-
Notifications
You must be signed in to change notification settings - Fork 0
Home
ajdle edited this page Oct 2, 2014
·
13 revisions
TD;DR Greezly is only the stable Linux kernel sources patched with the grsecurity patch. With history.
So, why using this repository instead of downloading the source archive and applying the grsecurity patch?
Pros:
- History between the grsecurity patches
- Full history between the stable Linux releases
- One default configuration for server usage
- Some scripts to facilitate the kernel installation (PaX flags, group creation)
Cons:
- No verification of the grsecurity patch signature by yourself (yet)
Greezly embed a default configuration for x86_64 machines.
- Download the source code:
git clone [email protected]:moulecorp/greezly.git - Setup the default Greezly configuration:
make x86_64_greezly_defconfig - Build an image:
make greezly-deb - Copy the generated
.debpackages located in the parent directory on the target server - Install the generated packages:
dpkg -i *.deb
The grsecurity patches always apply against a stable version of the Linux kernel. No incremental patche is provided. In Greezly we made some scripts to only apply what's new in the grsecurity patches, allowing to have a clear history of what's going on.
Greezly was created to maintain a kernel package in a custom Debian repository. Some scripts added to the Linux sources help with the workflow.
- Download the sources:
git clone [email protected]:moulecorp/greezly.git - Add a remote to fetch Linux stable updates:
git remote add linux-stable git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
- Fetch Linux stable:
git fetch linux-stable - Download and apply the latest stable grsecurity patch available:
./script/greezly/pull.sh
- Tag the release:
git tag greezly-v<tag_number> - Setup the default Greezly configuration:
make x86_64_greezly_defconfig - Build an image:
make CHANGELOG=<prepended_changelog> MAINTAINER="name <mail>" URGENCY=<low|medium|high> greezly-deb