custom compil

aurel.pere at aurel.pere at
Thu Jan 26 15:49:51 EST 2023

> 'Make a cron job to pull from the kernel repo automatically, either
> the stable[] or Fedora's official repo. Then you can run
> the merge_config script, and then build the kernel. Then, you can
> run `update-grub` or whatever is the process.'
>> I was hoping a security tool existed for that purpose. I will do with make then
> 'Unless for learning, why do this? Fedora maintainers do know their
> stuff, so you can trust them. You are not going to audit changes
> anyways, so this exercise is futile as you are basically doing the
> same thing as `sudo dnf update` (or whatever the dnf command is),
> but without the testing from maintainers and other people. Not to
> mention the Fedora specific quirks which won't be there upstream.'
>>I have chosen fedora for the relative pre built security guarantee it brings but i have reasons to believe the default quirks dont provide enough hardening for my situation. So I am now trying my best to follow and apply an official hardening guide and the kernel compiling is a part of it. For me this is a philosophical stake as much as a technical issue and an experiment: in 2023, can someone targeted who is only a geek be sovereign on a relatively trusted computer (ie relative free hardware from purism and free software) 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Kernelnewbies mailing list