[Arm-dev] testing updated kernels - feedback wanted !

Thu Feb 4 07:39:22 UTC 2016
Fabian Arrotin <arrfab at centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 25/01/16 17:29, Fabian Arrotin wrote:
> Hi,
> 
> With the recent CVE-2016-0728, I was quickly having a look at
> updating the different kernels we ship through the official
> images. Actually we only have two kernels : - what I'd call the
> "generic" one (that can be used on multiple boards directly, and
> following the Fedora upstream kernel) - the raspberrypi2 variant
> (built from sources located at 
> https://github.com/raspberrypi/linux)
> 
> I've built (and tested locally those myself) the following updated 
> kernels (including patches for CVE-2016-0728) : -
> kernel-4.3.3-200.el7.armv7hl.rpm (updating 
> kernel-4.2.3-200.el7.armv7hl.rpm) -
> raspberrypi2-kernel-4.1.16-v7+.1.20160125gitab2b2e0.el7.armv7hl.rpm
>
> 
(for rpi2, obviously, updating
> raspberrypi2-kernel-4.1.11-v7+.1.20151021git4047fe2.el7.armv7hl.rpm)
>
>  One important thing is that actually we still lack an automatic
> update process, something I'd like to work (with you ?) in the
> following days/weeks. But you can already test the updated/unsigned
> kernels (feedback wanted !)
> 
> - create the /etc/yum.repos.d/ .repo file pointing to
> corresponding repo, depending on your board : -
> http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/ -
> http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ as an
> example, here is how it would look like :
> 
> [kernel-generic] name=armhfp kernel generic 
> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/
>
> 
gpgcheck=0
> enabled=1
> 
> or
> 
> [kernel-rpi2] name=armhfp rpi2 kernel 
> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ 
> gpgcheck=0 enabled=1
> 
> - now "yum clean all ; yum update"
> 
> - as the current call to "/bin/kernel-install add" (from systemd 
> shipped with CentOS 7) doesn't cover - in the whole chain- armhfp,
> one then needs to build the initramfs + modify boot config
> 
> rpi2 : - dracut
> /boot/initramfs-4.1.16-v7+.1.20160125gitab2b2e0.el7.img 
> 4.1.16-v7+.1.20160125gitab2b2e0.el7 - systemctl reboot
> 
> generic : - dracut /boot/initramfs-4.3.3-200.el7.armv7hl.img 
> 4.3.3-200.el7.armv7hl - edit /boot/extlinux.conf to modify the
> kernel/initrd - systemctl reboot
> 
> Thanks for the testers, and after we can edit the wiki page, and
> start working on a script that would automate all that.
> 
> Cheers,

Just wondering if someone had time to check/test this ?

- -- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlazACoACgkQnVkHo1a+xU43qACggqvgfMki1K/MEEuvigl87NhR
RZkAniA03+WN1qj8TIqc9nK/SiT3lJtV
=PyEl
-----END PGP SIGNATURE-----