| Summary: | sys-kernel/hardened-sources-* contains BNX2 firmware blob | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Icarious <icarious> |
| Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | icarious, pageexec, spender |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Icarious
2016-07-17 09:06:22 UTC
(In reply to Icarious from comment #0) > The grsec patch contains the BNX2 firmware blob from Broadcom for usability > purposes, making the "deblob" USE Flag ineffective for > sys-kernel/hardened-sources-* in producing 100% libre license compliance. > > https://forums.grsecurity.net/viewtopic.php?f=3&t=4209 > https://grsecurity.net/changelog-test.txt > > The grsec patch can be deblobed using the following command: > > "filterdiff -p1 -x firmware/bnx2/* -x firmware/Makefile -x firmware/WHENCE > $PATCHFILE > $PATCHFILE.new" > > Also https://repo.parabola.nu/other/grsecurity-libre/test/ contains deblobed > versions of the latest grsec patch which could be used instead of the > upstream grsec patch along with the linux delob script when "deblob" is > selected. @pipacs and spender. are you guys going to be bundling firmware blobs with the grsec patch from now on? Because this will become a maintenance nightmare for us. i'll prefer to drop the deblobbing. |
