Maybe tomorrow. More likely Monday. I have been crunching on the paid work.... :) On 02/04/2016 02:39 AM, Fabian Arrotin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 25/01/16 17:29, Fabian Arrotin wrote: >> Hi, >> >> With the recent CVE-2016-0728, I was quickly having a look at >> updating the different kernels we ship through the official >> images. Actually we only have two kernels : - what I'd call the >> "generic" one (that can be used on multiple boards directly, and >> following the Fedora upstream kernel) - the raspberrypi2 variant >> (built from sources located at >> https://github.com/raspberrypi/linux) >> >> I've built (and tested locally those myself) the following updated >> kernels (including patches for CVE-2016-0728) : - >> kernel-4.3.3-200.el7.armv7hl.rpm (updating >> kernel-4.2.3-200.el7.armv7hl.rpm) - >> raspberrypi2-kernel-4.1.16-v7+.1.20160125gitab2b2e0.el7.armv7hl.rpm >> >> > (for rpi2, obviously, updating >> raspberrypi2-kernel-4.1.11-v7+.1.20151021git4047fe2.el7.armv7hl.rpm) >> >> One important thing is that actually we still lack an automatic >> update process, something I'd like to work (with you ?) in the >> following days/weeks. But you can already test the updated/unsigned >> kernels (feedback wanted !) >> >> - create the /etc/yum.repos.d/ .repo file pointing to >> corresponding repo, depending on your board : - >> http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/ - >> http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ as an >> example, here is how it would look like : >> >> [kernel-generic] name=armhfp kernel generic >> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/ >> >> > gpgcheck=0 >> enabled=1 >> >> or >> >> [kernel-rpi2] name=armhfp rpi2 kernel >> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ >> gpgcheck=0 enabled=1 >> >> - now "yum clean all ; yum update" >> >> - as the current call to "/bin/kernel-install add" (from systemd >> shipped with CentOS 7) doesn't cover - in the whole chain- armhfp, >> one then needs to build the initramfs + modify boot config >> >> rpi2 : - dracut >> /boot/initramfs-4.1.16-v7+.1.20160125gitab2b2e0.el7.img >> 4.1.16-v7+.1.20160125gitab2b2e0.el7 - systemctl reboot >> >> generic : - dracut /boot/initramfs-4.3.3-200.el7.armv7hl.img >> 4.3.3-200.el7.armv7hl - edit /boot/extlinux.conf to modify the >> kernel/initrd - systemctl reboot >> >> Thanks for the testers, and after we can edit the wiki page, and >> start working on a script that would automate all that. >> >> Cheers, > Just wondering if someone had time to check/test this ? > > - -- > Fabian Arrotin > The CentOS Project | http://www.centos.org > gpg key: 56BEC54E | twitter: @arrfab > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlazACoACgkQnVkHo1a+xU43qACggqvgfMki1K/MEEuvigl87NhR > RZkAniA03+WN1qj8TIqc9nK/SiT3lJtV > =PyEl > -----END PGP SIGNATURE----- > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org > https://lists.centos.org/mailman/listinfo/arm-dev >