You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Conor Schaefer edited this page Aug 5, 2021
·
1 revision
The SecureDrop project uses custom kernels, patched with grsecurity, in the Workstation VMs. Use the kernel-builder repo to create new images. In order to test them, you can submit a PR to the apt-test lfs repo, or you can qvm-copy them locally into VM templates to evalute.
# in dom0, run:
qvm-copy sd-small-buster-template sd-kernel-test
# edit /etc/qubes-rpc/policy/qubes.Filecopy, adding `sd-dev @tag:sd-workstation allow`
# to the top of the file to permit copying between VMs
Then, in sd-kernel-builder:
qvm-copy linux-{image,headers}*grsec-workstation*.deb
# copy to `sd-kernel-test`
Open a terminal in sd-kernel-test, switch to ~/QubesIncoming/sd-dev/, and manually install the packages:
sudo dpkg -i *.deb
If you did not build a new version of the securedrop-workstation-grsec metapackage, from the packaging repo, then you'll have to edit the grub settings manually. Still in sd-kernel-test:
# edit /etc/default/grub, changing the version string of the kernel in `GRSEC_VERSION=`, then run:
sudo update-grub
Reboot sd-kernel-test, open a terminal, and confirm the new kernel is running via uname -a. If so, you should be ready to proceed with sending to apt-test and performing full functional review on a dev or staging env.