packages: kernel/kernel.spec, kernel/kernel-grsec-minimal.patch (REMOVED), ...

baggins baggins at pld-linux.org
Sat Oct 23 15:02:22 CEST 2010 

Author: baggins                      Date: Sat Oct 23 13:02:22 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- killed grsec_minimal, and all that split, I and no one else don't care for it anymore

---- Files affected:
packages/kernel:
   kernel.spec (1.846 -> 1.847) , kernel-grsec-minimal.patch (1.4 -> NONE)  (REMOVED), kernel-grsec_minimal.config (1.2 -> NONE)  (REMOVED)

---- Diffs:

================================================================
Index: packages/kernel/kernel.spec
diff -u packages/kernel/kernel.spec:1.846 packages/kernel/kernel.spec:1.847
--- packages/kernel/kernel.spec:1.846	Sat Oct 23 14:56:29 2010
+++ packages/kernel/kernel.spec	Sat Oct 23 15:02:13 2010
@@ -3,8 +3,7 @@
 # NOTE:
 # the following bcond combos will not work
 # - without_vserver and any of the following
-#   - with_grsec_minimal
-#   - with_grsec_full
+#   - with_grsecurity
 #
 # LATEST VERSION CHECKER:
 # # curl -s http://www.kernel.org/kdist/finger_banner
@@ -13,8 +12,6 @@
 # - update aufs2 patch when final version for 2.6.36 exists
 
 # - benchmark NO_HZ & HZ=1000 vs HZ=300 on i686
-# - update grsec_minimal patch1000:
-#   fs/proc/base.c:1484: error: 'struct task_struct' has no member named 'uid'
 #
 # HOWTO update configuration files:
 # - run build
@@ -32,8 +29,6 @@
 %bcond_without	reiser4		# support for reiser4 fs (experimental)
 
 %bcond_without	grsecurity	# don't build grsecurity nor pax at all
-%bcond_without	grsec_full	# build full grsecurity
-%bcond_with	grsec_minimal	# build only minimal subset (proc,link,fifo,shm)
 %bcond_with	pax		# build pax and full grsecurity (ie. grsec_full && pax)
 
 %bcond_with	fbcondecor	# build fbcondecor (disable FB_TILEBLITTING and affected fb modules)
@@ -55,29 +50,14 @@
 %{?debug:%define with_verbose 1}
 
 %if %{without grsecurity}
-%unglobal	with_grsec_full
-%unglobal	with_grsec_minimal
 %unglobal	with_pax
 %endif
 
 %if %{with pax}
-%unglobal	with_grsec_minimal
-%define		with_grsec_full		1
 %define		with_grsecurity		1
 %define		with_pax		1
 %endif
 
-%if %{with grsec_minimal}
-%unglobal	with_pax
-%unglobal	with_grsec_full
-%define		with_grsecurity		1
-%endif
-
-%if %{with grsec_full}
-%unglobal	with_grsec_minimal
-%define		with_grsecurity		1
-%endif
-
 %define		have_drm	1
 %define		have_oss	1
 %define		have_sound	1
@@ -86,8 +66,6 @@
 %if %{with rescuecd}
 %unglobal	with_tuxonice
 %unglobal	with_grsecurity
-%unglobal	with_grsec_full
-%unglobal	with_grsec_minimal
 %unglobal	with_pax
 %unglobal	with_vserver
 %define		have_drm	0
@@ -126,7 +104,7 @@
 %endif
 %else
 %if %{without rescuecd}
-%define		__alt_kernel	%{?with_pax:pax}%{!?with_grsec_full:nogrsecurity}%{?with_pae:pae}
+%define		__alt_kernel	%{?with_pax:pax}%{!?with_grsecurity:nogrsecurity}%{?with_pae:pae}
 %if "%{__alt_kernel}" != ""
 %define		alt_kernel	%{__alt_kernel}
 %endif
@@ -183,7 +161,6 @@
 
 Source49:	kernel-pax.config
 Source50:	kernel-no-pax.config
-Source51:	kernel-grsec_minimal.config
 Source55:	kernel-imq.config
 Source56:	kernel-reiser4.config
 Source57:	kernel-wrr.config
@@ -307,8 +284,6 @@
 # http://www.ssi.bg/~ja/routes-2.6.35-16.diff
 Patch300:	kernel-routes.patch
 
-Patch1000:	kernel-grsec-minimal.patch
-
 Patch2000:	kernel-small_fixes.patch
 Patch2001:	kernel-pwc-uncompress.patch
 Patch2003:	kernel-regressions.patch
@@ -463,8 +438,7 @@
 %define MakeOpts %{CrossOpts} HOSTCC="%{__cc}"
 
 %define __features Netfilter module dated: %{netfilter_snap}\
-%{?with_grsec_full:Grsecurity support - enabled}\
-%{?with_grsec_minimal:Grsecurity minimal support /proc,link,fifo,shm/ - enabled}\
+%{?with_grsecurity:Grsecurity support - enabled}\
 %{?with_pax:PaX support - enabled}\
 %{?with_fbcondecor:Fbsplash/fbcondecor - enabled }\
 %{?with_nfsroot:Root on NFS - enabled}\
@@ -813,14 +787,7 @@
 # grsecurity & pax stuff
 #
 
-# remember that we have the same config file for grsec_minimal and
-# grsec_full, but the patches are different.
-
 %if %{with grsecurity}
-%if %{with grsec_minimal}
-%patch1000 -p1
-%else
-# grsec_full and/or pax
 %patch9999 -p1
 # aufs2 needs to modify those pointers
 %patch147 -p1
@@ -904,7 +871,7 @@
 	# could use PAX_NO_ACL_FLAGS, but for testing the hooks setting will be used
 	# PAX_HOOK_ACL_FLAGS.
 
-	%if %{with grsec_full}
+	%if %{with grsecurity}
 		# Hardening grsec options if with pax
 		CONFIG_GRKERNSEC_PROC_MEMMAP=y
 		# almost rational (see HIDESYM help)
@@ -1007,7 +974,7 @@
 %endif
 
 # Temporary disabled RELOCATABLE. Needed only on x86??
-%if %{with pax} || %{with grsec_full}
+%if %{with pax} || %{with grsecurity}
 		CONFIG_RELOCATABLE=n
 %endif
 EOCONFIG
@@ -1036,13 +1003,9 @@
 		%{SOURCE49} \
 		pax.config \
 %else
-  %if %{with grsec_full}
+  %if %{with grsecurity}
 		%{SOURCE45} \
 		%{SOURCE50} \
-  %else
-	%if %{with grsec_minimal}
-		%{SOURCE51} \
-	%endif
   %endif
 %endif
 		\
@@ -1577,6 +1540,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.847  2010/10/23 13:02:13  baggins
+- killed grsec_minimal, and all that split, I and no one else don't care for it anymore
+
 Revision 1.846  2010/10/23 12:56:29  baggins
 - removed commented out tahoe9xxx patch, no one cared to update it for years
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.846&r2=1.847&f=u

More information about the pld-cvs-commit mailing list