Skip to content

Add support for 6.18.* kernels (for Debian 13 VMs in SecureDrop Workstation)#83

Merged
legoktm merged 5 commits into
mainfrom
support_6-18
Jun 18, 2026
Merged

Add support for 6.18.* kernels (for Debian 13 VMs in SecureDrop Workstation)#83
legoktm merged 5 commits into
mainfrom
support_6-18

Conversation

@zenmonkeykstop

@zenmonkeykstop zenmonkeykstop commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor
  • Adds support for 6.18.* package builds while maintaining 6.6.* support for server kernels, by having a separate debian/rules file
  • updates build container to trixie

test plan

  • securedrop-core-6.6, securedrop-workstation-6.6, and securedrop-workstation-6.18 targets complete successfully
  • packages built by securedrop-workstation-6.18 are installable in a trixie VM in qubes.
  • 6.18.34 grsec kernel boots and passes paxtest and meltdown.sh tests.

@zenmonkeykstop
Add support for trixie workstation (6.18.*) kernel
79bcd2d 
- update kernel build process for 6.18.* series
- Update build container to trixie
- Add separate debian/rules files for 6.6 and 6.18
- Set debhelper-compat version in control
@zenmonkeykstop zenmonkeykstop marked this pull request as draft June 9, 2026 19:27
@zenmonkeykstop

zenmonkeykstop commented Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

(Flipping to draft while I check that the built kernels work nicely.)

@zenmonkeykstop

zenmonkeykstop commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

With the debian/kconfig fix in rules, 6.18 kernel packages:

  • build correctly
  • are installable in a PVH trixie qube
  • can be booted from in said qube
  • and pass paxtest and meltdown checks.

Flipping to RfR, and I'm also going to upload an initial 6.18 kernel to apt-test to unblock other Trixie support work.

@zenmonkeykstop zenmonkeykstop marked this pull request as ready for review June 16, 2026 18:01
@zenmonkeykstop zenmonkeykstop moved this to Ready For Review in SecureDrop Jun 16, 2026
@zenmonkeykstop zenmonkeykstop marked this pull request as draft June 16, 2026 22:36
@zenmonkeykstop zenmonkeykstop marked this pull request as ready for review June 16, 2026 22:36
@nathandyer nathandyer requested a review from legoktm June 17, 2026 16:11
@legoktm legoktm moved this from Ready For Review to Under Review in SecureDrop Jun 18, 2026
legoktm
legoktm approved these changes Jun 18, 2026
View reviewed changes

@legoktm legoktm left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kernels are working, build verbosity is fixed, LGTM. I have a few things I found for improving kernel hardening flags but that's a pre-existing issue and the server will also benefit so I'll file that separately.

@legoktm legoktm added this pull request to the merge queue Jun 18, 2026
Merged via the queue into main with commit 5ae93c6 Jun 18, 2026
14 checks passed
@github-project-automation github-project-automation Bot moved this from Under Review to Done in SecureDrop Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@legoktm legoktm legoktm approved these changes

Assignees

@legoktm legoktm

Labels

None yet

Projects

SecureDrop
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zenmonkeykstop @legoktm