From fa4057267c920f211cdcd49f0a0d060d4e8a8b84 Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Fri, 26 Sep 2025 15:26:41 -0400 Subject: [PATCH] paxctl: Remove recipe Remove the paxctl recipe since it has seemingly been broken for a while without anyone noticing, and there likely have been no actual users since grsecurity stopped doing public releases in 2017. Signed-off-by: Scott Murray --- .../include/maintainers-meta-security.inc | 1 - docs/overview.txt | 27 ------------- .../packagegroup-core-security.bb | 1 - ...ckage-error-if-DESTDIR-is-set-to-usr.patch | 26 ------------ recipes-security/paxctl/paxctl_0.9.bb | 40 ------------------- 5 files changed, 95 deletions(-) delete mode 100644 recipes-security/paxctl/paxctl/0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch delete mode 100644 recipes-security/paxctl/paxctl_0.9.bb diff --git a/conf/distro/include/maintainers-meta-security.inc b/conf/distro/include/maintainers-meta-security.inc index 903bb9b..6f13ea9 100644 --- a/conf/distro/include/maintainers-meta-security.inc +++ b/conf/distro/include/maintainers-meta-security.inc @@ -44,7 +44,6 @@ RECIPE_MAINTAINER:pn-libseccomp = "Scott Murray " RECIPE_MAINTAINER:pn-libwhisker2-perl = "Scott Murray " RECIPE_MAINTAINER:pn-ncrack = "Scott Murray " RECIPE_MAINTAINER:pn-nikto = "Scott Murray " -RECIPE_MAINTAINER:pn-paxctl = "Scott Murray " RECIPE_MAINTAINER:pn-python3-fail2ban = "Scott Murray " RECIPE_MAINTAINER:pn-python3-scapy = "Scott Murray " RECIPE_MAINTAINER:pn-python-fail2ban = "Scott Murray " diff --git a/docs/overview.txt b/docs/overview.txt index ed3135a..eb87279 100644 --- a/docs/overview.txt +++ b/docs/overview.txt @@ -103,33 +103,6 @@ help for each package. usage : simply invoke the script name in the terminal. - == pax-utils == - - ( This package can be found in oe-core ) - - pax-utils is a small set of various PaX aware and related utilities for - ELF binaries. - - - scanelf : With this application you can print out information specific to the ELF structure of a binary. - For more help please consult the man pages or the readme file. - - - pspax : is a user-space utility that scans the proc directory and list - ELF types, as well as their respective PaX flags and filenames and - attributes. Depending on build options, it may additionaly display the - process running set of capabilities. - - - scanmacho : is a user-space utility to quickly scan given - Mach-Os, directories, or common system paths for different information. This - may include Mach-O types, their install_names, etc. - - - dumpelf : is a user-space utility to dump all of the internal - ELF structures into the equivalent C structures for fun debugging and/or - reference purposes. - - - usage : simply invoke the script name in the terminal. - - == buck-security == Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb index 3f5b0a5..7fb7b62 100644 --- a/recipes-core/packagegroup/packagegroup-core-security.bb +++ b/recipes-core/packagegroup/packagegroup-core-security.bb @@ -42,7 +42,6 @@ RDEPENDS:packagegroup-security-utils = "\ sshguard \ ${@bb.utils.contains("DISTRO_FEATURES", "seccomp ", "libseccomp", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam", "",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \ " have_krill = "${@bb.utils.contains("DISTRO_FEATURES", "pam", "krill", "",d)}" diff --git a/recipes-security/paxctl/paxctl/0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch b/recipes-security/paxctl/paxctl/0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch deleted file mode 100644 index 451cb7f..0000000 --- a/recipes-security/paxctl/paxctl/0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 824c5d7b96aeef1b4e182f657ac002bed6e14cd5 Mon Sep 17 00:00:00 2001 -From: Lei Maohui -Date: Thu, 31 Aug 2023 08:20:56 +0000 -Subject: [PATCH] To fix package error if DESTDIR is set to /usr. - -Upstream-Status: Inappropriate -Signed-off-by: Lei Maohui ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 0d7bc0c..46fd664 100644 ---- a/Makefile -+++ b/Makefile -@@ -19,7 +19,7 @@ $(PROG).o: $(PROG).c $(PROG).h $(PROG)-elf.c - - install: $(PROG) - # $(MKDIR) $(DESTDIR)/sbin $(DESTDIR)$(MANDIR) -- $(INSTALL) -D --owner 0 --group 0 --mode a=rx $(PROG) $(DESTDIR)/sbin/$(PROG) -+ $(INSTALL) -D --owner 0 --group 0 --mode a=rx $(PROG) $(DESTDIR)/usr/sbin/$(PROG) - $(INSTALL) -D --owner 0 --group 0 --mode a=r $(PROG).1 $(DESTDIR)/$(MANDIR)/$(PROG).1 - - clean: --- -2.34.1 diff --git a/recipes-security/paxctl/paxctl_0.9.bb b/recipes-security/paxctl/paxctl_0.9.bb deleted file mode 100644 index 3d2f2a3..0000000 --- a/recipes-security/paxctl/paxctl_0.9.bb +++ /dev/null @@ -1,40 +0,0 @@ -DESCRIPTION = "paxctl is a tool that allows PaX flags to be modified on a \ - per-binary basis. PaX is part of common security-enhancing \ - kernel patches and secure distributions, such as \ - GrSecurity or Adamantix and Hardened Gen-too, respectively." -HOMEPAGE = "https://pax.grsecurity.net/" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://paxctl.c;beginline=1;endline=5;md5=0ddd065c61020dda79729e6bedaed2c7 \ - file://paxctl-elf.c;beginline=1;endline=5;md5=99f453ce7f6d1687ee808982e2924813 \ - " - -SRC_URI = "http://pax.grsecurity.net/${BP}.tar.gz \ - file://0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch \ -" - -SRC_URI[md5sum] = "9bea59b1987dc4e16c2d22d745374e64" -SRC_URI[sha256sum] = "a330ddd812688169802a3ba29e5e3b19956376b8f6f73b8d7e9586eb04423c2e" - -EXTRA_OEMAKE = "CC='${CC}' DESTDIR='${D}'" - -do_install() { - oe_runmake install -} - -# The install target in the Makefile will fail for paxctl-native with error: -# install -D --owner 0 --group 0 --mode a=rx paxctl .../sbin/paxctl -# install: cannot change ownership of '.../sbin/paxctl': \ -# Operation not permitted -# Drop '--owner 0 --group 0' to fix the issue. -do_install:class-native() { - local PROG=paxctl - install -d ${D}${base_sbindir} - install -d ${D}${mandir}/man1 - install --mode a=rx $PROG ${D}${base_sbindir}/$PROG - install --mode a=r $PROG.1 ${D}${mandir}/man1/$PROG.1 -} - -# Avoid QA Issue: No GNU_HASH in the elf binary -INSANE_SKIP:${PN} = "ldflags" - -BBCLASSEXTEND = "native"