lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Feb 2023 10:51:34 +0700
From:   Bagas Sanjaya <bagasdotme@...il.com>
To:     Thorsten Leemhuis <linux@...mhuis.info>,
        Jonathan Corbet <corbet@....net>
Cc:     Randy Dunlap <rdunlap@...radead.org>,
        Lukas Bulwahn <lukas.bulwahn@...il.com>,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        regressions@...ts.linux.dev, Greg KH <gregkh@...uxfoundation.org>,
        Jani Nikula <jani.nikula@...ux.intel.com>
Subject: Re: [PATCH v2] docs: describe how to quickly build a trimmed kernel

On Tue, Feb 14, 2023 at 07:58:09PM +0100, Thorsten Leemhuis wrote:
> +   Execute the following command to retrieve a fresh mainline codebase::
> +
> +     git clone --no-checkput --depth 1 -b master \
> +       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git \
> +       ~/linux/sources/
> +     cd ~/linux/sources/
> +
> +   If you want to access recent mainline releases and pre-releases, deepen you
> +   clone's history to the oldest version you are interested in::
> +
> +     git fetch --shallow-exclude=v6.0

For me, another way is to use `git fetch --shallow-since="<some-date>"
&& git repack -a -d`. This requires knowing version release date. If
you want that version, the date used should be one or two days before
that version's release date. Repacking is important!

Nevertheless, you need to go to Git ML and ask why repacking is required
in that case (I have tried searching threads there, but inconclusive).

> +The make target olddefconfig and the ``yes "" |`` used when utilizing
> +localmodconfig will set any undefined build options to their default value. This
> +among others will disable many kernel features that were introduced after your
> +base kernel was released.
> +
> +If you want to set these configurations options manually, use ``oldconfig``
> +instead of ``olddefconfig`` or omit the ``yes "" |`` when utilizing
> +localmodconfig. Then for each undefined configuration option you will be asked
> +how to proceed. In case you are unsure what to answer, simply hit 'enter' to
> +apply the default value.

olddefconfig and `yes "" | make localmodconfig` can produce different
config, since the default value for new config symbols may not be Y.
Often, for new drivers, the default is N.


> + * Remove a stale reference to a certificate file that would cause your build to
> +   fail::
> +
> +    ./scripts/config --file ~/linux/build/.config --set-str SYSTEM_TRUSTED_KEYS ''
> +
> +   Alternatively, download the needed certificate and make that configuration
> +   option point to it, as `the Debian handbook explains in more detail
> +   <https://debian-handbook.info/browse/stable/sect.kernel-compilation.html>`_ .
> +

Another way is to generate the certificate yourself (see
Documentation/admin-guide/module-signing.rst for the instructions).

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ