On Thu, 2015-11-05 at 22:08 +0100, Yves-Alexis Perez wrote:
> On sam., 2015-10-10 at 21:55 +0200, Yves-Alexis Perez wrote:
> > This is really a work in progress and this mail a request for comment.
> > Especially missing is:
>
> So, did any of you have the chance to test it? I'm currently running the 4.2.5
> kernel with grsecurity-3.1-4.2.5-201511021814 (just uploaded to my repository
> and to git.d.o) and it works just fine.
>
> I'm really interested by any feedback you would have on this.
I've given this a quick review and found a few issues:
1. linux-grsec-{source,support} are included in debian/control but not
built by debian/rules.real. I think these should be built; the latter
will be needed to build metapackages as in linux-latest.
2. udebs are included in debian/control but not built, and they should
not be built. You can fix this by deleting or commenting-out
debian/installer/{amd64,i386}/kernel-versions
3. The changes to gencontrol.py and rules.real to disable most arch:all
packages should depend on configuration, not the source package name.
They would then be acceptable for inclusion on the master branch.
4. There's no need to remove the templates for packages you don't
build. However, if you leave them in place, you'll need to override
do_extra() in gencontrol.py to omit the extra packages dependent on the
configuration (as for (3)).
5. CONFIG_X86_X32 should be disabled, since you've disabled the patch
to make x32 support dependent on a kernel parameter.
6. In debian/patches/features/all/grsec/gen-patch you can use the
filterdiff -p1 to avoid assuming the path prefix will be 'b/'.
Ben.
--
Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.Attachment:
signature.asc
Description: This is a digitally signed message part