grsecurity: discontinue support

Upstream has decided to make -testing patches private, effectively ceasing
free support for grsecurity/PaX [1].  Consequently, we can no longer
responsibly support grsecurity on NixOS.

This patch turns the kernel and patch expressions into build errors and
adds a warning to the manual, but retains most of the infrastructure, in
an effort to make the transition smoother.  For 17.09 all of it should
probably be pruned.

[1]: https://grsecurity.net/passing_the_baton.php

1 files changed, 7 insertions, 5 deletions

diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 22bdc3594ef2..ffc193efbf14 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -99,11 +99,13 @@ rec {
     sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j";
   };
 
-  grsecurity_testing = grsecPatch
-    { kver   = "4.9.24";
-      grrev  = "201704220732";
-      sha512 = "0n9v066z3qh296fyvsg1gnygy7jd0cy0pnywxzglh58dnibl28q2ywjnp4ff30andzzq7rvjkk4n151xvs1n04pf2azkgz6igwfisg7";
-    };
+  grsecurity_testing = throw ''
+    Upstream has ceased free support for grsecurity/PaX.
+
+    See https://grsecurity.net/passing_the_baton.php
+    and https://grsecurity.net/passing_the_baton_faq.php
+    for more information.
+  '';
 
   # This patch relaxes grsec constraints on the location of usermode helpers,
   # e.g., modprobe, to allow calling into the Nix store.