Ivan Glushkov wrote: > I want to compile the newest (2.6.21.5) kernel on my Debian lenny
This is a little dated now that Etch has released, it was written for Sarge, but it is still very good recommended reading for building kernels on Debian. I offer it as additional reference. http://newbiedoc.sourceforge.net/system/kernel-pkg.html > Centrino laptop. In http://kernel-handbook.alioth.debian.org (2.2) is > stated that the kernel offered in Debian repository is: > > "obtained by taking the source from linux-major_version.orig.tar.gz > (that is, pristine kernel source, processed by the prune-non-free > script) and applying a set of Debian patches. These patches typically > implement essential fixes for serious bugs and security holes." > > Are the essential fixes supplied by the debian patches the same as the > kernel.org ones, Generally the patches indicated there are security fixes into the stable kernel. The stable kernel in Etch is now at 2.6.18 and will remain so throughout the stable release lifetime. As critical problems are found they will be added as patches to that kernel. For the most part if you are building the very latest pristine kernel from kernel.org then you won't need the Debian security patches because they would mostly be already in the new kernel. However Debian patches have in the past also included new features that were not in the mainstream kernel.org kernel. Usually they appeared in other well known kernel branches. For example previous Debian patches included the ability to use a compressed initrd (initial ramdisk) at boot time. This is now standard in the upstream kernel.org kernel. I am not current on the present state of the Debian patches and so can't comment on whether a particular feature you need will be there or not. You might as well try it and worry about it only if it fails for you. For example, IIRC and other caveats since I am not current on this info, the encrypted filesystem supported was previously supplied as patched modules loaded in the initrd. This required both an mkinitrd that was programmed with the knowledge of encrypted filesystems and the modules to be present for that kernel. If special patched features such as these were used then trying to boot a kernel without the patched in support for that feature would fail. But for a fairly generic system with a fairly generic installation a pristine kernel.org kernel can certainly be compiled without any patches and work fine. A large population of Linux users only use upstream kernels from kernel.org. The summary of my comments is that generally the pristine kernel.org kernel should always be okay. Unless you are using a special feature that has been added in as a patch in which case you will need that feature patched in of course. > or it is simply coincidence that the latest version number of the > kernel.org kernel (2.6.21.5) and the debian one (2.6.21-5) are the > same? And if not, can I apply them to my kernel.org kernel? In most cases you should be able apply the Debian patches directly to the kernel.org kernel. Since the patch tree that you are looking at is matching the kernel version it should be okay. > In the end which approach will give me the kernel with the latest > security patches? Today? Tomorrow? Or next week? If you build your own kernel from the upstream sources *you* become the distributor of it and will need to keep aware of security issues relating to it. The security of the kernel is directly dependent of your ability to keep aware of issues and to react to them. For concerns about security I recommend the Debian Stable kernel currently Etch. This is 2.6.18 in Etch and it includes security upgrades as they become available. This provides a large benefit because of the shared team of people who help out with that kernel. Bob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
