Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tweak paxctld logic in kernel metapackage #179

Merged
merged 2 commits into from
Jul 20, 2020

Conversation

conorsch
Copy link
Contributor

Prior to building the kernel modules via dkms, let's make sure that paxctld is up and running, and all flags have been applied. Otherwise, a lack of exempting flag could cause the module build to fail.

Related to freedomofpress/securedrop-workstation#590

Conor Schaefer added 2 commits July 16, 2020 12:08
Prior to building the kernel modules via dkms, let's make sure that
paxctld is up and running, and all flags have been applied. Otherwise,
a lack of exempting flag could cause the module build to fail.
The version string is changed like so:

  4.14.186+buster -> 4.14.186+buster1

which results in the latter version superseding the former, according to
`dpkg --compare-versions`. We don't change the kernel image, we're
only adjusting the postinst logic inside the package, to resolve a
problem encountered with dkms builds on certain platforms.
@conorsch conorsch requested review from zenmonkeykstop and emkll July 16, 2020 19:52
@conorsch
Copy link
Contributor Author

Regarding packaging procedures, I'm going to:

  1. Build a new package from this PR and submit to the dev LFS repo, for inclusion on apt-test
  2. Perform manual QA from apt-test repo, to determine whether the update resolves the issue
  3. Once functionality is confirmed, we'll tag the "securedrop-debian-packaging" repository, rebuild, submit build logs, and open a PR to prod LFS with the new artifact.

conorsch pushed a commit to freedomofpress/securedrop-apt-test that referenced this pull request Jul 16, 2020
Copy link
Contributor

@emkll emkll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was unable to reproduce the issue, but changes here look sound, and it definitely does make sense to start paxctld first. Thanks @conorsch

@emkll emkll merged commit 654a53a into main Jul 20, 2020
@emkll emkll deleted the tweak-paxctld-logic-in-kernel-metapackage branch July 20, 2020 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants