<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>FYI, Brad was kind enough to provide an automated removal tool
for applying grsec-libre patches. <br>
<br>
Syntax is:<br>
python2 librefix.py grsecurity-*.patch<br>
</p>
<div class="moz-forward-container">Thank you Brad and Merry
Christmas! :)<br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">Subject:
</th>
<td>Re: Grsec and Linux-libre</td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">Date: </th>
<td>Wed, 21 Dec 2016 22:01:22 -0500</td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">From: </th>
<td>Brad Spengler <a class="moz-txt-link-rfc2396E" href="mailto:spender@grsecurity.net"><spender@grsecurity.net></a></td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">To: </th>
<td>Luke <a class="moz-txt-link-rfc2396E" href="mailto:g4jc@openmailbox.org"><g4jc@openmailbox.org></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>Hi Luke,
Why not just the Python unidiff.PatchSet ? It's trivial to remove
specific files from a diff that way. Attached is a script that will do
it.
-Brad
On Thu, Dec 22, 2016 at 02:37:57AM +0000, Luke wrote:
> Hello Brad,
> We are still using grsec for our infrastructure at Parabola
> GNU/Linux-libre, and it is an essential part of our distribution.
> Thank you for continuing to offer the test patches for free.
>
> However, over the past year(?) or so a non-free firmware blob was added
> to grsec.
> This causes grsec patch to fail when ran against the linux-libre kernel.
> ( <a class="moz-txt-link-freetext" href="http://www.fsfla.org/ikiwiki/selibre/linux-libre/">http://www.fsfla.org/ikiwiki/selibre/linux-libre/</a> )
> I have also heard report that it is causing the deblob script in Gentoo
> to conflict with hardened-sources and fails to build.
>
> We have been manually patching grsec and removing the blob for our
> distro, but it is a tedious process each time a new release is made.
>
> I have been looking into a way of automating this so that we always have
> the latest grsec patches, and see two possible solutions.
>
> 1) Place the blob at the beginning of the grsec patch so that it is
> always at the same line(s) and we can use sed to remove the blob. e.g.
> sed '2,1400d' grsec*.patch
> - This solution will work unless the blob grows or becomes smaller.
> Currently, it is not a good solution since the blob moves periodically
> throughout the file each time there is a new version.
>
> 2) Provide a version of grsec without the non-free firmware.
> (Since the blob is an updated version of BNX2 firmware, maybe getting
> upstream kernel.org to update their blob would solve the need for it to
> be included in the grsec patch?)
>
> Any other ideas you could offer are also appreciated.
>
>
> Thanks.
>
> Sincerely,
> Luke
> Packager for Parabola GNU/Linux-libre
> <a class="moz-txt-link-freetext" href="https://parabola.nu">https://parabola.nu</a>
>
>
</pre>
</div>
</body>
</html>