From 0bd31bce10dbcfa90a5e82f4f6c1bdc1252d02ae Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Tue, 3 May 2016 19:24:40 +0200
Subject: [PATCH] grsecurity: drop support for 4.4 kernels

From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.

It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible.  Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.

nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.

Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).

[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
---
 pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix | 2 ++
 pkgs/os-specific/linux/kernel/patches.nix              | 4 +---
 pkgs/top-level/release.nix                             | 3 ---
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix
index 36181308a8b..e51fe642368 100644
--- a/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-grsecurity-4.4.nix
@@ -1,5 +1,7 @@
 { stdenv, fetchurl, perl, buildLinux, ... } @ args:
 
+throw "grsecurity stable is no longer supported; please update your configuration"
+
 import ./generic.nix (args // rec {
   version = "4.4.5";
   extraMeta.branch = "4.4";
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 14b0692dbad..c4bc4513395 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -23,9 +23,7 @@ let
     { name = "grsecurity-${grversion}-${kversion}";
       inherit grversion kernel patches kversion revision;
       patch = fetchurl {
-        url = if branch == "stable"
-              then "https://github.com/kdave/grsecurity-patches/blob/master/grsecurity_patches/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true"
-              else "https://github.com/slashbeast/grsecurity-scrape/blob/master/${branch}/grsecurity-${grversion}-${kversion}-${revision}.patch?raw=true";
+        url = "https://grsecurity.net/${branch}/grsecurity-${grversion}-${kversion}-${revision}.patch";
         inherit sha256;
       };
       features.grsecurity = true;
diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix
index 763e891173c..8b246c5340f 100644
--- a/pkgs/top-level/release.nix
+++ b/pkgs/top-level/release.nix
@@ -323,9 +323,6 @@ let
       };
 
       linuxPackages_testing = { };
-      linuxPackages_grsec_stable_desktop = { };
-      linuxPackages_grsec_stable_server = { };
-      linuxPackages_grsec_stable_server_xen = { };
       linuxPackages_grsec_testing_desktop = { };
       linuxPackages_grsec_testing_server = { };
       linuxPackages_grsec_testing_server_xen = { };