Bug#605090: [RFC] Proposal for a new linux-grsec source package

To: Ben Hutchings <ben@decadent.org.uk>, 605090@bugs.debian.org, Erinn Clark <erinn@debian.org>
Cc: micah <micah@riseup.net>, error@debian.org, micah@debian.org
Subject: Bug#605090: [RFC] Proposal for a new linux-grsec source package
From: Yves-Alexis Perez <corsac@debian.org>
Date: Tue, 10 Nov 2015 10:42:08 +0100
Message-id: <[🔎] 1447148528.4028.20.camel@debian.org>
Reply-to: Yves-Alexis Perez <corsac@debian.org>, 605090@bugs.debian.org
In-reply-to: <[🔎] 1446908091.6006.92.camel@decadent.org.uk>
References: <20150914181533.GB5144@berimbolo.double-helix.org> <877fnsg0ff.fsf@muck.riseup.net> <1442272347.2298.53.camel@decadent.org.uk> <1442297571.6274.28.camel@debian.org> <20150915162006.GD5144@berimbolo.double-helix.org> <20150930105353.GA27330@scapa.corsac.net> <1444506942.5525.11.camel@debian.org> <[🔎] 1446757738.8412.25.camel@debian.org> <[🔎] 1446908091.6006.92.camel@decadent.org.uk>

On sam., 2015-11-07 at 14:54 +0000, Ben Hutchings wrote:
> I've given this a quick review and found a few issues:

Thanks!
> 
> 1. linux-grsec-{source,support} are included in debian/control but not
> built by debian/rules.real.  I think these should be built; the latter
> will be needed to build metapackages as in linux-latest.

Done. Right now the package name is hardcoded in debian/rules.real, I'll see
if there's a way to get it from the configuration somehow (after I get more
info from the #3 and #4 replies).
> 
> 2. udebs are included in debian/control but not built, and they should
> not be built.   You can fix this by deleting or commenting-out
> debian/installer/{amd64,i386}/kernel-versions

Good point. I'm currently disabling them by
using DEBIAN_KERNEL_DISABLE_INSTALLER when running gencontrol.py. Thanks for
the pointer.
> 
> 3. The changes to gencontrol.py and rules.real to disable most arch:all
> packages should depend on configuration, not the source package name.
> They would then be acceptable for inclusion on the master branch.

By “configuration”, I guess you mean stuff in debian/config/featureset-
grsec/defines? Unfortunately some of the stuff I touch in gencontrol.py and
rules.real is not run when featureset is defined, but is more generic than
that.

Or do you mean I would then modify debian/config/defines (and not the one
under the featureset-grsec folder) in src;linux-grsec?
> 
> 4. There's no need to remove the templates for packages you don't
> build.  However, if you leave them in place, you'll need to override
> do_extra() in gencontrol.py to omit the extra packages dependent on the
> configuration (as for (3)).

Ok, I'll check that. Again, what do you envision as configuration: a “source
package name” in debian/config/defines? Or even a boolean “grsec”? Or more
generic than that, a “build_extra” boolean?
> 
> 5. CONFIG_X86_X32 should be disabled, since you've disabled the patch
> to make x32 support dependent on a kernel parameter.

Ok, done.
> 
> 6. In debian/patches/features/all/grsec/gen-patch you can use the
> filterdiff -p1 to avoid assuming the path prefix will be 'b/'.

Thanks, done as well.

I've not yet pushed the local changes, I'll wait a bit for the replies.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Bug#605090: [RFC] Proposal for a new linux-grsec source package
  - From: Ben Hutchings <ben@decadent.org.uk>

References:
- Bug#605090: [RFC] Proposal for a new linux-grsec source package
  - From: Yves-Alexis Perez <corsac@debian.org>
- Bug#605090: [RFC] Proposal for a new linux-grsec source package
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#804649: ITP: astroml-addons -- Python Machine Learning library for astronomy (performance addons)
Next by Date: Bug#796821: marked as done (ITP: afl-cov -- monitor coverage from afl-fuzz test cases)
Previous by thread: Bug#605090: [RFC] Proposal for a new linux-grsec source package
Next by thread: Bug#605090: [RFC] Proposal for a new linux-grsec source package
Index(es):
- Date
- Thread