use ubuntu specific kernel config

freedomofpress / ansible-role-grsecurity

The documentation and build system for the grsecurity kernel maintained by the Freedom of the Press Foundation for SecureDrop

GNU General Public License v2.0

49 stars 13 forks source link

use ubuntu specific kernel config #3

Closed dolanjs closed 7 years ago

dolanjs commented 9 years ago

Since we are applying the ubuntu overlay we should also test and use their customized kernel config as the base for applying the grsec patch.

[ ] Specify the airgap host OS
[ ] Download and extract the current ubuntu specific kernel config
[ ] Transfer the config to the airgap
[ ] Verify the signature of the config file
[ ] place the config file as .config in the directory where menuconfig is ran prior to patching the kernel with grsec.

conorsch commented 8 years ago

We already get an Ubuntu-specific kernel config as long as we build under the distro we're compiling for. See #70 for tracking getting Trusty back as the default; resolving #48 will also allow us to trivially override with site-specific kernel configs for different build cases.

conorsch commented 8 years ago

To sidestep complications in #70, we should ship a trusty config in the role, so it's selectable via the grsecurity_build_strategy var.

conorsch commented 7 years ago

Have changes queued up to close this, by committing the latest trusty-based kernel config used for building kernels for SecureDrop. Will hardcode the association with the SD-specific playbook.