>> > Hi, sorry to jump into the thread this late, I didn't follow the beginning. > You can save yourself quite a bit of hassle by downloading the upstream > up-to-date vanilla kernel 4.15-rc9 and compile that with Unstable gcc-7. > All you need is there already and you will get as good a mitigation for > Spectre as one can get right now.
Is the 7.2 kernel in sid gcc 7 really gassed up enough to compile the spectre fix in a way that the meltdown-spectre checker will say that the compiler used was adequate to make the kernel fix work properly? A backport from GCC 8 to 7 has to be made to make it work - I thought this was only done in 7.3....... Is the sid gcc now 7.3 as someone said earlier even though it says it is 7.2? I don't want to have to uninstall gcc 8 only to have to reinstall it again. MF > After configuration you can use the build target "make bindeb-pkg" or use > the "make-kpkg" command from kernel-package (to be installed and > configured, the doc will guide you). > Also you need basic build environment, and "libelf-dev" if you choose the > ORC unwinder. For the build environment look at kernel-package dependencies. > > If you want to stay mainly in Testing but cherry pick Unstable packages > (and benefit from apt/aptitude dependencies resolution) you can look into > apt-pinning, giving Unstable package a priority of 101 should do the trick, > something like: > > Package: * > Pin: release a=unstable > Pin-Priority: 101 > > in /etc/apt/preferences, coupled with: > > APT::Default-Release "buster"; > > in /etc/apt/apt.conf > > > I would not pull critical packages from experimental unless it is > absolutely necessary, dragons are lurking in there. > > Hope it helps. > >
