-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/02/16 17:14, johan.vermeulen7 at telenet.be wrote: > > > ----- Oorspronkelijk bericht ----- Van: "Fabian Arrotin" > <arrfab at centos.org> Aan: arm-dev at centos.org Verzonden: Donderdag 4 > februari 2016 08:39:22 Onderwerp: Re: [Arm-dev] testing updated > kernels - feedback wanted ! > > On 25/01/16 17:29, Fabian Arrotin wrote: >> Hi, > >> With the recent CVE-2016-0728, I was quickly having a look at >> updating the different kernels we ship through the official >> images. Actually we only have two kernels : - what I'd call the >> "generic" one (that can be used on multiple boards directly, and >> following the Fedora upstream kernel) - the raspberrypi2 variant >> (built from sources located at >> https://github.com/raspberrypi/linux) > >> I've built (and tested locally those myself) the following >> updated kernels (including patches for CVE-2016-0728) : - >> kernel-4.3.3-200.el7.armv7hl.rpm (updating >> kernel-4.2.3-200.el7.armv7hl.rpm) - >> raspberrypi2-kernel-4.1.16-v7+.1.20160125gitab2b2e0.el7.armv7hl.rpm > >> > > (for rpi2, obviously, updating >> raspberrypi2-kernel-4.1.11-v7+.1.20151021git4047fe2.el7.armv7hl.rpm) > >> One important thing is that actually we still lack an automatic >> update process, something I'd like to work (with you ?) in the >> following days/weeks. But you can already test the >> updated/unsigned kernels (feedback wanted !) > >> - create the /etc/yum.repos.d/ .repo file pointing to >> corresponding repo, depending on your board : - >> http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/ - >> http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ as an >> example, here is how it would look like : > >> [kernel-generic] name=armhfp kernel generic >> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/ > >> > > gpgcheck=0 >> enabled=1 > >> or > >> [kernel-rpi2] name=armhfp rpi2 kernel >> baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ >> gpgcheck=0 enabled=1 > >> - now "yum clean all ; yum update" > >> - as the current call to "/bin/kernel-install add" (from systemd >> shipped with CentOS 7) doesn't cover - in the whole chain- >> armhfp, one then needs to build the initramfs + modify boot >> config > >> rpi2 : - dracut >> /boot/initramfs-4.1.16-v7+.1.20160125gitab2b2e0.el7.img >> 4.1.16-v7+.1.20160125gitab2b2e0.el7 - systemctl reboot > >> generic : - dracut /boot/initramfs-4.3.3-200.el7.armv7hl.img >> 4.3.3-200.el7.armv7hl - edit /boot/extlinux.conf to modify the >> kernel/initrd - systemctl reboot > >> Thanks for the testers, and after we can edit the wiki page, and >> start working on a script that would automate all that. > >> Cheers, > > Just wondering if someone had time to check/test this ? > > Hello All, > > I'm behind Rasberry Pi2 Model B /Centos for the first time, and > trying to test this. > > uname -a [root at rpi2 yum.repos.d]# uname -a Linux rpi2 4.1.11-v7+ > #822 SMP PREEMPT Fri Oct 23 16:22:18 BST 2015 armv7l armv7l armv7l > GNU/Linux > > [root at rpi2 yum.repos.d]# vi kernel-rpi2 > > [kernel-rpi2] name=armhfp rpi2 kernel > baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ > gpgcheck=0 enabled=1 > > [root at rpi2 yum.repos.d]# yum clean all Geladen plugins: > fastestmirror Opschonen repo's:base extras updates Cleaning up > everything Cleaning up list of fastest mirrors [root at rpi2 > yum.repos.d]# yum repolist Geladen plugins: fastestmirror base > | 3.6 kB 00:00:00 extras > | 2.9 kB 00:00:00 updates > | 2.9 kB 00:00:00 (1/4): extras/7/armhfp/primary_db > | 12 kB 00:00:00 (2/4): base/7/armhfp/group_gz > | 154 kB 00:00:00 (3/4): updates/7/armhfp/primary_db > | 248 kB 00:00:00 (4/4): base/7/armhfp/primary_db > | 2.6 MB 00:00:01 Determining fastest mirrors repo id > repo naam > status base/7/armhfp > CentOS-7 - Base > 4.883 extras/7/armhfp > CentOS-7 - Extras > 13 updates/7/armhfp > CentOS-7 - Updates > 296 repolist: 5.192 [root at rpi2 yum.repos.d]# yum update Geladen > plugins: fastestmirror base > | 3.6 kB 00:00:00 extras > | 2.9 kB 00:00:00 updates > | 2.9 kB 00:00:00 Loading mirror speeds from cached hostfile No > packages marked for update > > So I think repo does not appear. What am I doing wrong? > > greetings, Johan > Hi Johan, It seems that there was a layout change in the the sent mails, but if you look at the original mail (https://lists.centos.org/pipermail/arm-dev/2016-January/001597.html) , you'll see : [kernel-rpi2] name=armhfp rpi2 kernel baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/ gpgcheck=0 enabled=1 Please not the "enabled=1" line . Cheers, - -- Fabian Arrotin gpg key: 56BEC54E | twitter: @arrfab - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlbLNN4ACgkQnVkHo1a+xU5/9ACeIeSyeDk5b8yTHk2dhVRSxdsT n0UAniN3ABvaOaQ2Q14sbUnVVe3s2r4S =FibO -----END PGP SIGNATURE-----