FYI, Brad was kind enough to provide an automated removal tool for applying grsec-libre patches.
Syntax is: python2 librefix.py grsecurity-*.patch Thank you Brad and Merry Christmas! :) -------- Forwarded Message -------- Subject: Re: Grsec and Linux-libre Date: Wed, 21 Dec 2016 22:01:22 -0500 From: Brad Spengler <[email protected]> To: Luke <[email protected]> Hi Luke, Why not just the Python unidiff.PatchSet ? It's trivial to remove specific files from a diff that way. Attached is a script that will do it. -Brad On Thu, Dec 22, 2016 at 02:37:57AM +0000, Luke wrote: > Hello Brad, > We are still using grsec for our infrastructure at Parabola > GNU/Linux-libre, and it is an essential part of our distribution. > Thank you for continuing to offer the test patches for free. > > However, over the past year(?) or so a non-free firmware blob was added > to grsec. > This causes grsec patch to fail when ran against the linux-libre kernel. > ( http://www.fsfla.org/ikiwiki/selibre/linux-libre/ ) > I have also heard report that it is causing the deblob script in Gentoo > to conflict with hardened-sources and fails to build. > > We have been manually patching grsec and removing the blob for our > distro, but it is a tedious process each time a new release is made. > > I have been looking into a way of automating this so that we always have > the latest grsec patches, and see two possible solutions. > > 1) Place the blob at the beginning of the grsec patch so that it is > always at the same line(s) and we can use sed to remove the blob. e.g. > sed '2,1400d' grsec*.patch > - This solution will work unless the blob grows or becomes smaller. > Currently, it is not a good solution since the blob moves periodically > throughout the file each time there is a new version. > > 2) Provide a version of grsec without the non-free firmware. > (Since the blob is an updated version of BNX2 firmware, maybe getting > upstream kernel.org to update their blob would solve the need for it to > be included in the grsec patch?) > > Any other ideas you could offer are also appreciated. > > > Thanks. > > Sincerely, > Luke > Packager for Parabola GNU/Linux-libre > https://parabola.nu > >
#!/usr/bin/python
from unidiff import PatchSet
import sys
import os
patch = PatchSet.from_filename(sys.argv[1], encoding='utf-8')
newpatch = PatchSet("")
for f in patch:
if "/firmware/" in f.source_file:
print "Removing " + f.source_file
else:
newpatch.append(f)
basename = os.path.basename(sys.argv[1])
dirpath = '/'.join(sys.argv[1].split('/')[:-1])
try:
os.makedirs(os.path.join(dirpath, "libre"), 0755)
except:
pass
f = open(os.path.join(dirpath, "libre", basename), "wb")
f.write(str(newpatch) + "\n")
f.close()
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
