On 12/10/2016 05:40 PM, Reg Tiangha wrote: > Well, I'm currently in the middle of compiling it; haven't had to > compile a kernel since my Gentoo days and I've forgotten how long it > used to take. One piece of advice at this point: If you're using a fresh > template, you'll definitely want to allocate more space to /home; the > default 2GB isn't enough. I've doubled it to 4G and am keeping an eye on > how much it grows. I can't remember how much disk space it used to take > to compile an old Gentoo kernel so I'll be babysitting this one until > it's done. > > In the meantime: > > 1) I would assume it would work; their instructions imply Debian 7+, but > I suppose the only way to find out if it would work on a Debian 9 > template under Qubes would be to compile it and find out. > > 2) I've never used a Gresecurity kernel before (I almost did under > Gentoo but at the time, the kernel they were using was an older one > lacking a driver I needed so I ended up going with the vanilla sources > instead), but here's how the gresecurity folks feel in terms of how they > would stack up: > > https://grsecurity.net/compare.php > > If you want to try a regular 4.8 kernel either in dom0 or in a vm, > there's already one (4.8.12) in the Qubes unstable repository that you > can play with right now. > >
Just to update: It took about 5 hours to compile on my quad core 2.2GHz Intel i7-2720M, so your millage may vary. The coldkernel compile directory was about 3.2GB large after compilation, so you'll want to make sure your /home directory has at least 4.0GB free before attempting this. I used a fresh stock but updated debian-8 template vm to compile this on. The machine boots, which is the good news. The bad news is that qrexec momentarily connects and then disconnects (i.e. the light turns green in Qubes VM Manager for about a second once it finishes booting, and then immediately turns yellow). However, I didn't follow the instructions exactly as git said there was no tag marked coldkernel-0.9a-4.8.12 when I typed out the verify-tag and checkout commands as written. So I switched to the 0.9a branch instead using git checkout 0.9a. That said, I'm essentially a git newb. Did I do that part right or should I have done something else? Anyway, I don't know much about gresecurity and paxctl either, so while I wait for someone else to post some success on this, there is lots to read up on in the meantime. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o2igth%2453g%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
