diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-27 20:42:23 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-28 12:35:15 +0200 |
| commit | 32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3 (patch) | |
| tree | 70c09c2de459dc1db01e6132dcb5596f61ea9594 /nixos | |
| parent | a012b15f87ee5c181399af955beab8a437e675a2 (diff) | |
| download | nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.gz nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.bz2 nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.lz nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.xz nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.zst nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.zip | |
grsecurity: discontinue support
Upstream has decided to make -testing patches private, effectively ceasing free support for grsecurity/PaX [1]. Consequently, we can no longer responsibly support grsecurity on NixOS. This patch turns the kernel and patch expressions into build errors and adds a warning to the manual, but retains most of the infrastructure, in an effort to make the transition smoother. For 17.09 all of it should probably be pruned. [1]: https://grsecurity.net/passing_the_baton.php
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/security/grsecurity.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/security/grsecurity.xml | 8 | ||||
| -rw-r--r-- | nixos/release.nix | 1 |
3 files changed, 6 insertions, 5 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 657b059faf2e..d23c7f2e86de 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -13,7 +13,7 @@ in { meta = { - maintainers = with maintainers; [ joachifm ]; + maintainers = with maintainers; [ ]; doc = ./grsecurity.xml; }; diff --git a/nixos/modules/security/grsecurity.xml b/nixos/modules/security/grsecurity.xml index 620e8f653f99..0a884b3f9b55 100644 --- a/nixos/modules/security/grsecurity.xml +++ b/nixos/modules/security/grsecurity.xml @@ -26,9 +26,11 @@ <link xlink:href="https://wiki.archlinux.org/index.php/Grsecurity">Arch Linux wiki page on grsecurity</link>. - <note><para>grsecurity/PaX is only available for the latest linux -stable - kernel; patches against older kernels are available from upstream only for - a fee.</para></note> + <warning><para>Upstream has ceased free support for grsecurity/PaX. See + <link xlink:href="https://grsecurity.net/passing_the_baton.php"> + the announcement</link> for more information. Consequently, NixOS + support for grsecurity/PaX also must cease. Enabling this module will + result in a build error.</para></warning> <note><para>We standardise on a desktop oriented configuration primarily due to lack of resources. The grsecurity/PaX configuration state space is huge and each configuration requires quite a bit of testing to ensure that the diff --git a/nixos/release.nix b/nixos/release.nix index 0fec97b9c27e..1c282bfea4f5 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -248,7 +248,6 @@ in rec { tests.gocd-server = callTest tests/gocd-server.nix {}; tests.gnome3 = callTest tests/gnome3.nix {}; tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {}; - tests.grsecurity = callTest tests/grsecurity.nix {}; tests.hibernate = callTest tests/hibernate.nix {}; tests.hound = callTest tests/hound.nix {}; tests.i3wm = callTest tests/i3wm.nix {}; |