diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-27 20:42:23 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-28 12:35:15 +0200 |
commit | 32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3 (patch) | |
tree | 70c09c2de459dc1db01e6132dcb5596f61ea9594 /pkgs/os-specific | |
parent | a012b15f87ee5c181399af955beab8a437e675a2 (diff) | |
download | nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.gz nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.bz2 nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.lz nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.xz nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.tar.zst nixlib-32b8512e54b864ecf8c2b1e115c1a3f18e90a8c3.zip |
grsecurity: discontinue support
Upstream has decided to make -testing patches private, effectively ceasing free support for grsecurity/PaX [1]. Consequently, we can no longer responsibly support grsecurity on NixOS. This patch turns the kernel and patch expressions into build errors and adds a warning to the manual, but retains most of the infrastructure, in an effort to make the transition smoother. For 17.09 all of it should probably be pruned. [1]: https://grsecurity.net/passing_the_baton.php
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 22bdc3594ef2..ffc193efbf14 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -99,11 +99,13 @@ rec { sha256 = "00b1rqgd4yr206dxp4mcymr56ymbjcjfa4m82pxw73khj032qw3j"; }; - grsecurity_testing = grsecPatch - { kver = "4.9.24"; - grrev = "201704220732"; - sha512 = "0n9v066z3qh296fyvsg1gnygy7jd0cy0pnywxzglh58dnibl28q2ywjnp4ff30andzzq7rvjkk4n151xvs1n04pf2azkgz6igwfisg7"; - }; + grsecurity_testing = throw '' + Upstream has ceased free support for grsecurity/PaX. + + See https://grsecurity.net/passing_the_baton.php + and https://grsecurity.net/passing_the_baton_faq.php + for more information. + ''; # This patch relaxes grsec constraints on the location of usermode helpers, # e.g., modprobe, to allow calling into the Nix store. |