The role logic currently assumes that one has access via HTTPS basic auth to the grsecurity download URLs. This made sense when the patches were freely available, but they have since been locked away behind auth. Therefore the role should support building from an on-disk patch file that the user provides separately (or backed up from a previous fetch).
The role logic currently assumes that one has access via HTTPS basic auth to the grsecurity download URLs. This made sense when the patches were freely available, but they have since been locked away behind auth. Therefore the role should support building from an on-disk patch file that the user provides separately (or backed up from a previous fetch).
Related discussion: https://github.com/freedomofpress/securedrop/pull/2033