Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grsecurity: update to linux-4.4 #13505

Merged
merged 6 commits into from
Mar 8, 2016
Merged

grsecurity: update to linux-4.4 #13505

merged 6 commits into from
Mar 8, 2016

Conversation

tg-x
Copy link
Member

@tg-x tg-x commented Feb 27, 2016

Things done:
  • Tested via nix.useChroot.
  • Built on platform(s): x86_64.
  • Tested compilation of all pkgs that depend on this change.
  • Tested execution of binary products.
  • Fits CONTRIBUTING.md.
Extra

Fixes broken grsecurity due to kernel version change.

(FIXED: I was going to submit this, but by the time I created this pull request @fpletz updated the kernel version to 4.4.3, for which there's no grsecurity patch out yet.)

@mention-bot
Copy link

By analyzing the blame information on this pull request, we identified @thoughtpolice, @copumpkin and @wkennington to be potential reviewers

@tg-x tg-x changed the title Grsecurity linux 4.4 Grsecurity: update to linux 4.4 Feb 27, 2016
@tg-x tg-x changed the title Grsecurity: update to linux 4.4 Grsecurity: update to linux-4.4 Feb 27, 2016
@tg-x tg-x changed the title Grsecurity: update to linux-4.4 grsecurity: update to linux-4.4 Feb 27, 2016
@fpletz
Copy link
Member

fpletz commented Feb 27, 2016

Sorry. We should decouple grsecurity kernels from the mainline kernels. We have this problem with grsecurity for quite some time.

@copumpkin
Copy link
Member

Yeah please decouple!
On Sat, Feb 27, 2016 at 11:13 Franz Pletz [email protected] wrote:

Sorry. We should decouple grsecurity kernels from the mainline kernels. We
have this problem with grsecurity for quite some time.


Reply to this email directly or view it on GitHub
#13505 (comment).

@tg-x tg-x force-pushed the grsecurity-linux-4.4 branch from c814afb to 4e3d6d3 Compare February 27, 2016 18:58
@tg-x
Copy link
Member Author

tg-x commented Feb 27, 2016

alright, decoupled it, and also fixed up the stable patch

NeQuissimus
NeQuissimus reviewed Feb 28, 2016
View reviewed changes
pkgs/top-level/all-packages.nix
kernelPatches.mips_ext3_n32
];
};

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we have a linux_grsecurity_latest similar to what the standard kernel has?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, can name it _stable & _testing instead of the version numbers

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, what I mean is we have linuxPackages_latest that is simply an "alias" for whatever the latest is.
4_4 would be the specific 4.4 kernel, while latest switches to 4.5 as soon as 4.5 becomes stable.
That way configuring to latest simply requires a rebuild without a configuration change to update.

For example, my config usually has one of these:

    kernelPackages = pkgs.linuxPackages_latest;
    kernelPackages = pkgs.linuxPackages_testing;

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are only used to refer to the appropriate base kernel for grsec internally in patches.nix,
the kernelPackages configuration so far has been set with:

kernelPackages = pkgs.linux_grsec_testing_server;
kernelPackages = pkgs.linux_grsec_stable_server;

So these don't include any version information, but would be indeed good to add it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, fixed the versioning, too.

@domenkozar domenkozar modified the milestones: 16.xx, 16.03 Feb 28, 2016
@fpletz fpletz merged commit be3bd97 into NixOS:master Mar 8, 2016
fpletz added a commit that referenced this pull request Mar 8, 2016
@fpletz
Merge remote-tracking branch 'origin/pr/13505'
eb5a897 
Fixes #13505.
fpletz added a commit that referenced this pull request Mar 8, 2016
@fpletz
grsecurity: 4.4.2 -> 4.4.4
255d710 
See #13505.
fpletz added a commit that referenced this pull request Mar 8, 2016
@fpletz
Merge remote-tracking branch 'origin/pr/13505'
613dfd5 
Fixes #13505.

(cherry picked from commit eb5a897)
fpletz added a commit that referenced this pull request Mar 8, 2016
@fpletz
grsecurity: 4.4.2 -> 4.4.4
69dbce3 
See #13505.

(cherry picked from commit 255d710)
@fpletz
Copy link
Member

fpletz commented Mar 8, 2016

Thanks! Merged, updated to 4.4.4 and also pushed to the 16.03 branch because @domenkozar set the milestone. 🍻

@joachifm joachifm mentioned this pull request Apr 3, 2016
Closed
adrianpk added a commit to adrianpk/nixpkgs that referenced this pull request May 31, 2024
@adrianpk
Merge remote-tracking branch 'origin/pr/13505'
4557211 
Fixes NixOS#13505.

(cherry picked from commit eb5a897)
adrianpk added a commit to adrianpk/nixpkgs that referenced this pull request May 31, 2024
@adrianpk
grsecurity: 4.4.2 -> 4.4.4
7fe048f 
See NixOS#13505.

(cherry picked from commit 255d710)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
16.03
Development

Successfully merging this pull request may close these issues.
6 participants
@tg-x @mention-bot @fpletz @copumpkin @NeQuissimus @domenkozar