[03:06] <eviljoel> Excuse me if this is the wrong place to ask this question.  I'm am doing something security sensitive.  I was wondering if there is a secure way to git clone the latest kernel source?
[03:07] <eviljoel> ...or anyway outside of git.
[03:07] <hyperair> apt-get source?
[03:07] <hyperair> and verify signatures
[03:07] <hyperair> which latest kernel source do you want?
[03:07] <hyperair> ubuntu's tree? or the vanilla tree?
[03:07] <hyperair> you can just clone normally, and verify the signature
[03:07] <eviljoel> Ubuntu's tree.
[03:08] <ohsix> git for the kernel are gpg signed
[03:08] <eviljoel> Is the source signed?
[03:08] <hyperair> as long as you can verify securely that the HEAD commit sha1 is correct, you can be guaranteed that the whole tree is correct
[03:08] <hyperair> guaranteed reasonably securely, as far as sha1 is concerned, that is.[
[03:09] <eviljoel> Let me think on this for a second.
[03:09] <hyperair> you can also verify the tag's signature (GPG)
[03:09] <hyperair> which guarantees everything referenced by the tag
[03:09] <hyperair> i.e. the commit pointed to by the tag, all of the commits in its history, and all of their tree states
[03:10] <eviljoel> OK, I'm fairly familiar with gpg.  What command would I use to do that?
[03:10] <hyperair> git tag -v
[03:10] <hyperair> git tag -v v2.6.31, for example
[03:10] <hyperair> again, everything's guaranteed by sha1 uniqueness
[03:11] <hyperair> which is pretty secure. it's exceedingly difficult to find a sha1 collision, and even harder to find a valid git tree out of all the collisions
[03:13] <eviljoel> I'm less familiar with git.  If I want the latest tag version, how do I get that?
[03:15] <eviljoel> Alright, it seems to be 'git describe --abbrev=0 --tags'.
[03:24] <eviljoel> Alright, so I'm not sure if this is going to work for my threat level.  There appears to be multiple people who sign the ubuntu tags.  If there is a large number of people signing ubuntu tags, that makes the verification process a lot harder.
[03:25] <eviljoel> So far this appears to be the best way to get secure source:  https://help.ubuntu.com/community/Kernel/Compile#Option_B.29_Download_the_source_archive
[03:25] <eviljoel> ...but it says right at the top that the source isn't up to date.
[03:25] <eviljoel> How much out of date will it be?
[03:36] <eviljoel> So, I'll try one more time because I have to leave soon.  How out of date is sudo apt-get source linux-image-`uname -r`?
[03:37] <eviljoel> ...typically, not just right now.
[09:35] <xperia> hi all. what ppa do i need to add on a 14.04 system to be able to fetch the 3.16 ubuntu kernel sources so i am able to rebuild it like this here => https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel
[09:35] <xperia> I need to rebuild the ubuntu Kernel with reiser4 support for the Kernel version 3.15 or 3.16 to be able to run it on a 14.04 System
[10:27] <zequence> infinity: Ah, sorry. Had not noticed. Will do that shortly
[18:30] <cmagina> running into an issue with the insertchanges rule for a kernel branch i am working with where the command exits without error, but the changelog entry is empty
[18:30] <cmagina> clearly something wrong with either my branch, environment, etc. just no idea what that could be as i am not as familiar as i would like with these tools
[18:32] <rtg> cmagina, have you done a startnewrelease ?
[18:32] <cmagina> rtg, yeah, the commit is there as well
[18:33] <rtg> cmagina, do you have your branch pushed somewhere I can get at it ?
[18:33] <cmagina> rtg, no, but i can push it
[18:34] <cmagina> rtg, git://kernel.ubuntu.com/cmagina/trusty-xgene.git 3.13.0-35.62+lomond.1+pcidbg
[18:50] <rtg> cmagina, maybe because it can't figure out your version scheme, but thats just a guess
[18:51] <cmagina> rtg, ah, thanks for taking a look. guess i'll fill it out manually for now and ask dannf about it when he gets back
[19:24] <zequence> infinity: Ok. Building..
[22:01] <cmagina> does the ubuntu-trusty/master-next branch get turned into a deb anywhere for arm64 on a regular basis?