Linux

Building

Vanilla kernel

1. Install dependencies:

    sudo apt-get install kernel-package fakeroot libncurses5-dev gcc-4.9-plugin-dev

2. Get the name of the latest kernel from Kernel.org:

    wget https://www.kernel.org/finger_banner -qO -

3. Download vanilla kernel package and signature:

    wget https://kernel.org/pub/linux/kernel/v4.x/linux-4.3.3.tar.xz
    wget https://kernel.org/pub/linux/kernel/v4.x/linux-4.3.3.tar.sign

4. Unpack kernel package:

    unxz linux-4.3.3.tar.xz

5. Verify package signature:

    gpg --verify linux-4.3.3.tar.sign

6. Unpack kernel sources:

    tar -xf linux-4.3.3.tar

7. Change into sources directory:

    cd linux-4.3.3/

8. Copy current kernel’s config:

    cp /boot/config-$(uname -r) .config

9. Apply patches if needed:

    patch -p1 < ../debian-logo-2.6.patch

10. Launch configuration menu:

    make menuconfig

11. Clean up before building:

    make-kpkg clean

12. Build debian packages for linux-headers and linux-image:

    export CONCURRENCY_LEVEL="$(grep -c '^processor' /proc/cpuinfo)"
    time fakeroot make-kpkg --initrd kernel_headers kernel_image

13. Install new debian packages:

    sudo dpkg -i ../linux-*.deb

Patches

Grsecurity patch

1. Get the name of the latest patch from Grsecurity:

    wget https://grsecurity.net/latest_test_patch -qO -

2. Download patch and signature:

    wget https://grsecurity.net/test/grsecurity-3.1-4.3.3-201601192226.patch
    wget https://grsecurity.net/test/grsecurity-3.1-4.3.3-201601192226.patch.sig

3. Verify patch signature:

    gpg --verify grsecurity-3.1-4.3.3-201601192226.patch.sig

4. Change into sources directory:

    cd linux-4.3.3/

5. Apply patch:

    patch -p1 < ../grsecurity-3.1-4.3.3-201601192226.patch

6. Launch configuration menu:

    make menuconfig

7. Change these parameters from the defaults in Security options:

    [*] Grsecurity
           Configuration Method (Automatic)  --->
           Usage Type (Desktop)  --->
           Virtualization Type (Host)  --->
           Virtualization Software (KVM)  --->
           Required Priorities (Security)  --->

Links

• 8.10. Compiling a Kernel - The Debian Administrator’s Handbook
• 4.6 Building a custom kernel from the “pristine” kernel source - Debian Kernel Handbook
• Hardening Debian for the Desktop Using Grsecurity - Micah Lee’s Blog
• Grsecurity/Appendix/Grsecurity and PaX Configuration Options > Virtualization Software - Wikibooks