[03:06] Excuse me if this is the wrong place to ask this question. I'm am doing something security sensitive. I was wondering if there is a secure way to git clone the latest kernel source? [03:07] ...or anyway outside of git. [03:07] apt-get source? [03:07] and verify signatures [03:07] which latest kernel source do you want? [03:07] ubuntu's tree? or the vanilla tree? [03:07] you can just clone normally, and verify the signature [03:07] Ubuntu's tree. [03:08] git for the kernel are gpg signed [03:08] Is the source signed? [03:08] as long as you can verify securely that the HEAD commit sha1 is correct, you can be guaranteed that the whole tree is correct [03:08] guaranteed reasonably securely, as far as sha1 is concerned, that is.[ [03:09] Let me think on this for a second. [03:09] you can also verify the tag's signature (GPG) [03:09] which guarantees everything referenced by the tag [03:09] i.e. the commit pointed to by the tag, all of the commits in its history, and all of their tree states [03:10] OK, I'm fairly familiar with gpg. What command would I use to do that? [03:10] git tag -v [03:10] git tag -v v2.6.31, for example [03:10] again, everything's guaranteed by sha1 uniqueness [03:11] which is pretty secure. it's exceedingly difficult to find a sha1 collision, and even harder to find a valid git tree out of all the collisions [03:13] I'm less familiar with git. If I want the latest tag version, how do I get that? [03:15] Alright, it seems to be 'git describe --abbrev=0 --tags'. [03:24] Alright, so I'm not sure if this is going to work for my threat level. There appears to be multiple people who sign the ubuntu tags. If there is a large number of people signing ubuntu tags, that makes the verification process a lot harder. [03:25] So far this appears to be the best way to get secure source: https://help.ubuntu.com/community/Kernel/Compile#Option_B.29_Download_the_source_archive [03:25] ...but it says right at the top that the source isn't up to date. [03:25] How much out of date will it be? [03:36] So, I'll try one more time because I have to leave soon. How out of date is sudo apt-get source linux-image-`uname -r`? [03:37] ...typically, not just right now. [09:35] hi all. what ppa do i need to add on a 14.04 system to be able to fetch the 3.16 ubuntu kernel sources so i am able to rebuild it like this here => https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel [09:35] I need to rebuild the ubuntu Kernel with reiser4 support for the Kernel version 3.15 or 3.16 to be able to run it on a 14.04 System [10:27] infinity: Ah, sorry. Had not noticed. Will do that shortly === cmagina_ is now known as cmagina [18:30] running into an issue with the insertchanges rule for a kernel branch i am working with where the command exits without error, but the changelog entry is empty [18:30] clearly something wrong with either my branch, environment, etc. just no idea what that could be as i am not as familiar as i would like with these tools [18:32] cmagina, have you done a startnewrelease ? [18:32] rtg, yeah, the commit is there as well [18:33] cmagina, do you have your branch pushed somewhere I can get at it ? [18:33] rtg, no, but i can push it [18:34] rtg, git://kernel.ubuntu.com/cmagina/trusty-xgene.git 3.13.0-35.62+lomond.1+pcidbg [18:50] cmagina, maybe because it can't figure out your version scheme, but thats just a guess [18:51] rtg, ah, thanks for taking a look. guess i'll fill it out manually for now and ask dannf about it when he gets back [19:24] infinity: Ok. Building.. === yofel_ is now known as yofel [22:01] does the ubuntu-trusty/master-next branch get turned into a deb anywhere for arm64 on a regular basis? === yp is now known as ypwong === inaddy is now known as tinoco === _Traxer is now known as Traxer === Laney is now known as Guest14360 === ming is now known as Guest38185 === jpds is now known as 6JTAAFS52 === hggdh is now known as 6JTAAFWBI