From e6c65ecb12c58cfa043d9cfa6db31b9920603588 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Fri, 12 May 2017 18:38:27 +0200
Subject: tree-wide: remove uses of features.grsecurity

---
 nixos/modules/config/sysctl.nix                   | 5 +----
 pkgs/development/libraries/accelio/default.nix    | 3 +--
 pkgs/os-specific/linux/batman-adv/default.nix     | 1 -
 pkgs/os-specific/linux/kernel-headers/default.nix | 2 --
 pkgs/os-specific/linux/lttng-modules/default.nix  | 1 -
 pkgs/os-specific/linux/rtl8723bs/default.nix      | 3 +--
 pkgs/os-specific/linux/rtl8812au/default.nix      | 1 -
 pkgs/servers/openafs-client/default.nix           | 3 +--
 8 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix
index a3f7e8f722f..2114fb2b9d4 100644
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@@ -60,10 +60,7 @@ in
 
     # Hide kernel pointers (e.g. in /proc/modules) for unprivileged
     # users as these make it easier to exploit kernel vulnerabilities.
-    #
-    # Removed under grsecurity.
-    boot.kernel.sysctl."kernel.kptr_restrict" =
-      if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
+    boot.kernel.sysctl."kernel.kptr_restrict" = 1;
 
     # Disable YAMA by default to allow easy debugging.
     boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;
diff --git a/pkgs/development/libraries/accelio/default.nix b/pkgs/development/libraries/accelio/default.nix
index 002b26078f5..a1f229ca5fb 100644
--- a/pkgs/development/libraries/accelio/default.nix
+++ b/pkgs/development/libraries/accelio/default.nix
@@ -59,7 +59,6 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ wkennington ];
     # kernel 4.2 is the most recent supported kernel
     broken = kernel != null &&
-      (builtins.compareVersions kernel.version "4.2" == 1 ||
-       (kernel.features.grsecurity or false));
+      (builtins.compareVersions kernel.version "4.2" == 1);
   };
 }
diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix
index 1449d85fc16..a48909685d7 100644
--- a/pkgs/os-specific/linux/batman-adv/default.nix
+++ b/pkgs/os-specific/linux/batman-adv/default.nix
@@ -26,6 +26,5 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.gpl2;
     maintainers = with stdenv.lib.maintainers; [ viric fpletz ];
     platforms = with stdenv.lib.platforms; linux;
-    broken = (kernel.features.grsecurity or false);
   };
 }
diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix
index da9f3009474..a33d24fc847 100644
--- a/pkgs/os-specific/linux/kernel-headers/default.nix
+++ b/pkgs/os-specific/linux/kernel-headers/default.nix
@@ -1,7 +1,5 @@
 { stdenv, kernel, perl }:
 
-assert (!(kernel.features.grsecurity or false));
-
 let
   baseBuildFlags = [ "INSTALL_HDR_PATH=$(out)" "headers_install" ];
 in stdenv.mkDerivation {
diff --git a/pkgs/os-specific/linux/lttng-modules/default.nix b/pkgs/os-specific/linux/lttng-modules/default.nix
index 3bb61227fe4..2f5b50b3b58 100644
--- a/pkgs/os-specific/linux/lttng-modules/default.nix
+++ b/pkgs/os-specific/linux/lttng-modules/default.nix
@@ -31,7 +31,6 @@ stdenv.mkDerivation rec {
     maintainers = [ maintainers.bjornfor ];
     broken =
       (builtins.compareVersions kernel.version "3.18" == -1) ||
-      (kernel.features.grsecurity or false) ||
       (kernel.features.chromiumos or false);
   };
 
diff --git a/pkgs/os-specific/linux/rtl8723bs/default.nix b/pkgs/os-specific/linux/rtl8723bs/default.nix
index 05dd0f8ebb9..eb90ac30344 100644
--- a/pkgs/os-specific/linux/rtl8723bs/default.nix
+++ b/pkgs/os-specific/linux/rtl8723bs/default.nix
@@ -35,8 +35,7 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/hadess/rtl8723bs";
     license = stdenv.lib.licenses.gpl2;
     platforms = stdenv.lib.platforms.linux;
-    broken = (! versionAtLeast kernel.version "3.19")
-      || (kernel.features.grsecurity or false);
+    broken = (! versionAtLeast kernel.version "3.19");
     maintainers = with maintainers; [ elitak ];
   };
 }
diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix
index 6b1e93e59df..93c8e5b7ae4 100644
--- a/pkgs/os-specific/linux/rtl8812au/default.nix
+++ b/pkgs/os-specific/linux/rtl8812au/default.nix
@@ -31,6 +31,5 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/Grawp/rtl8812au_rtl8821au";
     license = stdenv.lib.licenses.gpl2;
     platforms = [ "x86_64-linux" "i686-linux" ];
-    broken = (kernel.features.grsecurity or false);
   };
 }
diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix
index 6383ce12bc1..fe7a34e0be8 100644
--- a/pkgs/servers/openafs-client/default.nix
+++ b/pkgs/servers/openafs-client/default.nix
@@ -48,7 +48,6 @@ stdenv.mkDerivation rec {
     maintainers = [ maintainers.z77z ];
     broken =
       (builtins.compareVersions kernel.version  "3.18" == -1) ||
-      (builtins.compareVersions kernel.version "4.4" != -1) ||
-      (kernel.features.grsecurity or false);
+      (builtins.compareVersions kernel.version "4.4" != -1);
   };
 }
-- 
cgit 1.4.1