grsecurity: update stable/testing kernels, refactoring

This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
This commit is contained in:
Austin Seipp 2014-06-22 22:28:32 -05:00
parent 125c2b9468
commit 0399c5ee24
5 changed files with 15 additions and 51 deletions

View File

@ -6,12 +6,10 @@ let
cfg = config.security.grsecurity;
customGrsecPkg =
(import ../../../pkgs/build-support/grsecurity
{
inherit lib pkgs;
grsecOptions = cfg;
}
).grsecPackage;
(import ../../../pkgs/build-support/grsecurity {
grsecOptions = cfg;
inherit pkgs lib;
}).grsecPackage;
in
{
options = {
@ -36,14 +34,6 @@ in
'';
};
vserver = mkOption {
type = types.bool;
default = false;
description = ''
Enable the stable grsecurity/vserver patches, based on Linux 3.2.
'';
};
testing = mkOption {
type = types.bool;
default = false;
@ -246,9 +236,6 @@ in
both.
'';
}
{ assertion = (cfg.testing -> !cfg.vserver);
message = "The vserver patches are only supported in the stable kernel.";
}
{ assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
(cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);
message = "You cannot enable both restrictProc and restrictProcWithGroup";

View File

@ -5,7 +5,6 @@ with lib;
let
cfg = {
stable = grsecOptions.stable or false;
vserver = grsecOptions.vserver or false;
testing = grsecOptions.testing or false;
config = {
mode = "auto";
@ -29,12 +28,11 @@ let
};
test-patch = with pkgs.kernelPatches; grsecurity_unstable;
stable-patch = with pkgs.kernelPatches;
if cfg.vserver then grsecurity_vserver else grsecurity_stable;
stable-patch = with pkgs.kernelPatches; grsecurity_stable;
grKernel = if (cfg.stable || cfg.vserver)
then mkKernel pkgs.linux_3_2 stable-patch
else mkKernel pkgs.linux_3_14 test-patch;
grKernel = if cfg.stable
then mkKernel pkgs.linux_3_14 stable-patch
else mkKernel pkgs.linux_3_15 test-patch;
## -- grsecurity configuration ---------------------------------------------

View File

@ -16,12 +16,6 @@ in
linux_grsec_stable_server_xen =
mkOpts "stable" "security" "server" "guest" "xen" true;
# Stable+vserver kernels - server versions only
linux_grsec_vserver_server =
mkOpts "vserver" "security" "server" "host" "kvm" true;
linux_grsec_vserver_server_xen =
mkOpts "vserver" "security" "server" "guest" "xen" true;
# Testing kernels
linux_grsec_testing_desktop =
mkOpts "testing" "performance" "desktop" "host" "kvm" true;
@ -29,4 +23,4 @@ in
mkOpts "testing" "security" "server" "host" "kvm" true;
linux_grsec_testing_server_xen =
mkOpts "testing" "security" "server" "guest" "xen" true;
}
}

View File

@ -60,24 +60,17 @@ rec {
};
grsecurity_stable = grsecPatch
{ kversion = "3.2.60";
revision = "201406191345";
{ kversion = "3.14.8";
revision = "201406222110";
branch = "stable";
sha256 = "1zb2qxh2qhsrqi4gnslr3b6342ni9c6y20gb8jgh5plhnk5szx7v";
};
grsecurity_vserver = grsecPatch
{ kversion = "3.2.60";
revision = "vs2.3.2.16-201406191346";
branch = "vserver";
sha256 = "0qlbqpnh5wkgk8phh67bl4a25rb8n1k1hlq0kmcrnz6c3kflrsdz";
sha256 = "0jar710hqpjkp4g3ldrbcpgc170v9qp8ykajq5fi8mxx4j54gjwa";
};
grsecurity_unstable = grsecPatch
{ kversion = "3.14.8";
revision = "201406191347";
{ kversion = "3.15.1";
revision = "201406222112";
branch = "test";
sha256 = "01kl89vhr3mrp7g4ypcf9xrv0i4f9d4sdq4a11qhwyf1w48qr7da";
sha256 = "04sbpmzgfgn7hjiln9baynpgr7k67lm0b5wn2z8i2jsjigfmv0r4";
};
grsec_fix_path =

View File

@ -7285,10 +7285,6 @@ let
linux_grsec_stable_server = grKernel grFlavors.linux_grsec_stable_server;
linux_grsec_stable_server_xen = grKernel grFlavors.linux_grsec_stable_server_xen;
# Stable+vserver kernels - server versions only
#linux_grsec_vserver_server = grKernel grFlavors.linux_grsec_vserver_server;
#linux_grsec_vserver_server_xen = grKernel grFlavors.linux_grsec_vserver_server_xen;
# Testing kernels
linux_grsec_testing_desktop = grKernel grFlavors.linux_grsec_testing_desktop;
linux_grsec_testing_server = grKernel grFlavors.linux_grsec_testing_server;
@ -7408,10 +7404,6 @@ let
linuxPackages_grsec_stable_server = grPackage grFlavors.linux_grsec_stable_server;
linuxPackages_grsec_stable_server_xen = grPackage grFlavors.linux_grsec_stable_server_xen;
# Stable+vserver kernels - server versions only
#linuxPackages_grsec_vserver_server = grPackage grFlavors.linux_grsec_vserver_server;
#linuxPackages_grsec_vserver_server_xen = grPackage grFlavors.linux_grsec_vserver_server_xen;
# Testing kernels
linuxPackages_grsec_testing_desktop = grPackage grFlavors.linux_grsec_testing_desktop;
linuxPackages_grsec_testing_server = grPackage grFlavors.linux_grsec_testing_server;