Package Base Details: linux-clear

Git Clone URL: https://aur.archlinux.org/linux-clear.git (read-only, click to copy)
Keywords: clear clearlinux intel kernel
Submitter: metak
Maintainer: metak
Last Packager: metak
Votes: 33
Popularity: 3.73
First Submitted: 2018-01-18 21:47
Last Updated: 2019-12-13 13:53

Pinned Comments

metak commented on 2018-01-22 01:49

1. Binaries available in my repo: http://download.opensuse.org/repositories/home:/metakcahura:/kernel/Arch_Extra_standard/x86_64/
[home_metakcahura_kernel_Arch_Extra_standard]
Server = http://download.opensuse.org/repositories/home:/metakcahura:/kernel/Arch_Extra_standard/$arch

Then, import the key:
Key-ID: pacman-key --recv-keys 50AAD02AEB1F61C9
Keyfile: http://download.opensuse.org/repositories/home:/metakcahura:/kernel/Arch_Extra_standard/x86_64/home_metakcahura_kernel_Arch_Extra_standard.key
Donwload and import the key: pacman-key --add /path/to/downloaded/keyfile

Last, sign the key. pacman-key --lsign-key 50AAD02AEB1F61C9

2. After install adjust your boot cmd line. ClearLinux uses clr-boot-manager which takes care of that. This is upstream default:
quiet console=tty0 console=ttyS0,115200n8 cryptomgr.notests initcall_debug intel_iommu=igfx_off kvm-intel.nested=1 no_timer_check noreplace-smp page_alloc.shuffle=1 rcu_nocbs=0-64 rcupdate.rcu_expedited=1 rootfstype=ext4,btrfs,xfs tsc=reliable rw 
3. For loading unsigned modules. (nvidia, virtualbox, etc.)

If secure boot is disabled just add module.sig_unenforce boot parameter. Otherwise, you'll have to build your kernel with CONFIG_MODULE_SIG_FORCE disabled.

4. Once again (as requested) the _subarch is set to native so for anyone who is building the binaries for redistribution should set it to number corresponding to Generic-x86-64.

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 ... Next › Last »

metak commented on 2019-10-30 13:55

@tam1m That's just a packaging difference. In arch kernel there's a copy of kernel config file in -headers package. /usr/lib/modules/<kernel>/build/.config
I can add a line that copies config file like it's in clearlinux package along with enabling ikconfig.

tam1m commented on 2019-10-30 13:41

@metak Sounds good to me. Having it as a module should be enough. Also regarding this comment from the issue tracker, we don't have the /usr/lib/kernel file. At least I don't..

metak commented on 2019-10-30 12:27

@tam1m With next update I can enable CONFIG_IKCONFIG=m (as a module) and CONFIG_IKCONFIG_PROC=y? This was already brought up upstream on ClearLinux issue tracker and they decided not to enable it because not many people use this and it wastes more memory.

niklaszantner commented on 2019-10-30 12:10

@metak

You were right, thanks a lot!

tam1m commented on 2019-10-30 12:07

I think it would be good to enable CONFIG_IKCONFIG_PROC/CONFIG_IKCONFIG by default. Is that something you would consider?

metak commented on 2019-10-30 11:24

@niklaszantner Do you have sha256 and sha512 modules listed in MODULES=() in /etc/mkinitcpio.conf? If you do, try removing them as they're built into the kernel.

niklaszantner commented on 2019-10-30 11:01

Am I the only one who gets the following errors past build on install:

  -> Running build hook: [keymap]
  -> Running build hook: [encrypt]
  -> Running build hook: [resume]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> ERROR: module not found: `sha256'
==> ERROR: module not found: `sha512'
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-clear-fallback.img
==> WARNING: errors were encountered during the build. The image may not be complete.
error: command failed to execute correctly

wan109020 commented on 2019-10-26 15:57

@metak Big thanks for adding them to the package. Can now set kernel.yama.ptrace_scope=1 and apparmor is working properly. No issues encountered so far.

metak commented on 2019-10-26 14:12

@wan109020 In 5.3.7-3, I've enabled Yama, Apparmor, SELinux and TOMOYO security options just like in stock arch kernel. Please test and report.

wan109020 commented on 2019-10-26 09:47

Package works great, Just that is it possible to add Yama support? Would like to set the kernel.yama.ptrace_scope=1 as it's the Arch default. https://wiki.archlinux.org/index.php/Security#ptrace_scope

Also, chrome sandbox seems to be more powerful with Yama (chrome://sandbox)

Would also be nice to have Apparmor/SELinux support too

Thanks