I've just started using Qubes and I find it awsome, but I'm having problems updating the Debian Template Kernel and it seems to me this is a very important topic, since Qubes principle is isolation and simply some VMs doesn't have to support functionality you don't use and new kernels are always bigger, but they include interesting fixes and security improvements, so I'd like to reduce the attacking surface and still be able to use new kernels.
I have to say I've followed the Officials Docs: Qubes Docs -> https://www.qubes-os.org/doc/managing-vm-kernel/ Debian Docs -> https://www.debian.org/releases/stable/i386/ch08s06.html.en I've tried multiple ways: 1) Compiling the kernel the good old way, importing the current Qubes kernel configs and apply some changes 2) Compiling the kernel the debian way 3) Compiling the kernel the good old way, using the default configs (make defconfig) 4) Installing linux-image package All these failed. I installed 'grub2-xen' in dom0, then: 1-2) Compiling the kernel with custom configs I installed 'linux-header*', 'linux-source packages' and 'qubes-kernel-vm-support', then I extracted the archive in /usr/src, I apllied the patch provided by debian and I extracted and copied the Qubes Kernel current configs in '/proc/config.gz' into the linux-source dir with the name '.config'. I ran 'make' and 'make install' and I encountered an error: error: illegal package name 'linux-image-4.8.15-rt10-11.pvops.qubes.x86_64': character '_' not allowed So, I tried to the debian way, I installed 'fakeroot' and 'kernel-package'. I ran 'make menuconfig' and I made some changes, then I ran 'fakeroot make-kpkg --initrd --revision=2.0' and I encountered the same error as above: This is kernel package version 13.014+nmu1. install -p -d -o root -g root -m 755 /usr/src/linux-source-4.8/debian/linux-image-4.8.15-rt10-11.pvops.qubes.x86_64/DEBIAN sed -e 's/=V/4.8.15-rt10-11.pvops.qubes.x86_64/g' -e 's/=IB//g' \ -e 's/=ST/linux/g' -e 's/=R//g' \ -e 's/=KPV/13.014+nmu1/g' \ -e 's/=K/vmlinuz/g' \ -e 's/=I/YES/g' -e 's,=D,/boot,g' \ -e 's@=A@amd64@g' \ -e 's@=B@x86_64@g' \ ... dpkg-gencontrol: error: illegal package name 'linux-image-4.8.15-rt10-11.pvops.qubes.x86_64': character '_' not allowed debian/ruleset/targets/image.mk:230: recipe for target 'debian/stamp/binary/linux-image-4.8.15-rt10-11.pvops.qubes.x86_64' failed make: *** [debian/stamp/binary/linux-image-4.8.15-rt10-11.pvops.qubes.x86_64] Error 255 3) Compiling the kernel with default configs I ran 'make defconfig', then I ran 'make' and it went all good, but when I ran 'sudo make install' I encountered some errors, so I remembered the Qubes Docs and I tried to use DKMS, so I ran 'sudo dkms autoinstall -k <version> -a amd64', but I didn't see any output unlike the one showed by the Qubes Docs, so I stopped here. 4) Installing the debian 'linux-image' package I ran 'sudo apt-get install linux-image-amd64', but during the installation the terminal disappeared and the VMs led state turned to yellow, so I tried to reboot the machine, but the light was still yellow. I checked the logs, I dind't see any errors and the VM reached the login, but the dom0 show an error related to the id. So, I attached to the VM console from dom0 with 'sudo xl console debian-8-test', I tried to make 'dkpg' finish the installation with 'dpkg --configure -a' and it finished it, but it told me that 'WITH THIS INITRAM, THE PC WILL NEVER BOOT', so I ran 'grub-update', I set 'pvgrub2' as kernel in VM Manager and tried to reboot, but the machine couldn't mount root, as the error above had announced. What's up with with the initramfs? I think I've tried a lot and I can't still understand why the procedures showed in the Officials Docs didn't work, maybe I've missed something or I've done something wrong. Is really possible to use a custom built kernel iniside a VM? If yes, how can we manage to do it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a43a87a-d6c6-4552-89e5-9d54692bc7cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
