-
Notifications
You must be signed in to change notification settings - Fork 43
Testing new kernel images
The SecureDrop project uses custom kernels, patched with grsecurity, in the Workstation VMs. Use the kernel-builder repo to create new images. In order to test them, you can submit a PR to the apt-test lfs repo, or you can qvm-copy them locally into VM templates to evalute.
# in dom0, run:
qvm-copy sd-small-buster-template sd-kernel-test
# edit /etc/qubes-rpc/policy/qubes.Filecopy, adding `sd-dev @tag:sd-workstation allow`
# to the top of the file to permit copying between VMs
Then, in sd-kernel-builder:
qvm-copy linux-{image,headers}*grsec-workstation*.deb
# copy to `sd-kernel-test`
Open a terminal in sd-kernel-test, switch to ~/QubesIncoming/sd-dev/, and manually install the packages:
sudo dpkg -i *.deb
If you did not build a new version of the securedrop-workstation-grsec metapackage, from the packaging repo, then you'll have to edit the grub settings manually. Still in sd-kernel-test:
# edit /etc/default/grub, changing the version string of the kernel in `GRSEC_VERSION=`, then run:
sudo update-grub
Reboot sd-kernel-test, open a terminal, and confirm the new kernel is running via uname -a. If so, you should be ready to proceed with sending to apt-test and performing full functional review on a dev or staging env.