The grsec patch contains the BNX2 firmware blob from Broadcom for usability purposes, making the "deblob" USE Flag ineffective for sys-kernel/hardened-sources-* in producing 100% libre license compliance. https://forums.grsecurity.net/viewtopic.php?f=3&t=4209 https://grsecurity.net/changelog-test.txt The grsec patch can be deblobed using the following command: "filterdiff -p1 -x firmware/bnx2/* -x firmware/Makefile -x firmware/WHENCE $PATCHFILE > $PATCHFILE.new" Also https://repo.parabola.nu/other/grsecurity-libre/test/ contains deblobed versions of the latest grsec patch which could be used instead of the upstream grsec patch along with the linux delob script when "deblob" is selected.
(In reply to Icarious from comment #0) > The grsec patch contains the BNX2 firmware blob from Broadcom for usability > purposes, making the "deblob" USE Flag ineffective for > sys-kernel/hardened-sources-* in producing 100% libre license compliance. > > https://forums.grsecurity.net/viewtopic.php?f=3&t=4209 > https://grsecurity.net/changelog-test.txt > > The grsec patch can be deblobed using the following command: > > "filterdiff -p1 -x firmware/bnx2/* -x firmware/Makefile -x firmware/WHENCE > $PATCHFILE > $PATCHFILE.new" > > Also https://repo.parabola.nu/other/grsecurity-libre/test/ contains deblobed > versions of the latest grsec patch which could be used instead of the > upstream grsec patch along with the linux delob script when "deblob" is > selected. @pipacs and spender. are you guys going to be bundling firmware blobs with the grsec patch from now on? Because this will become a maintenance nightmare for us. i'll prefer to drop the deblobbing.
