On Wed, 2011-08-31 at 18:33 +0200, Yves-Alexis Perez wrote: > Ok, here's an updated patchset. > > Tarball can be found at > http://molly.corsac.net/~corsac/debian/kernel-grsec/grsec-patches.tar.xz > (and already extracted in grsec-patches/ folder). > > It's a folder with a quilt patche series > > * 01_support-linux-3.0.patch > > This is unrelated but needed to support linux3 naming scheme in > genorig.py.
Already done on trunk. > * 02_force-hostcc-version.patch > > This one is needed because grsecurity ships two gcc (>= 4.5) plugins. > Those need to be built with the same compiler version as the rest of the > kernel, but right now they're built with HOSTCC which is not set right > now, so defaults to 'gcc' which is gcc-4.6 at that time. So export > HOSTCC to the (non CROSS_COMPILE) version. gcc plugins surely need to be built _for_ the compiler version used for the kernel, not _by_ that version. Also, you are changing HOSTCC for all build tools and not just these plugins. > 03_enable-strict-user-copy-check.patch > > This one in not directly involved with grsecurity. Could be enabled by > itself (#639919) Without the strict check, the crap code produces a compile-time warning and a run-time warning and *no copying*. With the strict check, the crap code results in FTBFS (but only on i386 and s390!). So how is this an improvement for us? > 04_add-linux-grsec-base-templates.patch > > This one adds basic templates for a linux-grsec-base binary packages to > be built by linux-2.6 but I still didn't figured out how to patch > genorig.py to make it do it. Don't add such a package to linux-2.6. It should be a new source package, like linux-base is now (after I initially made that mistake). > 05_add-grsec-featureset.patch > > This is the main part, adding the featureset and config. And linux-grsec-base, a second time! > 06_grsecurity.patch > > The main grsecurity patch, not really readable since the quilt patch > adds a patch :) It's basically the genuine grsecurity patch (right now > grsecurity-2.2.2-3.0.4-201108301903.patch) with two little change: > > * removing the -grsec localversion > * oneliner to make it apply against debian sources You should provide a gen-patch script to help in regenerating the patch. Ben.
signature.asc
Description: This is a digitally signed message part
