| eviljoel | Excuse me if this is the wrong place to ask this question. I'm am doing something security sensitive. I was wondering if there is a secure way to git clone the latest kernel source? | 03:06 |
|---|---|---|
| eviljoel | ...or anyway outside of git. | 03:07 |
| hyperair | apt-get source? | 03:07 |
| hyperair | and verify signatures | 03:07 |
| hyperair | which latest kernel source do you want? | 03:07 |
| hyperair | ubuntu's tree? or the vanilla tree? | 03:07 |
| hyperair | you can just clone normally, and verify the signature | 03:07 |
| eviljoel | Ubuntu's tree. | 03:07 |
| ohsix | git for the kernel are gpg signed | 03:08 |
| eviljoel | Is the source signed? | 03:08 |
| hyperair | as long as you can verify securely that the HEAD commit sha1 is correct, you can be guaranteed that the whole tree is correct | 03:08 |
| hyperair | guaranteed reasonably securely, as far as sha1 is concerned, that is.[ | 03:08 |
| eviljoel | Let me think on this for a second. | 03:09 |
| hyperair | you can also verify the tag's signature (GPG) | 03:09 |
| hyperair | which guarantees everything referenced by the tag | 03:09 |
| hyperair | i.e. the commit pointed to by the tag, all of the commits in its history, and all of their tree states | 03:09 |
| eviljoel | OK, I'm fairly familiar with gpg. What command would I use to do that? | 03:10 |
| hyperair | git tag -v | 03:10 |
| hyperair | git tag -v v2.6.31, for example | 03:10 |
| hyperair | again, everything's guaranteed by sha1 uniqueness | 03:10 |
| hyperair | which is pretty secure. it's exceedingly difficult to find a sha1 collision, and even harder to find a valid git tree out of all the collisions | 03:11 |
| eviljoel | I'm less familiar with git. If I want the latest tag version, how do I get that? | 03:13 |
| eviljoel | Alright, it seems to be 'git describe --abbrev=0 --tags'. | 03:15 |
| eviljoel | Alright, so I'm not sure if this is going to work for my threat level. There appears to be multiple people who sign the ubuntu tags. If there is a large number of people signing ubuntu tags, that makes the verification process a lot harder. | 03:24 |
| eviljoel | So far this appears to be the best way to get secure source: https://help.ubuntu.com/community/Kernel/Compile#Option_B.29_Download_the_source_archive | 03:25 |
| eviljoel | ...but it says right at the top that the source isn't up to date. | 03:25 |
| eviljoel | How much out of date will it be? | 03:25 |
| eviljoel | So, I'll try one more time because I have to leave soon. How out of date is sudo apt-get source linux-image-`uname -r`? | 03:36 |
| eviljoel | ...typically, not just right now. | 03:37 |
| xperia | hi all. what ppa do i need to add on a 14.04 system to be able to fetch the 3.16 ubuntu kernel sources so i am able to rebuild it like this here => https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel | 09:35 |
| xperia | I need to rebuild the ubuntu Kernel with reiser4 support for the Kernel version 3.15 or 3.16 to be able to run it on a 14.04 System | 09:35 |
| zequence | infinity: Ah, sorry. Had not noticed. Will do that shortly | 10:27 |
| === cmagina_ is now known as cmagina | ||
| cmagina | running into an issue with the insertchanges rule for a kernel branch i am working with where the command exits without error, but the changelog entry is empty | 18:30 |
| cmagina | clearly something wrong with either my branch, environment, etc. just no idea what that could be as i am not as familiar as i would like with these tools | 18:30 |
| rtg | cmagina, have you done a startnewrelease ? | 18:32 |
| cmagina | rtg, yeah, the commit is there as well | 18:32 |
| rtg | cmagina, do you have your branch pushed somewhere I can get at it ? | 18:33 |
| cmagina | rtg, no, but i can push it | 18:33 |
| cmagina | rtg, git://kernel.ubuntu.com/cmagina/trusty-xgene.git 3.13.0-35.62+lomond.1+pcidbg | 18:34 |
| rtg | cmagina, maybe because it can't figure out your version scheme, but thats just a guess | 18:50 |
| cmagina | rtg, ah, thanks for taking a look. guess i'll fill it out manually for now and ask dannf about it when he gets back | 18:51 |
| zequence | infinity: Ok. Building.. | 19:24 |
| === yofel_ is now known as yofel | ||
| cmagina | does the ubuntu-trusty/master-next branch get turned into a deb anywhere for arm64 on a regular basis? | 22:01 |
| === yp is now known as ypwong | ||
| === inaddy is now known as tinoco | ||
| === _Traxer is now known as Traxer | ||
| === Laney is now known as Guest14360 | ||
| === ming is now known as Guest38185 | ||
| === jpds is now known as 6JTAAFS52 | ||
| === hggdh is now known as 6JTAAFWBI | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!