From 48d201b09904cc388688d3a1fe05c788bb28fce3 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@debian.org>
Date: Mon, 25 Mar 2024 13:26:01 -0400
Subject: [PATCH] Remove u2mfn-related code that was needed on buster

---
 securedrop-workstation-grsec/DEBIAN/postinst | 34 +-------------------
 1 file changed, 1 insertion(+), 33 deletions(-)

diff --git a/securedrop-workstation-grsec/DEBIAN/postinst b/securedrop-workstation-grsec/DEBIAN/postinst
index 5e2bd24..4916232 100755
--- a/securedrop-workstation-grsec/DEBIAN/postinst
+++ b/securedrop-workstation-grsec/DEBIAN/postinst
@@ -20,16 +20,9 @@ set -e
 
 # Pin current version of custom kernel
 GRSEC_VERSION='#DEB_VERSION_UPSTREAM#'
-# When updating the kernel version, also check that the u2mfn version matches:
-# https://github.com/QubesOS/qubes-linux-utils/blob/release4.0/version
-# Note that u2mfn is only used on buster/Qubes 4.0
-U2MFN_VERSION="4.0.34"
-
-# Get the current Debian codename so we can vary based on version
-eval "export $(cat /etc/os-release | grep CODENAME)"
 
 # Sets default grub boot parameter to the kernel version specified
-# by $GRSEC_VERSION because the default buster/bullseye kernels have
+# by $GRSEC_VERSION because the default bullseye kernels have
 # higher versions and would supersede our grsecurity kernels.
 set_grub_default() {
     GRUB_OPT="'Advanced options for Debian GNU/Linux>Debian GNU/Linux, with Linux $GRSEC_VERSION'"
@@ -47,35 +40,10 @@ start_paxctld() {
     fi
 }
 
-# Checks that the u2mfn kernel module was successfully built via dkms.
-verify_u2mfn_exists() {
-    ko_filepath="/usr/lib/modules/${GRSEC_VERSION}/updates/dkms/u2mfn.ko"
-    if ! test -f "$ko_filepath"; then
-        return 1
-    fi
-}
-
-# For reasons unknown, u2mfn may be missing. If not found, try to rebuild it,
-# otherwise we'll fail and require admin intervention.
-ensure_u2mfn_exists() {
-    if ! verify_u2mfn_exists ; then
-        dkms remove u2mfn -v "$U2MFN_VERSION" -k "$GRSEC_VERSION" || true
-        dkms autoinstall -k "$GRSEC_VERSION"
-        if ! verify_u2mfn_exists ; then
-            echo "ERROR: u2mfn kernel object is missing: $ko_filepath"
-            exit 1
-        fi
-    fi
-}
-
 case "$1" in
     configure)
     # Ensure pax flags are set prior to running grub
     start_paxctld
-    if [[ "$VERSION_CODENAME" = "buster" ]]; then
-        # Rebuild u2mfn kernel module if missing
-        ensure_u2mfn_exists
-    fi
     # Force latest hardened kernel for next boot
     set_grub_default
     update-grub