Web lists-archives.com

Re: Kernel for Spectre and Meltdown




Hi Michael,

On Sat, Feb 03, 2018 at 11:44:39PM +0000, Michael Fothergill wrote:
> On 3 February 2018 at 23:14, Andy Smith <andy@xxxxxxxxxxxxxx> wrote:
> > If you want to make genuine constructive suggestions for how things
> > could be improved, I think you should start by identifying what
> > exactly the deficiencies are.
> 
> ​Only wanting kernels quicker so chrooting not needed. ​

Okay! That, Debian can do.

Easiest thing to do when requiring a newer kernel would be to check
the backports suite, so in this case in stretch-backports we find
linux-image-amd64:

    <https://packages.debian.org/stretch-backports/linux-image-amd64>

That's a virtual package that gets you the latest real kernel
package available in that suite, which right now is
linux-image-4.14.0-0.bpo.3-amd64:

    <https://packages.debian.org/stretch-backports/linux-image-amd64>

>From there, if you look on the right you will see the Debian
changelog link
<http://ftp-master.metadata.debian.org/changelogs//main/l/linux/linux_4.14.13-1~bpo9+1_changelog>
which tells us that this corresponds to upstream release 4.14.13.
The upstream release was made on 10 January and this backports
package came on 14 January, so that's pretty swift.

Of course, there have been newer upstream kernel releases since
then, but you can see from the Debian changelog that a new package
is made available every couple of weeks.

A lot of the time that is going to be "new enough" for anyone
running Debian stable who for some reason needs a newer kernel. No
need for compiling anything, no chroot, just install different
binary packages from a different suite. It was no use for your
specific request because it still lags behind upstream a little bit
and it wasn't compiled with a new enough gcc.

So what if you really do need to build a Debian kernel package based
off of the very latest upstream kernel release?

If you take a look at the Debian Linux Kernel Handbook
<https://kernel-handbook.alioth.debian.org/> you will see there is a
section about rebuilding the kernel package
<https://kernel-handbook.alioth.debian.org/ch-common-tasks.html#s-common-official>.
That isn't exactly what you want because it's talking about only
rebuilding from an existing source package, but it contains
instructions that you will also need later on.

Later on there's a section on building kernel packages from any
kernel source archive:
<https://kernel-handbook.alioth.debian.org/ch-common-tasks.html#s-kernel-org-package>.
Using that process you can build kernel packages from the latest
kernel.org archive available.

Usually you can do that on the stable release, no chroot needed,
just a few downloads, a few commands and a lot of CPU time.

The reason why you were directed to do a lot more (chroot and gcc)
is because in the specific instance of Spectre a new gcc is needed
as well, and that was only available in Debian sid. Absent that
requirement, it is much simpler.

So there you go, the Debian Kernel team has got you covered for a
variety of kernel-related needs. :)

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting