From f1459cd4b0225c07a2a818eb1cf0aad2fe5d16ed Mon Sep 17 00:00:00 2001
From: Austin Seipp <aseipp@pobox.com>
Date: Mon, 17 Feb 2014 08:23:31 -0600
Subject: [PATCH 1/3] grsecurity: add gradm-3.0-201401291757

This also ensures the appropriate udev rules are installed.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
---
 pkgs/os-specific/linux/gradm/default.nix | 51 ++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix          |  2 +
 2 files changed, 53 insertions(+)
 create mode 100644 pkgs/os-specific/linux/gradm/default.nix

diff --git a/pkgs/os-specific/linux/gradm/default.nix b/pkgs/os-specific/linux/gradm/default.nix
new file mode 100644
index 00000000000..7272b5a22fa
--- /dev/null
+++ b/pkgs/os-specific/linux/gradm/default.nix
@@ -0,0 +1,51 @@
+{ fetchurl, stdenv, bison, flex, pam,
+  gcc, coreutils, findutils, binutils, bash }:
+
+stdenv.mkDerivation rec {
+  name    = "gradm-${version}";
+  version = "3.0-201401291757";
+
+  src  = fetchurl {
+    url    = "http://grsecurity.net/stable/${name}-${version}.tar.gz";
+    sha256 = "19p7kaqbvf41scc63n69b5v5xzpw3mbf5zy691rply8hdm7736cw";
+  };
+
+  buildInputs = [ gcc coreutils findutils binutils pam flex bison bash ];
+  preBuild = ''
+    substituteInPlace ./Makefile --replace "/usr/include/security/pam_" "${pam}/include/security/pam_"
+    substituteInPlace ./gradm_defs.h --replace "/sbin/grlearn"   "$out/sbin/grlearn"
+    substituteInPlace ./gradm_defs.h --replace "/sbin/gradm"     "$out/sbin/gradm"
+    substituteInPlace ./gradm_defs.h --replace "/sbin/gradm_pam" "$out/sbin/gradm_pam"
+  '';
+
+  postInstall = ''
+    mkdir -p $out/lib/udev/rules.d
+    cat > $out/lib/udev/rules.d/80-grsec.rules <<EOF
+    ACTION!="add|change", GOTO="permissions_end"
+    KERNEL=="grsec",          MODE="0622"
+    LABEL="permissions_end"
+    EOF
+  '';
+
+  makeFlags =
+    [ "DESTDIR=$(out)"
+      "CC=${gcc}/bin/gcc"
+      "FLEX=${flex}/bin/flex"
+      "BISON=${bison}/bin/bison"
+      "FIND=${findutils}/bin/find"
+      "STRIP=${binutils}/bin/strip"
+      "INSTALL=${coreutils}/bin/install"
+      "MANDIR=/share/man"
+      "MKNOD=true"
+    ];
+
+  enableParallelBuilding = true;
+
+  meta = {
+    description = "grsecurity RBAC administration and policy analysis utility";
+    homepage    = "https://grsecurity.net";
+    license     = stdenv.lib.licenses.gpl2;
+    platforms   = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 4f781502e3d..18ebecb2bec 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6578,6 +6578,8 @@ let
 
   gpm = callPackage ../servers/gpm { };
 
+  gradm = callPackage ../os-specific/linux/gradm { };
+
   hdparm = callPackage ../os-specific/linux/hdparm { };
 
   hibernate = callPackage ../os-specific/linux/hibernate { };

From c2e4ccd4adb3d3e69c0701104196f6561e877d0f Mon Sep 17 00:00:00 2001
From: Austin Seipp <aseipp@pobox.com>
Date: Mon, 17 Feb 2014 08:24:20 -0600
Subject: [PATCH 2/3] grsecurity: add paxctl-0.7

Signed-off-by: Austin Seipp <aseipp@pobox.com>
---
 pkgs/os-specific/linux/paxctl/default.nix | 28 +++++++++++++++++++++++
 pkgs/top-level/all-packages.nix           |  2 ++
 2 files changed, 30 insertions(+)
 create mode 100644 pkgs/os-specific/linux/paxctl/default.nix

diff --git a/pkgs/os-specific/linux/paxctl/default.nix b/pkgs/os-specific/linux/paxctl/default.nix
new file mode 100644
index 00000000000..253c0dd5ed2
--- /dev/null
+++ b/pkgs/os-specific/linux/paxctl/default.nix
@@ -0,0 +1,28 @@
+{ fetchurl, stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "paxctl-${version}";
+  version = "0.7";
+
+  src = fetchurl {
+    url = "https://pax.grsecurity.net/${name}-${version}.tar.bz2";
+    sha256 = "1j6dg6wd1v7na5i4xj8zmbff0mdqdnw6cvqy0rsbz5anra27f1zp";
+  };
+
+  preBuild = ''
+    sed "s|--owner 0 --group 0||g" -i Makefile
+  '';
+
+  makeFlags = [
+    "DESTDIR=$(out)"
+    "MANDIR=share/man/man1"
+  ];
+
+  meta = {
+    description = "A tool for controlling PaX flags on a per binary basis";
+    homepage    = "https://pax.grsecurity.net";
+    license     = stdenv.lib.licenses.gpl2;
+    platforms   = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 18ebecb2bec..6012c39bc85 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6986,6 +6986,8 @@ let
 
   pam_usb = callPackage ../os-specific/linux/pam_usb { };
 
+  paxctl = callPackage ../os-specific/linux/paxctl { };
+
   pcmciaUtils = callPackage ../os-specific/linux/pcmciautils {
     firmware = config.pcmciaUtils.firmware or [];
     config = config.pcmciaUtils.config or null;

From 4631a65c4383a2f544154912e7fac878d4f8f7ca Mon Sep 17 00:00:00 2001
From: Austin Seipp <aseipp@pobox.com>
Date: Mon, 17 Feb 2014 08:24:43 -0600
Subject: [PATCH 3/3] grsecurity: add pax-utils-0.7

Signed-off-by: Austin Seipp <aseipp@pobox.com>
---
 pkgs/os-specific/linux/pax-utils/default.nix | 24 ++++++++++++++++++++
 pkgs/top-level/all-packages.nix              |  2 ++
 2 files changed, 26 insertions(+)
 create mode 100644 pkgs/os-specific/linux/pax-utils/default.nix

diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix
new file mode 100644
index 00000000000..9ab3183e92a
--- /dev/null
+++ b/pkgs/os-specific/linux/pax-utils/default.nix
@@ -0,0 +1,24 @@
+{ fetchurl, stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "pax-utils-${version}";
+  version = "0.7";
+
+  src = fetchurl {
+    url = "http://dev.gentoo.org/~vapier/dist/${name}-${version}.tar.xz";
+    sha256 = "111vmwn0ikrmy3s0w3rzpbzwrphawljrmcjya0isg5yam7lwxi0s";
+  };
+
+  makeFlags = [
+    "DESTDIR=$(out)"
+    "PREFIX=$(out)"
+  ];
+
+  meta = {
+    description = "A suite of tools for PaX/grsecurity";
+    homepage    = "http://dev.gentoo.org/~vapier/dist/";
+    license     = stdenv.lib.licenses.gpl2;
+    platforms   = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.thoughtpolice ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 6012c39bc85..bbe1b4ce51a 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -6988,6 +6988,8 @@ let
 
   paxctl = callPackage ../os-specific/linux/paxctl { };
 
+  pax-utils = callPackage ../os-specific/linux/pax-utils { };
+
   pcmciaUtils = callPackage ../os-specific/linux/pcmciautils {
     firmware = config.pcmciaUtils.firmware or [];
     config = config.pcmciaUtils.config or null;