mailgw: use gentoo kernel (hardened is unsupported), updates

mailgw/Makefile

@@ -20,6 +20,7 @@ preinstall:
 postinstall: timesyncd.conf firstboot.start
 	# Konfigurationen anpassen
 	cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
+	mkdir -p $(CHROOT)/etc/local.d
 	cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
 	touch $(CHROOT)/firstboot
 	sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers

mailgw/firstboot.start

@@ -11,9 +11,6 @@ localectl --no-convert set-keymap de-latin1-nodeadkeys
 echo 'Activate services...'
 timedatectl set-ntp true
 
-echo 'Setting hardened...'
-paxctl-ng -m /usr/bin/python2.7
-
 # variables
 LABEL="DATA"
 DATABASE_PASS="Di1sgMySQLPwd."

mailgw/mailgw.cfg

@@ -1,6 +1,6 @@
 ##HOSTNAME = $(APPLIANCE)
 ##TIMEZONE = UTC
-##DISK_SIZE = 6.0G
+DISK_SIZE = 8.0G
 ##SWAP_SIZE = 30
 ##SWAP_FILE = $(CHROOT)/.swap
 ##ARCH = amd64-hardened
@@ -11,7 +11,7 @@
 ##SOFTWARE = 1
 ##PKGLIST = 0
 ##RSYNC_MIRROR = rsync://rsync15.de.gentoo.org/gentoo/
-KERNEL_PKG = hardened-sources
+##KERNEL_PKG = gentoo-sources
 KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
 ENABLE_SSHD = YES
 TIMEZONE=Europe/Berlin

mailgw/make.conf

@@ -1,7 +1,8 @@
 CFLAGS="-O2 -pipe"
 CXXFLAGS="-O2 -pipe"
-USE="hardened justify pax_kernel pie ssp urandom xattr xtpax -fortran -jit -orc -pch -pic -prelink -profile -tcc"
+USE="hardened justify pie ssp urandom xattr xtpax -fortran -jit -orc -pch -pic -prelink -profile -tcc"
 MAKEOPTS="-j5"
 ACCEPT_LICENSE="*"
-PYTHON_TARGETS="python2_7"
+PYTHON_TARGETS="python2_7 python3_6"
 PYTHON_SINGLE_TARGET="python2_7"
+VIDEO_CARDS="vmware"

mailgw/mariadb/my.cnf

@@ -1,5 +1,4 @@
 # /etc/mysql/my.cnf: The global mysql configuration file.
-# $Id$
 
 # The following options will be passed to all MySQL clients
 [client]
@@ -8,34 +7,38 @@ port						= 3306
 socket						= /var/run/mysqld/mysqld.sock
 
 [mysql]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 default-character-set=utf8
 
 [mysqladmin]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 default-character-set=utf8
 
 [mysqlcheck]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 default-character-set=utf8
 
 [mysqldump]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 default-character-set=utf8
 
 [mysqlimport]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 default-character-set=utf8
 
 [mysqlshow]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 default-character-set=utf8
 
 [myisamchk]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
 
 [myisampack]
-character-sets-dir=/usr/share/mysql/charsets
+character-sets-dir=/usr/share/mariadb/charsets
+
+# use [safe_mysqld] with mysql-3
+[mysqld_safe]
+err-log						= /var/log/mysql/mysql.err
 
 # add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
 [mysqld]
@@ -56,7 +59,7 @@ net_buffer_length 			= 16K
 read_buffer_size 			= 256K
 read_rnd_buffer_size 		= 512K
 myisam_sort_buffer_size 	= 8M
-lc_messages_dir			= /usr/share/mysql
+lc_messages_dir			= /usr/share/mariadb
 #Set this to your desired error message language
 lc_messages			= en_US
 

mailgw/package.keywords

@@ -1,9 +1,6 @@
 # Grundsystem
-app-admin/paxtest ~amd64 ~x86
 app-emulation/open-vm-tools ~amd64 ~x86
 sys-auth/pam_ssh_agent_auth ~amd64 ~x86
-sys-kernel/gentoo-sources ~amd64 ~x86
-sys-kernel/hardened-sources ~amd64 ~x86
 
 # ASSP
 dev-perl/Archive-Extract

mailgw/package.unmask

@@ -1 +0,0 @@
-sys-kernel/hardened-sources

mailgw/package.use

@@ -3,7 +3,8 @@ app-editors/nano ncurses
 app-emulation/open-vm-tools pic -modules
 app-misc/mc -slang
 dev-lang/python ssl threads xml
-dev-libs/libpcre cxx
+dev-libs/libpcre cxx jit
+dev-libs/libpcre2 jit
 dev-util/pkgconfig internal-glib
 net-misc/openssh ssl
 net-misc/wget ssl
@@ -14,7 +15,6 @@ sys-apps/portage ipc
 sys-auth/pambase nullok sha512
 sys-devel/gcc cxx nptl
 sys-kernel/gentoo-sources symlink
-sys-kernel/hardened-sources symlink
 
 # Monitoring
 net-analyzer/zabbix agent

mailgw/world

@@ -1,13 +1,9 @@
 app-admin/logrotate
-app-admin/paxtest
 app-admin/sudo
 app-emulation/open-vm-tools
 app-misc/mc
 app-misc/screenservice
 net-analyzer/zabbix
-sys-apps/elfix
-sys-apps/gradm
-sys-apps/paxctl
 sys-auth/pam_ssh_agent_auth
 sys-fs/mdadm
 sys-power/acpid