From: Daniel Drake <dsd@gentoo.org>
Date: Tue, 2 Jan 2007 01:43:34 +0000 (+0000)
Subject: add K_SECURITY_UNSUPPORTED flag
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=9761870368f4ec0574e67214985ec4fcb87a0835;p=gentoo.git

add K_SECURITY_UNSUPPORTED flag
---

diff --git a/eclass/kernel-2.eclass b/eclass/kernel-2.eclass
index 3d31257886d1..9879c6d4693b 100644
--- a/eclass/kernel-2.eclass
+++ b/eclass/kernel-2.eclass
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/kernel-2.eclass,v 1.199 2006/12/10 18:21:54 phreak Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/kernel-2.eclass,v 1.200 2007/01/02 01:43:34 dsd Exp $
 
 # Description: kernel.eclass rewrite for a clean base regarding the 2.6
 #              series of kernel with back-compatibility for 2.4
@@ -42,6 +42,7 @@
 # K_GENPATCHES_VER		- The version of the genpatches tarball(s) to apply.
 #						  A value of "5" would apply genpatches-2.6.12-5 to
 #						  my-sources-2.6.12.ebuild
+# K_SECURITY_UNSUPPORTED- If set, this kernel is unsupported by Gentoo Security
 
 # H_SUPPORTEDARCH		- this should be a space separated list of ARCH's which
 #						  can be supported by the headers ebuild
@@ -630,13 +631,6 @@ postinst_sources() {
 	# Don't forget to make directory for sysfs
 	[[ ! -d ${ROOT}sys ]] && kernel_is 2 6 && mkdir ${ROOT}sys
 
-	echo
-	einfo "After installing a new kernel of any version, it is important"
-	einfo "that you have the appropriate /etc/modules.autoload.d/kernel-X.Y"
-	einfo "created (X.Y is the first 2 parts of your new kernel version)"
-	echo
-	einfo "For example, this kernel will require:"
-	einfo "/etc/modules.autoload.d/kernel-${KV_MAJOR}.${KV_MINOR}"
 	echo
 	einfo "If you are upgrading from a previous kernel, you may be interested"
 	einfo "in the following documents:"
@@ -660,6 +654,15 @@ postinst_sources() {
 		echo ${K_EXTRAEWARN} | fmt |
 		while read -s ELINE; do ewarn "${ELINE}"; done
 	fi
+
+	# optionally display security unsupported message
+	if [[ -n ${K_SECURITY_UNSUPPORTED} ]]; then
+		echo
+		ewarn "${PN} is UNSUPPORTED by Gentoo Security."
+		ewarn "This means that it is likely to be vulnerable to recent security issues."
+		ewarn "For specific information on why this kernel is unsupported, please read:"
+		ewarn "http://www.gentoo.org/proj/en/security/kernel.xml"
+	fi
 }
 
 postinst_headers() {