardened test
Diffstat (limited to 'core/conf')
| -rw-r--r-- | core/conf/pkgmk.conf | 9 | ||||
| -rw-r--r-- | core/conf/prt-get.conf | 19 | ||||
| -rw-r--r-- | core/conf/sysctl.conf | 2 |
3 files changed, 16 insertions, 14 deletions
diff --git a/core/conf/pkgmk.conf b/core/conf/pkgmk.conf index 4ef372e..6949fa7 100644 --- a/core/conf/pkgmk.conf +++ b/core/conf/pkgmk.conf @@ -2,9 +2,10 @@ # /etc/pkgmk.conf: pkgmk(8) configuration # -export CFLAGS="-O2 -march=native -mtune=native" +export CPPFLAGS="-D_FORTIFY_SOURCE=2" +export CFLAGS="-O2 -march=native -mtune=native -pipe -fPIC -fPIE -fstack-protector-strong --param=ssp-buffer-size=4 -fno-plt -fstack-check" export CXXFLAGS="${CFLAGS}" - +export LDFLAGS="-fPIE -pie -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now" export MAKEFLAGS="-j4" case ${PKGMK_ARCH} in @@ -22,7 +23,9 @@ case ${PKGMK_ARCH} in ;; esac -#PKGMK_SOURCE_MIRRORS=(http://crux.nu/distfiles/) +PKGMK_SOURCE_MIRRORS=(https://crux.nu/distfiles/) +#PKGMK_SOURCE_MIRRORS=(https://crux.ster.zone/distfiles/) +#PKGMK_SOURCE_MIRRORS=(https://c9.root.sx/ports/distfiles/) PKGMK_SOURCE_DIR="/usr/ports/distfiles" PKGMK_PACKAGE_DIR="/usr/ports/packages" PKGMK_WORK_DIR="/usr/ports/work/$name" diff --git a/core/conf/prt-get.conf b/core/conf/prt-get.conf index 0504d3e..e210ca8 100644 --- a/core/conf/prt-get.conf +++ b/core/conf/prt-get.conf @@ -5,20 +5,19 @@ # note: the order matters: the package found first is used prtdir /usr/ports/core prtdir /usr/ports/opt +prtdir /usr/ports/contrib +prtdir /usr/ports/c9-ports prtdir /usr/ports/xorg +# 6c37 team provides a collection with freetype-iu, fontconfig-iu +# and cairo-iu ports. + # the following line enables the multilib compat-32 collection #prtdir /usr/ports/compat-32 # the following line enables the user maintained contrib collection -prtdir /usr/ports/contrib - -# ports described on this documentation -#prtdir /usr/ports/c9-ports - -# 6c37 team provides a collection with freetype-iu, fontconfig-iu -# and cairo-iu ports. -#prtdir /usr/ports/6c37 +prtdir /usr/ports/6c37-dropin +prtdir /usr/ports/6c37 ### use mypackage form local directory # prtdir /home/packages/build:mypackage @@ -38,7 +37,7 @@ logfile /usr/ports/pkgbuild/%n-%v-%r.log readme verbose # (verbose|compact|disabled) ### prefer higher versions in sysup / diff -#preferhigher yes # (yes|no) +preferhigher no # (yes|no) ### use regexp search # useregex no # (yes|no) @@ -51,7 +50,7 @@ runscripts yes # (no|yes) ### EXPERT SECTION ### ### alternative commands -makecommand sudo -H -u pkgmk -g pkgmk fakeroot pkgmk +makecommand sudo -H -u pkgmk -g users fakeroot pkgmk addcommand sudo pkgadd removecommand sudo pkgrm runscriptcommand sudo sh diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index c421e59..4606791 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -374,7 +374,7 @@ kernel.grsecurity.tpe_gid = 100 # users on the system. If the sysctl option is enabled, a sysctl option # with name "tpe_invert" is created. Unlike other sysctl options, this # entry will default to on for backward-compatibility. -kernel.grsecurity.tpe_invert = 1 +kernel.grsecurity.tpe_invert = 0 # If you say Y here, all non-root users will be covered under # a weaker TPE restriction. This is separate from, and in addition to, |