'Make a cron job to pull from the kernel repo automatically, either
the stable kernel.org or Fedora's official repo. Then you can run
the merge_config script, and then build the kernel. Then, you can
run `update-grub` or whatever is the process.'
> I was hoping a security tool existed for that purpose. I will do with make then
'Unless for learning, why do this? Fedora maintainers do know their
stuff, so you can trust them. You are not going to audit changes
anyways, so this exercise is futile as you are basically doing the
same thing as `sudo dnf update` (or whatever the dnf command is),
but without the testing from maintainers and other people. Not to
mention the Fedora specific quirks which won't be there upstream.'
>I have chosen fedora for the relative pre built security guarantee it brings but i have reasons to believe the default quirks dont provide enough hardening for my situation. So I am now trying my best to follow and apply an official hardening guide and the kernel compiling is a part of it. For me this is a philosophical stake as much as a technical issue and an experiment: in 2023, can someone targeted who is only a geek be sovereign on a relatively trusted computer (ie relative free hardware from purism and free software)
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies