2

I would like to patch my ArchLinux for Raspberry Pi with grsecurity.

This is what I've done so far: I've downloaded the linux-raspberry directory (with the PKGBUILD) available here https://github.com/archlinuxarm/PKGBUILDs/tree/master/core/linux-raspberrypi I used the linux-raspberry directory. There, I wget the patch: http://grsecurity.net/stable/grsecurity-3.0-3.2.58-201405112002.patch

To continue, I've applied the patch in the PKGBUILD, in the prepare() function:

 patch -p1 < "${srcdir}/grsecurity-3.0-3.2.58-201405112002.patch"

Then:

makepkg

Unfortunately, at the line of the patch, I got an:

==> ERROR: A failure occurred in prepare().

I've applied the patch manually and I got things like that:

Hunk #10 succeeded at 3232 (offset 440 lines).
Hunk #11 succeeded at 3242 (offset 440 lines).
Hunk #12 FAILED at 2816.
1 out of 12 hunks FAILED -- saving rejects to file virt/kvm/kvm_main.c.rej

This file contains :

--- virt/kvm/kvm_main.c
+++ virt/kvm/kvm_main.c
@@ -2816,9 +2832,6 @@

    register_syscore_ops(&kvm_syscore_ops);

-       kvm_preempt_ops.sched_in = kvm_sched_in;
-       kvm_preempt_ops.sched_out = kvm_sched_out;
-
        kvm_init_debug();

        return 0;

That is probably because I used a wrong version of grsecurity for my kernel which is : 3.12.20-1-ARCH

If you have any idea if it might be this, or something else, please let me know

Mathieu Mailhos
  • 61
  • 1
  • 6
  • Have you tried to apply the patch manually and then run `makepkg` to see if that is the problem? – Lev Levitsky May 21 '14 at 12:47
  • I've applied it manually and here are the few last lines: http://pastebin.com/LXisUtH5. Is the patch been applied well ? – Mathieu Mailhos May 21 '14 at 13:28
  • It doesn't look like it. I suggest you edit this information into the question, because PKGBUILD per se is not related to the problem. The problem IMO is that you can't apply the patch. – Lev Levitsky May 21 '14 at 13:34
  • Here's a question about the meaning of the error message: http://stackoverflow.com/q/14282617/1258041 The idea is that the patch may be for a different version of the source. You can see where the conflict is by ispecting the reject file. – Lev Levitsky May 21 '14 at 13:41
  • thanks for your answer i've edited the question. I'm running 3.12.20 and I thought grsec 3.0-3.2.58 would match. Any idea about the one I should use ? – Mathieu Mailhos May 21 '14 at 15:21
  • Unfortunately not, you might want to try asking on more specialized forums. – Lev Levitsky May 21 '14 at 15:36

0 Answers0