grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel to 3.15. This also removes the vserver kernel, since it's probably not nearly as used. Signed-off-by: Austin Seipp <aseipp@pobox.com>
This commit is contained in:
parent
125c2b9468
commit
0399c5ee24
@ -6,12 +6,10 @@ let
|
||||
cfg = config.security.grsecurity;
|
||||
|
||||
customGrsecPkg =
|
||||
(import ../../../pkgs/build-support/grsecurity
|
||||
{
|
||||
inherit lib pkgs;
|
||||
grsecOptions = cfg;
|
||||
}
|
||||
).grsecPackage;
|
||||
(import ../../../pkgs/build-support/grsecurity {
|
||||
grsecOptions = cfg;
|
||||
inherit pkgs lib;
|
||||
}).grsecPackage;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
@ -36,14 +34,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
vserver = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the stable grsecurity/vserver patches, based on Linux 3.2.
|
||||
'';
|
||||
};
|
||||
|
||||
testing = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -246,9 +236,6 @@ in
|
||||
both.
|
||||
'';
|
||||
}
|
||||
{ assertion = (cfg.testing -> !cfg.vserver);
|
||||
message = "The vserver patches are only supported in the stable kernel.";
|
||||
}
|
||||
{ assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
|
||||
(cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);
|
||||
message = "You cannot enable both restrictProc and restrictProcWithGroup";
|
||||
|
@ -5,7 +5,6 @@ with lib;
|
||||
let
|
||||
cfg = {
|
||||
stable = grsecOptions.stable or false;
|
||||
vserver = grsecOptions.vserver or false;
|
||||
testing = grsecOptions.testing or false;
|
||||
config = {
|
||||
mode = "auto";
|
||||
@ -29,12 +28,11 @@ let
|
||||
};
|
||||
|
||||
test-patch = with pkgs.kernelPatches; grsecurity_unstable;
|
||||
stable-patch = with pkgs.kernelPatches;
|
||||
if cfg.vserver then grsecurity_vserver else grsecurity_stable;
|
||||
stable-patch = with pkgs.kernelPatches; grsecurity_stable;
|
||||
|
||||
grKernel = if (cfg.stable || cfg.vserver)
|
||||
then mkKernel pkgs.linux_3_2 stable-patch
|
||||
else mkKernel pkgs.linux_3_14 test-patch;
|
||||
grKernel = if cfg.stable
|
||||
then mkKernel pkgs.linux_3_14 stable-patch
|
||||
else mkKernel pkgs.linux_3_15 test-patch;
|
||||
|
||||
## -- grsecurity configuration ---------------------------------------------
|
||||
|
||||
|
@ -16,12 +16,6 @@ in
|
||||
linux_grsec_stable_server_xen =
|
||||
mkOpts "stable" "security" "server" "guest" "xen" true;
|
||||
|
||||
# Stable+vserver kernels - server versions only
|
||||
linux_grsec_vserver_server =
|
||||
mkOpts "vserver" "security" "server" "host" "kvm" true;
|
||||
linux_grsec_vserver_server_xen =
|
||||
mkOpts "vserver" "security" "server" "guest" "xen" true;
|
||||
|
||||
# Testing kernels
|
||||
linux_grsec_testing_desktop =
|
||||
mkOpts "testing" "performance" "desktop" "host" "kvm" true;
|
||||
@ -29,4 +23,4 @@ in
|
||||
mkOpts "testing" "security" "server" "host" "kvm" true;
|
||||
linux_grsec_testing_server_xen =
|
||||
mkOpts "testing" "security" "server" "guest" "xen" true;
|
||||
}
|
||||
}
|
||||
|
@ -60,24 +60,17 @@ rec {
|
||||
};
|
||||
|
||||
grsecurity_stable = grsecPatch
|
||||
{ kversion = "3.2.60";
|
||||
revision = "201406191345";
|
||||
{ kversion = "3.14.8";
|
||||
revision = "201406222110";
|
||||
branch = "stable";
|
||||
sha256 = "1zb2qxh2qhsrqi4gnslr3b6342ni9c6y20gb8jgh5plhnk5szx7v";
|
||||
};
|
||||
|
||||
grsecurity_vserver = grsecPatch
|
||||
{ kversion = "3.2.60";
|
||||
revision = "vs2.3.2.16-201406191346";
|
||||
branch = "vserver";
|
||||
sha256 = "0qlbqpnh5wkgk8phh67bl4a25rb8n1k1hlq0kmcrnz6c3kflrsdz";
|
||||
sha256 = "0jar710hqpjkp4g3ldrbcpgc170v9qp8ykajq5fi8mxx4j54gjwa";
|
||||
};
|
||||
|
||||
grsecurity_unstable = grsecPatch
|
||||
{ kversion = "3.14.8";
|
||||
revision = "201406191347";
|
||||
{ kversion = "3.15.1";
|
||||
revision = "201406222112";
|
||||
branch = "test";
|
||||
sha256 = "01kl89vhr3mrp7g4ypcf9xrv0i4f9d4sdq4a11qhwyf1w48qr7da";
|
||||
sha256 = "04sbpmzgfgn7hjiln9baynpgr7k67lm0b5wn2z8i2jsjigfmv0r4";
|
||||
};
|
||||
|
||||
grsec_fix_path =
|
||||
|
@ -7285,10 +7285,6 @@ let
|
||||
linux_grsec_stable_server = grKernel grFlavors.linux_grsec_stable_server;
|
||||
linux_grsec_stable_server_xen = grKernel grFlavors.linux_grsec_stable_server_xen;
|
||||
|
||||
# Stable+vserver kernels - server versions only
|
||||
#linux_grsec_vserver_server = grKernel grFlavors.linux_grsec_vserver_server;
|
||||
#linux_grsec_vserver_server_xen = grKernel grFlavors.linux_grsec_vserver_server_xen;
|
||||
|
||||
# Testing kernels
|
||||
linux_grsec_testing_desktop = grKernel grFlavors.linux_grsec_testing_desktop;
|
||||
linux_grsec_testing_server = grKernel grFlavors.linux_grsec_testing_server;
|
||||
@ -7408,10 +7404,6 @@ let
|
||||
linuxPackages_grsec_stable_server = grPackage grFlavors.linux_grsec_stable_server;
|
||||
linuxPackages_grsec_stable_server_xen = grPackage grFlavors.linux_grsec_stable_server_xen;
|
||||
|
||||
# Stable+vserver kernels - server versions only
|
||||
#linuxPackages_grsec_vserver_server = grPackage grFlavors.linux_grsec_vserver_server;
|
||||
#linuxPackages_grsec_vserver_server_xen = grPackage grFlavors.linux_grsec_vserver_server_xen;
|
||||
|
||||
# Testing kernels
|
||||
linuxPackages_grsec_testing_desktop = grPackage grFlavors.linux_grsec_testing_desktop;
|
||||
linuxPackages_grsec_testing_server = grPackage grFlavors.linux_grsec_testing_server;
|
||||
|
Loading…
Reference in New Issue
Block a user