[Arm-dev] testing updated kernels - feedback wanted !

Mon Feb 22 16:18:38 UTC 2016
Fabian Arrotin <arrfab at centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/02/16 17:14, johan.vermeulen7 at telenet.be wrote:
> 
> 
> ----- Oorspronkelijk bericht ----- Van: "Fabian Arrotin"
> <arrfab at centos.org> Aan: arm-dev at centos.org Verzonden: Donderdag 4
> februari 2016 08:39:22 Onderwerp: Re: [Arm-dev] testing updated
> kernels - feedback wanted !
> 
> On 25/01/16 17:29, Fabian Arrotin wrote:
>> Hi,
> 
>> With the recent CVE-2016-0728, I was quickly having a look at 
>> updating the different kernels we ship through the official 
>> images. Actually we only have two kernels : - what I'd call the 
>> "generic" one (that can be used on multiple boards directly, and 
>> following the Fedora upstream kernel) - the raspberrypi2 variant 
>> (built from sources located at 
>> https://github.com/raspberrypi/linux)
> 
>> I've built (and tested locally those myself) the following
>> updated kernels (including patches for CVE-2016-0728) : - 
>> kernel-4.3.3-200.el7.armv7hl.rpm (updating 
>> kernel-4.2.3-200.el7.armv7hl.rpm) - 
>> raspberrypi2-kernel-4.1.16-v7+.1.20160125gitab2b2e0.el7.armv7hl.rpm
>
>> 
> 
> (for rpi2, obviously, updating
>> raspberrypi2-kernel-4.1.11-v7+.1.20151021git4047fe2.el7.armv7hl.rpm)
>
>>  One important thing is that actually we still lack an automatic 
>> update process, something I'd like to work (with you ?) in the 
>> following days/weeks. But you can already test the
>> updated/unsigned kernels (feedback wanted !)
> 
>> - create the /etc/yum.repos.d/ .repo file pointing to 
>> corresponding repo, depending on your board : - 
>> http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/ - 
>> http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ as an 
>> example, here is how it would look like :
> 
>> [kernel-generic] name=armhfp kernel generic 
>> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/
>
>> 
> 
> gpgcheck=0
>> enabled=1
> 
>> or
> 
>> [kernel-rpi2] name=armhfp rpi2 kernel 
>> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
>>  gpgcheck=0 enabled=1
> 
>> - now "yum clean all ; yum update"
> 
>> - as the current call to "/bin/kernel-install add" (from systemd
>>  shipped with CentOS 7) doesn't cover - in the whole chain-
>> armhfp, one then needs to build the initramfs + modify boot
>> config
> 
>> rpi2 : - dracut 
>> /boot/initramfs-4.1.16-v7+.1.20160125gitab2b2e0.el7.img 
>> 4.1.16-v7+.1.20160125gitab2b2e0.el7 - systemctl reboot
> 
>> generic : - dracut /boot/initramfs-4.3.3-200.el7.armv7hl.img 
>> 4.3.3-200.el7.armv7hl - edit /boot/extlinux.conf to modify the 
>> kernel/initrd - systemctl reboot
> 
>> Thanks for the testers, and after we can edit the wiki page, and 
>> start working on a script that would automate all that.
> 
>> Cheers,
> 
> Just wondering if someone had time to check/test this ?
> 
> Hello All,
> 
> I'm behind Rasberry Pi2 Model B /Centos for the first time, and 
> trying to test this.
> 
> uname -a [root at rpi2 yum.repos.d]# uname -a Linux rpi2 4.1.11-v7+
> #822 SMP PREEMPT Fri Oct 23 16:22:18 BST 2015 armv7l armv7l armv7l
> GNU/Linux
> 
> [root at rpi2 yum.repos.d]# vi kernel-rpi2
> 
> [kernel-rpi2] name=armhfp rpi2 kernel 
> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ 
> gpgcheck=0 enabled=1
> 
> [root at rpi2 yum.repos.d]# yum clean all Geladen plugins:
> fastestmirror Opschonen repo's:base extras updates Cleaning up
> everything Cleaning up list of fastest mirrors [root at rpi2
> yum.repos.d]# yum repolist Geladen plugins: fastestmirror base
> | 3.6 kB  00:00:00 extras
> | 2.9 kB  00:00:00 updates
> | 2.9 kB  00:00:00 (1/4): extras/7/armhfp/primary_db
> |  12 kB  00:00:00 (2/4): base/7/armhfp/group_gz
> | 154 kB  00:00:00 (3/4): updates/7/armhfp/primary_db
> | 248 kB  00:00:00 (4/4): base/7/armhfp/primary_db
> | 2.6 MB  00:00:01 Determining fastest mirrors repo id
> repo naam
> status base/7/armhfp
> CentOS-7 - Base
> 4.883 extras/7/armhfp
> CentOS-7 - Extras
> 13 updates/7/armhfp
> CentOS-7 - Updates
> 296 repolist: 5.192 [root at rpi2 yum.repos.d]# yum update Geladen
> plugins: fastestmirror base
> | 3.6 kB  00:00:00 extras
> | 2.9 kB  00:00:00 updates
> | 2.9 kB  00:00:00 Loading mirror speeds from cached hostfile No
> packages marked for update
> 
> So I think repo does not appear. What am I doing wrong?
> 
> greetings, Johan
> 

Hi Johan,

It seems that there was a layout change in the the sent mails, but if
you look at the original mail
(https://lists.centos.org/pipermail/arm-dev/2016-January/001597.html)
, you'll see :

[kernel-rpi2]
name=armhfp rpi2 kernel
baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
gpgcheck=0
enabled=1

Please not the "enabled=1" line .

Cheers,


- -- 
Fabian Arrotin
gpg key: 56BEC54E | twitter: @arrfab

- -- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlbLNN4ACgkQnVkHo1a+xU5/9ACeIeSyeDk5b8yTHk2dhVRSxdsT
n0UAniN3ABvaOaQ2Q14sbUnVVe3s2r4S
=FibO
-----END PGP SIGNATURE-----