Looks good to me!

@wizeman Can these get merged? I updated the packages to also properly include maintainer attributes (specifying me - I did not see you in maintainers.nix or I would have added you as well) and the correct version information in the name attribute. Like I said, my gradm package also installs correct udev rules and I've been using these packages successfully. So I believe these are ready to go, and improvements to mark binaries with paxctl can come soon afterwords (which is something I'll need).

(gradm of course requires some other specific improvements that require a NixOS module to set up /etc, but I'll be submitting something else about that soon.)

@thoughtpolice I will add myself as a maintainer later to all the packages I'm keeping track of.

Your patches look good to me and I am OK with getting them merged. However, I am not quite clear whether I should be merging them myself, taking into account that this is not a simple version update and only very recently I was given commit access...

I guess what I'm saying is that I'm not clear what are the rules for getting something merged into the repository. For example, I wonder how many reviews/reviewers are needed when adding a new package, or how many are needed for changing an existing package, ...?

@wizeman: no rules exist (except that stable branch is only meant for maintenance+security updates), we rely purely on judgement of each individual.

In that case, I think I'm going to go ahead and merge it... Even though I assume we're close to the 14.02 release, this is just adding new packages, so I think there's very little risk of regressions.

Thanks, @thoughtpolice !

Excellent, thanks! I do hope these packages are useful for the 14.02 release, and I think that they will be useful to anyone who wants to deploy grsecurity.

(Relatedly, I also hope in the future that grsecurity stable-kernel updates can be shipped to the stable branch as well, if they are not already.)