ansible-role-grsecurity
ansible-role-grsecurity copied to clipboard
The documentation and build system for the grsecurity kernel maintained by the Freedom of the Press Foundation for SecureDrop
As described in #109, we've broken out the logic maintained in this repo into separate, more narrowly focused repositories. Since #107 we have been maintaining documentation for rebuilding SecureDrop kernels...
The role logic currently assumes that one has access via HTTPS basic auth to the grsecurity download URLs. This made sense when the patches were freely available, but they have...
From https://lkml.org/lkml/2016/9/11/28 (emphasis mine): > NOTE - the 3.14.y kernel series is now end-of-life. It will not be receiving any more updates and **should no longer be used at all**....
Relevant to `fetch_linux_kernel_source.yml`: Assume an adversary has the capacity to MitM HTTPS. Then they can add a line in the format of a linux kernel checksum before the signature block...
When using `changed_when:` in combination with `command: gpg --recv-key ...` you are only considering a change to have happened when the key is imported for the first time. This ignores...