Skip to content
ajdle edited this page Jun 17, 2015 · 13 revisions

Overview

TD;DR Greezly is only the stable Linux kernel sources patched with the grsecurity patch. With history.

So, why using this repository instead of downloading the source archive and applying the grsecurity patch?

  • History between the grsecurity patches
  • Full history between the stable Linux releases
  • One default configuration for server usage
  • Some scripts to facilitate the kernel installation (PaX flags, group creation)
  • Verification that Greezly matches the grsecurity patch

Greezly embed a default configuration for x86_64 machines.

Using a Greezly kernel on a Debian or a Debian-based distribution

  1. Download the source code: git clone [email protected]:moulecorp/greezly.git
  2. Setup the default Greezly configuration: make x86_64_greezly_defconfig
  3. Build an image: make greezly-deb
  4. Copy the generated .deb packages located in the parent directory on the target server
  5. Install the generated packages: dpkg -i *.deb

History

The grsecurity patches always apply against a stable version of the Linux kernel. No incremental patch is provided. In Greezly we made some scripts to only apply what's new in the grsecurity patches, allowing to have a clear history of what's going on.

Check the Greezly sources matches the upstream grsecurity patch

make greezly-verify

There is no need to also verify we use the same stable tree because the above command verify the Greezly modifications and the Grsecurity modifications are the same (minus our few patches), and apply on the same tree (stable).

Maintain a package

Greezly was created to maintain a kernel package in a custom Debian repository. Some scripts added to the Linux sources help with the workflow.

Setup a working directory

  1. Download the sources: git clone [email protected]:moulecorp/greezly.git
  2. Add a remote to fetch Linux stable updates: git remote add linux-stable git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git

Update Greezly

make greezly-pull

Build an image for the repository

  1. Tag the release: git tag greezly-v<tag_number>
  2. Setup the default Greezly configuration: make x86_64_greezly_defconfig
  3. Build an image: make CHANGELOG=<prepended_changelog> MAINTAINER="name <mail>" URGENCY=<low|medium|high> greezly-deb