- From the Red Hat Linux Bible: Fedora Core 3 disks include older kernel source code
- From The Linux Kernel Archives: http://www.kernel.org/
- From FTP sites: ftp://sunsite.unc.edu/ , ftp://tsx-11.mit.edu/
- From any Fedora or other distro download libraries; look for CD ISOs with .src in their names
- From /usr/src/<kernel_version> on your existing computer, assuming you’re going to use the kernel version that came with your distro.
Note that the cleanest source code will not be RPMs or other pre-packaged units; the cleanest source code will be raw code packaged as tarballs.
However, RPMs (etc.) sometimes contain patches your system will need (if it’s Fedora, for instance). If you get RPMs, note that you’re likely to need two files, the kernel source and the necessary header files. Tarballs will (usually) have all this already.
Also be sure you do NOT get an RPM with “patch” in the name, unless you specifically want to patch your existing kernel from an immediately previous version. Patches are much smaller, but are NOT complete kernel source code.
You should be downloading a package of about 20-40 MB.
Get the signature file and fingerprint
NOTE that you should also download the signature file along with the tarball. It will have the same name as the tarball, with .sign on the end. See The Linux Kernel Archives OpenPGP Signature (http://www.kernel.org/signature.html).
Also copy and save the key fingerprint, which will be this or similar:
Key fingerprint = C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
Note that (almost) universally, when you see a “0” it’s a zero, not the letter O (“oh”).
Get and import the kernel.org key
You must import the key. This key is available from most common PGP key servers, such as http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x517D0F0E. If you get the key from this HTML page, copy the text beginning with:
—–BEGIN PGP PUBLIC KEY BLOCK—–
and ending with:
—–END PGP PUBLIC KEY BLOCK—–
to a text file named 517D0F0E. Or, you can request it directly from the keyserver using GnuPG:
gpg –keyserver wwwkeys.pgp.net –recv-keys 0x517D0F0E
If the keyserver times out, get the key from the page linked above. Keyservers do get overwhelmed.
Then issue the command:
gpg –import 517D0F0E
Verify the signature
Use GnuPG to use the signature to verify the tarball:
gpg –verify linux-220.127.116.11.tar.gz.sign linux-18.104.22.168.tar.gz
You may get messages (or variants) like this:
gpg: Signature made Mon Oct 9 23:48:38 2000 PDT using DSA key ID 517D0F0E
gpg: Good signature from “Linux Kernel Archives Verification Key <email@example.com>”
Could not find a valid trust path to the key. Let’s see whether we
can assign some missing owner trust values.
No path leading to one of our keys found.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
For the time being, don’t worry about these. However, the last line should be something like this:
Primary key fingerprint: C75D C40A 11D7 AF88 9981 ED5B C86B A06A 517D 0F0E
This number should match the fingerprint number you saved above. If it doesn’t, stop right here and get the kernel source from some other, presumably uncompromised, location!
Download,copy or move your source code (in whatever form) into /usr/src/.
This directory is likely already to have a directory named linux! If it does, rename this directory before unpacking your tarball. Command:
tar zxvf ./linux-22.214.171.124.tar.gz #update this
#to match the version you get
Don’t forget that the tab key lets you expand a long file name without typing the whole thing. If you got a bzipped tarball rather than the usual gzipped tarball, you’ll need:
tar xvf ./linux-126.96.36.199.tar.bz2 –use-compress-program bzip2
or, more succinctly:
tar jxfv ./linux-188.8.131.52.tar.bz2
Once you’ve done this, run an ls and note the name of your new directory. Rarely it will be may be “linux;” more commonly it will be “linux-184.108.40.206”.
At this point you’ll need to create a symlink to this directory. Command:
ln -s /usr/src/linux<new version> /usr/src/linux
This isn’t mandatory; you’ll just need it to keep from going insane. For an example why, change to this directory now.